Anti-virus for Windows in Linux

ClamAV seems to be a wonderful freely distributed anti-virus software.

I installed it in my Linux laptop few days ago. I did the installation via yum. That was the wrong option I think. First it did not cleanly install freshclam (the program to update clamav) then I could not start the daemon clamd which when I tried to start said there was no such file. Then I came to know that I have to yum again to get the clamd program separately. Then to run the program I had to add an user and a grou names clamav and then change the owner of the files used by clamav, freshclam and clamd program to clamav. This would have been done automatically if I had done through source/RPM installation. But advantage was yum solved many of the dependency problems without me verifying and installing all the missing components. That is the main advantage of yum in Fedora linux.

After I installed it, I was curious to know if any of my files are affected by virus as I had transfered some files for the past 2 years to my system from windows systems. Hence I ran a thorough check on my laptop. This is the summary I got,

#

--------------------------------------
Scan started: Thu Jul 27 23:43:54 2006

//home/sakthi/Backup_IIT/extra/personal/photos/usa/temparchive.tar: Joke.Paranoia FOUND
ERROR: Can't open file //sys/block/hdc/queue/iosched/clear_elapsed
ERROR: Can't open file //sys/block/hda/queue/iosched/clear_elapsed
ERROR: Can't open file //sys/class/pcmcia_socket/pcmcia_socket0/card_eject
ERROR: Can't open file //sys/class/pcmcia_socket/pcmcia_socket0/card_insert
ERROR: Can't open file //sys/bus/pci/drivers/parport_pc/new_id
ERROR: Can't open file //sys/bus/pci/drivers/yenta_cardbus/new_id
ERROR: Can't open file //sys/bus/pci/drivers/ohci_hcd/new_id
ERROR: Can't open file //sys/bus/pci/drivers/ehci_hcd/new_id
ERROR: Can't open file //sys/bus/pci/drivers/shpchp/new_id
ERROR: Can't open file //sys/bus/pci/drivers/sis96x_smbus/new_id
ERROR: Can't open file //sys/bus/pci/drivers/Intel ICH Modem/new_id
ERROR: Can't open file //sys/bus/pci/drivers/Intel ICH/new_id
ERROR: Can't open file //sys/bus/pci/drivers/sis900/new_id
ERROR: Can't open file //sys/bus/pci/drivers/PCI_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/VIA_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/TRIFLEX_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/SLC90e66_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/SIS_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/SiI_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/Serverworks_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/RZ1000_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/PIIX_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/Promise_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/Promise_Old_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/ITE821x IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/HPT366_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/HPT34x_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/Cypress_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/CS5530 IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/Cyrix_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/CMD64x_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/ATIIXP_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/AMD_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/ALI15x3_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/AEC62xx_IDE/new_id
ERROR: Can't open file //sys/bus/pci/drivers/serial/new_id
ERROR: Can't open file //sys/bus/pci/drivers/i810fb/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-via/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-serverworks/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-sis/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-nvidia/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-intel/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-efficeon/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-amd64/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-amdk7/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-ati/new_id
ERROR: Can't open file //sys/bus/pci/drivers/agpgart-ali/new_id
ERROR: Can't open file //sys/bus/pci/drivers/pcieport-driver/new_id
ERROR: Can't open file //sys/devices/platform/i8042/serio1/drvctl
ERROR: Can't open file //sys/devices/platform/i8042/serio0/drvctl
//usr/share/doc/clamav-0.88.3/test/clam.exe.bz2: ClamAV-Test-File FOUND
//usr/share/doc/clamav-0.88.3/test/clam.rar: ClamAV-Test-File FOUND
//usr/share/doc/clamav-0.88.3/test/clam.cab: ClamAV-Test-File FOUND
//usr/share/doc/clamav-0.88.3/test/clam.zip: ClamAV-Test-File FOUND
//usr/share/doc/clamav-0.88.3/test/clam.exe: ClamAV-Test-File FOUND

-- summary --
Known viruses: 62917
Engine version: 0.88.3
Scanned directories: 18030
Scanned files: 160262
Infected files: 6
Data scanned: 11853.53 MB
Time: 24525.898 sec (408 m 45 s)
-------------------------------------------------------------------

Ooops......I have a virus (Joke.Paranoia) sitting in my laptop for 2 years now. A simple google search on the virus says it is not a malicious one but nevertheless creates problems for windows desktop by creating a mock desktop and playing with a flying start button. If you see the file which was infected is in backup_IIT directory; which I created and copied from a windows virus-ridden box in IITM. I have transfered files from only 3 windows systems to my system: first is Windows system in IITM, then from my windows partition in my lappy and other windows system in my lab. Last two are properly secured and so I am pretty sure that this virus was injected from the windows box in IITM which was not having a properly updated anti-virus package.

As you see in the summary the scan of my laptop started close to midnight and ended approximately after 7 hours scanning approximately 12GB files.

In this era of high cost anti-virus packs it is really good to see a free version of anti-virus and in my opinion it seems to handle most of the virus: present updated one handles 64172 virus.

There are clamav versions available for Windows and Mac. Perhaps we can try it using them and compare to see how this behaves with respect to the other available Anti-virus packages in the market.

Clamav is a command-line program. If you need a graphical front-end for the program there are few: Klamav and clamtk

Oh! I did not say anything about the errors in my scan log file: the errors are normal those files can not be read even by root and it can only be appended. Regarding "ClamAV-Test-File FOUND", do not worry that is just a test file.