Virus detected on a non-unraid server


Recommended Posts

Hi,

 

I have found a virus on one of my servers (not a unRAID server). I scanned that server with ClamAV. Is there a package for unRAID? I just want to double check that unRAID is not infected or any container.

 

[root@voyager /]# clamscan -ri --exclude-dir=/sys
/etc/snort.d/rules/clearcenter/activex.rules: Win.Trojan.cve_2011_2657-1 FOUND
/etc/snort.d/rules/clearcenter/current_events.rules: Sanesecurity.Malware.19493.Web.UNOFFICIAL FOUND
/etc/snort.d/rules/clearcenter/deleted.rules: Html.Trojan.Blackhole-65 FOUND
/var/clearos/configuration_backup/backup-voyager_domain_nl-07-02-2018-01-50-01.tgz: Win.Trojan.cve_2011_2657-1 FOUND
/var/clearos/configuration_backup/backup-voyager_domain_nl-07-03-2018-01-50-01.tgz: Win.Trojan.cve_2011_2657-1 FOUND
/var/clearos/configuration_backup/backup-voyager_domain_nl-07-04-2018-01-50-01.tgz: Win.Trojan.cve_2011_2657-1 FOUND
/usr/lib64/gconsole/browser/omni.ja: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6771035
Engine version: 0.99.3
Scanned directories: 15192
Scanned files: 50596
Infected files: 7
Data scanned: 2910.37 MB
Data read: 2377.13 MB (ratio 1.22:1)
Time: 682.111 sec (11 m 22 s)
You have new mail in /var/spool/mail/root
[root@voyager /]# 

 

Link to comment

yes, true!

 

I found out that the first three are false positives for sure.

 

/etc/snort.d/rules/clearcenter/activex.rules: Win.Trojan.cve_2011_2657-1 FOUND
/etc/snort.d/rules/clearcenter/current_events.rules: Sanesecurity.Malware.19493.Web.UNOFFICIAL FOUND
/etc/snort.d/rules/clearcenter/deleted.rules: Html.Trojan.Blackhole-65 FOUND

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.