Ubuntu

ClamAV virus scan unable to quanrantine or delete problem files

Asked by Michael Lynch

I just ran a virus scan using ClamAV and ClamTK, in Ubuntu 13.10. About 45 possible problem files were found (an unusually high number), but most of them were related to Wine. I was able to delete or quarantine most of these files, but there are nine of them that will not move (I have tried deleting and quarantining them, to no avail).

Eight of these files are related to Wine: Six of them are /usr/lib/i386-linux-gnu/wine/fakedlls/* ("Status" is PUA.Win32.Packer.Private ExeProte-7) and two of them are /usr/share/wine/gecko/wine_gecko-1.4-x86.msi (or x86-64.msi). There is also one with status PUA.Script.Packed-1, usr/lib/ruby/1.91./rdoc/generator/template/darkfish/js/thickbox-compressed.js).

How can I safely remove or quarantine these files (and do I need to do so -- I'm curious about the "darkfish" one) if ClamAV won't allow me?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Dave M
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

If you run clamtk with gksudo you should be able to manipulate the files.

Revision history for this message
Michael Lynch (lynchm0965) said : 		#2

That did not seem to work. I opened terminal and typed gksudo clamtk; it opened the ClamTk window; I tried to repeat yesterday's scan; and after about 2 seconds it told me that it found no errors. Did not seem to even scan anything, from what I could tell.

Revision history for this message
Best Dave M (dave-nerd) said : 		#3

Hi,

First, you cannot delete those because you were not doing it as root. Remember that running as root could be dangerous, so be careful with that, as you could delete important files.

More importantly, you have PUA scanning enabled - which does *not* mean there is a security risk per se. Prior to deleting anything detected as a PUA, you should get a second opinion but using the Analysis option and sending it to Virustotal, or by just doing some general research first. You could end up deleting an important file otherwise.

I recommend not using the PUA at all, or at least taking its results with a grain of salt.

Thanks,
Dave M

Revision history for this message
Michael Lynch (lynchm0965) said : 		#4

Thanks Dave M, that solved my question.