From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RKUrr-00038b-53 for garchives@archives.gentoo.org; Sun, 30 Oct 2011 12:52:11 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 00A9821C075; Sun, 30 Oct 2011 12:51:51 +0000 (UTC) Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by pigeon.gentoo.org (Postfix) with ESMTP id E56C721C05C for ; Sun, 30 Oct 2011 12:50:54 +0000 (UTC) Received: by wwg7 with SMTP id 7so655600wwg.10 for ; Sun, 30 Oct 2011 05:50:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=sD989c6TcsqDdJ+Wb0Q7WoUmhF3RQmcTzg1b6ylUFJA=; b=JPtPiBjE2cRvt4L7w5XsNs7Dsf1ugL/UDFbrSD6/ZJasSA48yIDk2FhymCqPN0Mc0V zEUPG+KDy0Lik76miaeQe/ivAHaeZa6o8kisJrIZLbPIrfycM7JopVDNySaOzoLUB6ro uU5aDW9/U6cJDGBcfUuYaDdaf6gtM4g6rELHw= Received: by 10.227.60.131 with SMTP id p3mr14681680wbh.4.1319979054114; Sun, 30 Oct 2011 05:50:54 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id fw16sm26525763wbb.13.2011.10.30.05.50.52 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 30 Oct 2011 05:50:53 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Which desktop antivirus? Date: Sun, 30 Oct 2011 12:50:49 +0000 User-Agent: KMail/1.13.7 (Linux/3.0.6-gentoo; KDE/4.6.5; x86_64; ; ) References: <201110221227.43568.michaelkintzios@gmail.com> <201110291940.52957.michaelkintzios@gmail.com> In-Reply-To: <201110291940.52957.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart8154624.Bk1vbgRzdR"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201110301250.51263.michaelkintzios@gmail.com> X-Archives-Salt: X-Archives-Hash: 2873c859455dff63769c7c917754e26b --nextPart8154624.Bk1vbgRzdR Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Saturday 29 Oct 2011 19:40:49 Mick wrote: > On Saturday 29 Oct 2011 19:25:00 Pandu Poluan wrote: > > On Oct 30, 2011 1:15 AM, "Mick" wrote: > > > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO. > >=20 > > If pagefile.sys is detected as a malware, most likely the actual malware > > was once loaded into (Windows XP's) memory got swapped, and avast! pick= ed > > up its remnant. Loaded into memory doesn't mean that the malware was > > active, if the Windows XP was equipped with a good antivirus. >=20 > Interesting! The WinXP has Microsoft Security Essentials on it. I'll ask > my wife if it picked up anything lately. She can't recall any MSE reports of malware. I did check the WinXP fs for = all=20 the files and registry entries that this trojan is meant to create and none= =20 were present. Then I've zero'ed the pagefile and a second scan did not fla= g=20 anything up. I also checked for a reported trojan in a Windows 7 vdi file (in virtualbox= ). =20 Nothing found there either. I am tempted to think that avast! is rather=20 super-sensitive. However, avast! also picked up some php files from a back= ed=20 up website - so this may be a worthwhile find. Anyway, I can't make it integrate with kmail which was the original user=20 requirement. Tried this script but the kmail Antivirus Wizard will not pic= k=20 it up: http://forum.avast.com/index.php?topic=3D17898.0 So I am now heading for clamav to see how that works with a Linux desktop. =2D-=20 Regards, Mick --nextPart8154624.Bk1vbgRzdR Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk6tSCsACgkQVTDTR3kpaLZRZgCg0Q6bCdU83bEwBom0Vv6qdwkJ axsAnjuJgeWOPLAz0QEyVzH122Eu4rZ7 =lbRb -----END PGP SIGNATURE----- --nextPart8154624.Bk1vbgRzdR--