Jump to content
MvL

Virus detected on a non-unraid server

4 posts in this topic Last Reply

Recommended Posts

Hi,

 

I have found a virus on one of my servers (not a unRAID server). I scanned that server with ClamAV. Is there a package for unRAID? I just want to double check that unRAID is not infected or any container.

 

[root@voyager /]# clamscan -ri --exclude-dir=/sys
/etc/snort.d/rules/clearcenter/activex.rules: Win.Trojan.cve_2011_2657-1 FOUND
/etc/snort.d/rules/clearcenter/current_events.rules: Sanesecurity.Malware.19493.Web.UNOFFICIAL FOUND
/etc/snort.d/rules/clearcenter/deleted.rules: Html.Trojan.Blackhole-65 FOUND
/var/clearos/configuration_backup/backup-voyager_domain_nl-07-02-2018-01-50-01.tgz: Win.Trojan.cve_2011_2657-1 FOUND
/var/clearos/configuration_backup/backup-voyager_domain_nl-07-03-2018-01-50-01.tgz: Win.Trojan.cve_2011_2657-1 FOUND
/var/clearos/configuration_backup/backup-voyager_domain_nl-07-04-2018-01-50-01.tgz: Win.Trojan.cve_2011_2657-1 FOUND
/usr/lib64/gconsole/browser/omni.ja: Sanesecurity.Foxhole.Zip_Js_Js.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6771035
Engine version: 0.99.3
Scanned directories: 15192
Scanned files: 50596
Infected files: 7
Data scanned: 2910.37 MB
Data read: 2377.13 MB (ratio 1.22:1)
Time: 682.111 sec (11 m 22 s)
You have new mail in /var/spool/mail/root
[root@voyager /]# 

 

Share this post


Link to post

yes, true!

 

I found out that the first three are false positives for sure.

 

/etc/snort.d/rules/clearcenter/activex.rules: Win.Trojan.cve_2011_2657-1 FOUND
/etc/snort.d/rules/clearcenter/current_events.rules: Sanesecurity.Malware.19493.Web.UNOFFICIAL FOUND
/etc/snort.d/rules/clearcenter/deleted.rules: Html.Trojan.Blackhole-65 FOUND

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now