leonep
Joined: 31 May 2018 |
Posts: 2 |
|
|
 |
Posted: Thu May 31, 2018 8:34 am |
|
 |
 |
 |
 |
Everyday my daily scan report me :
/home/USER/logs/USER.org-May-2018.gz: {HEX}php.malware.magento.588.UNOFFICIAL FOUND
/home/USER/logs/USER.org-May-2018.gz: Removed.
/home/USER/logs/USER.it-May-2018.gz: {HEX}php.malware.magento.588.UNOFFICIAL FOUND
/home/USER/logs/USER.it-May-2018.gz: Removed.
----------- SCAN SUMMARY -----------
Known viruses: 6544637
Engine version: 0.99.4
Scanned directories: 58793
Scanned files: 564986
Infected files: 2
Data scanned: 59258.29 MB
Data read: 58805.30 MB (ratio 1.01:1)
Time: 28593.130 sec (476 m 33 s)
centos 6.9 , cpanel/whm 70
please i need help or documentation to remove it
thanks
|
|
GuitarBob
Joined: 09 Jul 2006 |
Posts: 4552 |
Location: USA |
|
 |
Posted: Thu May 31, 2018 3:09 pm |
|
 |
 |
 |
 |
First, make sure this zipped file contains a virus. If you can locate the file, upload it to Virus Total and see what about 50 AVs (including our Clam AV engine) detect. If only Clam AV and a few other AVs detect it, it is probably a false positive. Virus Total should send false positive files to the AV companies so they can correct their signatures. I like to see at least 2 of these AVs detect a file: Avira, Bitdefender, Eset Nod 32, Kaspersky, and Sophos.
If the file is infected, use another AV to detect/remove it. You should be using another AV with ClamWin as your primary AV because ClamWin does not provide real-time protection. One of these free AVs will provide good detection/removal: Malwarebytes Free, Zemana Antimalware Free, Forticlient's Fortinet AV, Emsisoft Antimalware, or Windows Defender (Security Essentials on older computers). MBAM/Zemana/Emsisoft have a free trial, and Forticlient/Windows Defender are free anyway. If the AV can not detect/remove a virus, get into Windows Safe Mode (get Safe Mode instructions on the web) and then run another scan. Not all AVs will work in Safe Mode.
If no results, try deleting the file manually from the Windows Explorer right context menu if you can find it.
If the file is infected, there might be a registry entry (or even another malware) that sets it up each time you turn on the computer. One of the AVs mentioned above should take care of this for you.
Let us know how it goes.
Regards,
|
|
leonep
Joined: 31 May 2018 |
Posts: 2 |
|
|
 |
Posted: Fri Jun 01, 2018 10:14 am |
|
 |
 |
 |
 |
unfortunatly this is not a desktop pc it is a production server .
But you're right i must check if is a false positive before delete
So i change option to clamscan (--remove=no) and i do not delete file containing virus
tomorrow after daily process i will check
thanks
|
|
GuitarBob
Joined: 09 Jul 2006 |
Posts: 4552 |
Location: USA |
|
 |
Posted: Fri Jun 01, 2018 10:28 pm |
|
 |
 |
 |
 |
Okay. For production use, you should be using a real-time AV as primary. ClamWin can serve as a backup, but it does not have enough signatures for the types/number of viruses that you are likely to encounter in a production environment.
Regards,
|
|
GuitarBob
Joined: 09 Jul 2006 |
Posts: 4552 |
Location: USA |
|
 |
Posted: Mon Jun 18, 2018 4:12 pm |
|
 |
 |
 |
 |
The signature is an "unofficial" one that was not developed by the Clam AV team, so it is highly suspect as being a bad signature. Do you develop your own signatures? If so, you might want to remove it. If there is a real virus in a Gzip file, it is probably not dangerous until the file is unzipped an executed.
Regards,
|
|
petrprism
Joined: 26 Jun 2018 |
Posts: 1 |
Location: unitedstates |
|
 |
Posted: Tue Jun 26, 2018 8:57 pm |
|
 |
 |
 |
 |
If this type of scan summary you are getting by your antivirus then the antivirus which you are using is not working properly if you want real virus protection then use https://supportprop58.com/microsoft-office-support/ essential antivirus so that your system will be protected from the virus.
|
|