Hi,
I have the below details
[root@ clamav]# clamscan --version
*ClamAV 0.100.2/25267/Fri Jan 4 06:17:25 2019*
[root@ clamav]# rpm -qa | grep clamav
clamav-filesystem-0.100.2-2.el7.noarch
clamav-update-0.100.2-2.el7.x86_64
clamav-0.100.2-2.el7.x86_64
clamav-lib-0.100.2-2.el7.x86_64
[root@ clamav]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@ clamav]# freshclam
ClamAV update process started at Fri Jan 4 12:25:08 2019
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
daily.cld is up to date (version: 25267, sigs: 2197794, f-level: 63,
builder: raynman)
bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder:
neo)
[root@ clamav]#
when i am running clamscan
#clamscan --infected --recursive /
/var/lib/clamav/rfxn.hdb:
YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
/var/lib/clamav/rfxn.ndb:
YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
/var/lib/clamav/rfxn.yara: {HEX}php.gzbase64.inject.452.UNOFFICIAL FOUND
[root@ clamav]# pwd
/var/lib/clamav
[root@ clamav]# ls -ltrh
total 268M
-rw-r--r--. 1 clamupdate clamupdate 113M Dec 13 02:31 main.cvd
-rw-r--r--. 1 clamupdate clamupdate 990K Jan 2 18:00 bytecode.cld
-rw-r--r--. 1 root root 441K Jan 4 03:52 rfxn.ndb
-rw-r--r--. 1 root root 828K Jan 4 03:52 rfxn.hdb
-rw-r--r--. 1 root root 400K Jan 4 03:52 rfxn.yara
-rw-r--r--. 1 clamupdate clamupdate 153M Jan 4 09:00 daily.cld
-rw-------. 1 clamupdate clamupdate 520 Jan 4 12:21 mirrors.dat
[root@ clamav]#
Is the CentOS Linux release 7.3.1611 (Core) server infected with Malware?
Please suggest. Thanks in Advance.
Best Regards,
Kaushal
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
