ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
php.malware.magento.588.UNOFFICIAL FOUND can'remove
leonep


Joined: 31 May 2018
Posts: 2
Reply with quote
Everyday my daily scan report me :

/home/USER/logs/USER.org-May-2018.gz: {HEX}php.malware.magento.588.UNOFFICIAL FOUND
/home/USER/logs/USER.org-May-2018.gz: Removed.
/home/USER/logs/USER.it-May-2018.gz: {HEX}php.malware.magento.588.UNOFFICIAL FOUND
/home/USER/logs/USER.it-May-2018.gz: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 6544637
Engine version: 0.99.4
Scanned directories: 58793
Scanned files: 564986
Infected files: 2
Data scanned: 59258.29 MB
Data read: 58805.30 MB (ratio 1.01:1)
Time: 28593.130 sec (476 m 33 s)

centos 6.9 , cpanel/whm 70

please i need help or documentation to remove it
thanks
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4390
Location: USA
Reply with quote
First, make sure this zipped file contains a virus. If you can locate the file, upload it to Virus Total and see what about 50 AVs (including our Clam AV engine) detect. If only Clam AV and a few other AVs detect it, it is probably a false positive. Virus Total should send false positive files to the AV companies so they can correct their signatures. I like to see at least 2 of these AVs detect a file: Avira, Bitdefender, Eset Nod 32, Kaspersky, and Sophos.

If the file is infected, use another AV to detect/remove it. You should be using another AV with ClamWin as your primary AV because ClamWin does not provide real-time protection. One of these free AVs will provide good detection/removal: Malwarebytes Free, Zemana Antimalware Free, Forticlient's Fortinet AV, Emsisoft Antimalware, or Windows Defender (Security Essentials on older computers). MBAM/Zemana/Emsisoft have a free trial, and Forticlient/Windows Defender are free anyway. If the AV can not detect/remove a virus, get into Windows Safe Mode (get Safe Mode instructions on the web) and then run another scan. Not all AVs will work in Safe Mode.

If no results, try deleting the file manually from the Windows Explorer right context menu if you can find it.

If the file is infected, there might be a registry entry (or even another malware) that sets it up each time you turn on the computer. One of the AVs mentioned above should take care of this for you.

Let us know how it goes.

Regards,
View user's profileSend private message
leonep


Joined: 31 May 2018
Posts: 2
Reply with quote
unfortunatly this is not a desktop pc it is a production server .
But you're right i must check if is a false positive before delete
So i change option to clamscan (--remove=no) and i do not delete file containing virus
tomorrow after daily process i will check

thanks
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4390
Location: USA
Reply with quote
Okay. For production use, you should be using a real-time AV as primary. ClamWin can serve as a backup, but it does not have enough signatures for the types/number of viruses that you are likely to encounter in a production environment.

Regards,
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4390
Location: USA
Reply with quote
The signature is an "unofficial" one that was not developed by the Clam AV team, so it is highly suspect as being a bad signature. Do you develop your own signatures? If so, you might want to remove it. If there is a real virus in a Gzip file, it is probably not dangerous until the file is unzipped an executed.

Regards,
View user's profileSend private message
petrprism


Joined: 26 Jun 2018
Posts: 1
Location: unitedstates
Reply with quote
If this type of scan summary you are getting by your antivirus then the antivirus which you are using is not working properly if you want real virus protection then use https://supportprop58.com/microsoft-office-support/ essential antivirus so that your system will be protected from the virus.
View user's profileSend private message
php.malware.magento.588.UNOFFICIAL FOUND can'remove
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic