From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-130446-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RKUrr-00038b-53
	for garchives@archives.gentoo.org; Sun, 30 Oct 2011 12:52:11 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 00A9821C075;
	Sun, 30 Oct 2011 12:51:51 +0000 (UTC)
Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id E56C721C05C
	for <gentoo-user@lists.gentoo.org>; Sun, 30 Oct 2011 12:50:54 +0000 (UTC)
Received: by wwg7 with SMTP id 7so655600wwg.10
        for <gentoo-user@lists.gentoo.org>; Sun, 30 Oct 2011 05:50:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=sD989c6TcsqDdJ+Wb0Q7WoUmhF3RQmcTzg1b6ylUFJA=;
        b=JPtPiBjE2cRvt4L7w5XsNs7Dsf1ugL/UDFbrSD6/ZJasSA48yIDk2FhymCqPN0Mc0V
         zEUPG+KDy0Lik76miaeQe/ivAHaeZa6o8kisJrIZLbPIrfycM7JopVDNySaOzoLUB6ro
         uU5aDW9/U6cJDGBcfUuYaDdaf6gtM4g6rELHw=
Received: by 10.227.60.131 with SMTP id p3mr14681680wbh.4.1319979054114;
        Sun, 30 Oct 2011 05:50:54 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPS id fw16sm26525763wbb.13.2011.10.30.05.50.52
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 30 Oct 2011 05:50:53 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Which desktop antivirus?
Date: Sun, 30 Oct 2011 12:50:49 +0000
User-Agent: KMail/1.13.7 (Linux/3.0.6-gentoo; KDE/4.6.5; x86_64; ; )
References: <201110221227.43568.michaelkintzios@gmail.com> <CAA2qdGV+b1Rwn549bC9gBE5oV93aShsf3_1d30PpFrkgABYz9Q@mail.gmail.com> <201110291940.52957.michaelkintzios@gmail.com>
In-Reply-To: <201110291940.52957.michaelkintzios@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart8154624.Bk1vbgRzdR";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <201110301250.51263.michaelkintzios@gmail.com>
X-Archives-Salt: 
X-Archives-Hash: 2873c859455dff63769c7c917754e26b

--nextPart8154624.Bk1vbgRzdR
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Saturday 29 Oct 2011 19:40:49 Mick wrote:
> On Saturday 29 Oct 2011 19:25:00 Pandu Poluan wrote:
> > On Oct 30, 2011 1:15 AM, "Mick" <michaelkintzios@gmail.com> wrote:
> > > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO.
> >=20
> > If pagefile.sys is detected as a malware, most likely the actual malware
> > was once loaded into (Windows XP's) memory got swapped, and avast! pick=
ed
> > up its remnant. Loaded into memory doesn't mean that the malware was
> > active, if the Windows XP was equipped with a good antivirus.
>=20
> Interesting!  The WinXP has Microsoft Security Essentials on it.  I'll ask
> my wife if it picked up anything lately.

She can't recall any MSE reports of malware.  I did check the WinXP fs for =
all=20
the files and registry entries that this trojan is meant to create and none=
=20
were present.  Then I've zero'ed the pagefile and a second scan did not fla=
g=20
anything up.

I also checked for a reported trojan in a Windows 7 vdi file (in virtualbox=
). =20
Nothing found there either.  I am tempted to think that avast! is rather=20
super-sensitive.  However, avast! also picked up some php files from a back=
ed=20
up website - so this may be a worthwhile find.

Anyway, I can't make it integrate with kmail which was the original user=20
requirement.  Tried this script but the kmail Antivirus Wizard will not pic=
k=20
it up:

   http://forum.avast.com/index.php?topic=3D17898.0

So I am now heading for clamav to see how that works with a Linux desktop.

=2D-=20
Regards,
Mick

--nextPart8154624.Bk1vbgRzdR
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEABECAAYFAk6tSCsACgkQVTDTR3kpaLZRZgCg0Q6bCdU83bEwBom0Vv6qdwkJ
axsAnjuJgeWOPLAz0QEyVzH122Eu4rZ7
=lbRb
-----END PGP SIGNATURE-----

--nextPart8154624.Bk1vbgRzdR--