Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 8 subscribers
  • Views 4166 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Viruses not cleanable on Linux (Centos)

Paul Speirs

I'm rolling out Sophos on my company network. SEC is working fine for Windows machines.

I have one test Centos machine, with Sophos installed.

The Linux machine has checked in to SEC and not reporting any issues. I've added an EICAR to the centos box, on the terminal I get the message:

 

[root@sophos-centos bin]#
[root@sophos-centos bin]# cd /etc/virus
[root@sophos-centos virus]# ll
total 16
-rw-r--r--. 1 root root 346 Dec  7 12:59 eicar2.com
-rw-r--r--. 1 root root 610 Dec  7 13:01 eicar3.com
-rw-r--r--. 1 root root 346 Dec  7 14:07 eicar4.com
-rw-r--r--. 1 root root 346 Dec  7 12:58 eicar.com
[root@sophos-centos virus]# vi eicar5.com
[root@sophos-centos virus]#
********************** Sophos Anti-Virus Alert ***********************
Threat "EICAR-AV-Test" detected in file
"/etc/virus/eicar5.com".

The file is still infected

**********************************************************************
[root@sophos-centos virus]#

SEC shows that the machine has a virus but it's not cleanable.

I've tried running a sweep locally but the files still exist.

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Can you try the following steps?

    1. Use savscan with the -remove option. As an example, from Terminal run: savscan -remove
    2. Run a scan to check that malware infected files were deleted.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    EDIT 10:49 - When I run "savscan / -remove" I got the output

    Quick Scanning

    Could not check /selinux/disable (virus scan failed)
    Could not check /selinux/commit_pending_bools (virus scan failed)
    Could not check /selinux/load (virus scan failed)
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar5.com
    Proceed with removal of /etc/virus/eicar5.com ([Y]es/[N]o/[A]ll) ? All
    Removal successful
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar.com
    Removal successful
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar4.com
    Removal successful
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar2.com
    Removal successful
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar3.com
    Removal successful
    Could not open /lib/modules/2.6.32-696.16.1.el6.x86_64/source
    Could not open /lib/modules/2.6.32-573.el6.x86_64/source

    8754 files scanned in 20 seconds.
    5 errors were encountered.
    5 viruses were discovered.
    5 files out of 8754 were infected.
    If you need further advice regarding any detections please visit our
    Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
    End of Scan.

    Is there a away to auto configure the removal of viruses?



    ------------------------------------------------------------------------------------------
    I'm afraid it didn't resolve the issue (see output below), I also tried sweep /

     

    When run sweep I get the messages:

     

    Quick Scanning

    Could not check /selinux/disable (virus scan failed)
    Could not check /selinux/commit_pending_bools (virus scan failed)
    Could not check /selinux/load (virus scan failed)
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar5.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar4.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar2.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar3.com
    Could not open /lib/modules/2.6.32-696.16.1.el6.x86_64/source
    Could not open /lib/modules/2.6.32-573.el6.x86_64/source

    8770 files scanned in 54 seconds.
    5 errors were encountered.
    5 viruses were discovered.
    5 files out of 8770 were infected.
    If you need further advice regarding any detections please visit our
    Threat Center at: www.sophos.com/.../threat-center.aspx
    End of Scan.

     

     

    -----------------------------------------------------------

    [root@sophos-centos virus]# savscan -remove
    SAVScan virus detection utility
    Version 5.38.0 [Linux/AMD64]
    Virus data version 5.46, November 2017
    Includes detection for 15340524 viruses, Trojans and worms
    Copyright (c) 1989-2017 Sophos Limited. All rights reserved.

    System time 10:13:55 AM, System date 08 December 2017
    Command line qualifiers are: -remove

    IDE directory is: /opt/sophos-av/lib/sav

    Using IDE file phis-bgq.ide
    Using IDE file pdfu-dgm.ide
    Using IDE file trick-bg.ide
    Using IDE file chmdld-k.ide
    Using IDE file pdfu-dgx.ide
    Using IDE file yakes-dw.ide
    Using IDE file rans-ern.ide
    Using IDE file docd-lff.ide
    Using IDE file lamber-a.ide
    Using IDE file docd-lce.ide
    Using IDE file delf-gjh.ide
    Using IDE file emote-js.ide
    Using IDE file age-axpl.ide
    Using IDE file injec-xg.ide
    Using IDE file mdro-iag.ide
    Using IDE file docd-lcj.ide
    Using IDE file lock-acj.ide
    Using IDE file phis-bhb.ide
    Using IDE file phis-bhf.ide
    Using IDE file inje-cuz.ide
    Using IDE file docdr-dz.ide
    Using IDE file age-axpq.ide
    Using IDE file docd-lfx.ide
    Using IDE file rans-erx.ide
    Using IDE file docd-lgb.ide
    Using IDE file age-axpt.ide
    Using IDE file wdfloa-c.ide
    Using IDE file docd-lgl.ide
    Using IDE file emote-jw.ide
    Using IDE file emote-jx.ide
    Using IDE file fare-dvh.ide
    Using IDE file delf-gjp.ide
    Using IDE file pdfu-dib.ide
    Using IDE file trick-bk.ide
    Using IDE file docd-lhg.ide
    Using IDE file docd-lhj.ide
    Using IDE file fare-dvk.ide
    Using IDE file pdfu-dix.ide
    Using IDE file fare-dvn.ide
    Using IDE file docd-lhr.ide
    Using IDE file injec-wm.ide
    Using IDE file docd-lem.ide
    Using IDE file delf-gjv.ide
    Using IDE file fare-dvr.ide
    Using IDE file msili-pe.ide
    Using IDE file chisb-tl.ide
    Using IDE file docd-lii.ide
    Using IDE file phis-bih.ide
    Using IDE file docd-lis.ide
    Using IDE file phis-bil.ide
    Using IDE file pdfu-dkb.ide
    Using IDE file fare-dvx.ide
    Using IDE file vbdro-cd.ide
    Using IDE file delf-gjl.ide
    Using IDE file injec-xv.ide
    Using IDE file pdfphi-w.ide
    Using IDE file rans-esh.ide
    Using IDE file shellt-c.ide
    Using IDE file fare-dvy.ide
    Using IDE file aimbo-ak.ide
    Using IDE file docd-liy.ide
    Using IDE file adwi-byb.ide
    Using IDE file age-axqw.ide
    Using IDE file docd-ljk.ide
    Using IDE file fare-dwd.ide
    Using IDE file emoge-do.ide
    Using IDE file docd-lkb.ide
    Using IDE file msil-kpa.ide
    Using IDE file qakbo-co.ide
    Using IDE file docd-lkj.ide
    Using IDE file dwnl-uti.ide
    Using IDE file docd-lku.ide
    Using IDE file decep-dz.ide
    Using IDE file docd-llb.ide
    Using IDE file auto-cde.ide
    Using IDE file trikb-am.ide
    Using IDE file docd-llx.ide
    Using IDE file docd-lly.ide
    Using IDE file docd-lmd.ide
    Using IDE file docd-lhz.ide
    Using IDE file age-axsa.ide
    Using IDE file zbot-lvk.ide
    Using IDE file docd-lmt.ide
    Using IDE file fare-dwi.ide
    Using IDE file docd-lmw.ide
    Using IDE file pdfu-dmk.ide
    Using IDE file docd-lin.ide
    Using IDE file decep-eb.ide
    Using IDE file age-axse.ide
    Using IDE file spy-ant.ide
    Using IDE file msil-kpo.ide
    Using IDE file fare-dwk.ide
    Using IDE file rans-esn.ide
    Using IDE file lethi-ci.ide
    Using IDE file pdfu-dmm.ide
    Using IDE file rtfdl-ct.ide
    Using IDE file docd-lne.ide
    Using IDE file fare-dwo.ide
    Using IDE file qbot-dx.ide
    Using IDE file docd-lnk.ide
    Using IDE file fare-dws.ide
    Using IDE file docd-lnp.ide
    Using IDE file msil-kps.ide
    Using IDE file nanoc-uj.ide
    Using IDE file docd-loc.ide
    Using IDE file docd-loj.ide
    Using IDE file fare-dxa.ide
    Using IDE file docd-loo.ide
    Using IDE file docd-low.ide
    Using IDE file msil-kqc.ide
    Using IDE file age-axsv.ide
    Using IDE file inje-cwt.ide
    Using IDE file docd-lpk.ide
    Using IDE file docd-lpn.ide
    Using IDE file phis-bkg.ide
    Using IDE file delf-gko.ide
    Using IDE file fare-dxc.ide
    Using IDE file docdr-bj.ide
    Using IDE file docd-lpx.ide
    Using IDE file emoge-dq.ide
    Using IDE file gozi-mp.ide
    Using IDE file age-axtf.ide
    Using IDE file docd-lpz.ide
    Using IDE file hawke-qf.ide
    Using IDE file fare-dxl.ide
    Using IDE file java-ask.ide
    Using IDE file nanoc-uo.ide
    Using IDE file msil-kqg.ide
    Using IDE file darkc-gq.ide
    Using IDE file nanoc-up.ide
    Using IDE file msil-kqh.ide
    Using IDE file phis-bko.ide
    Using IDE file darkc-gr.ide
    Using IDE file delf-gla.ide
    Using IDE file fare-dxm.ide
    Using IDE file fare-dxn.ide
    Using IDE file inje-cwu.ide
    Using IDE file chisb-tp.ide
    Using IDE file fare-dxw.ide
    Using IDE file darkc-gs.ide
    Using IDE file pdfu-dow.ide
    Using IDE file wont-act.ide
    Using IDE file darkc-gt.ide
    Using IDE file docd-lre.ide
    Using IDE file mdro-iav.ide
    Using IDE file rans-esv.ide
    Using IDE file krypt-ia.ide
    Using IDE file docd-lro.ide
    Using IDE file rans-esx.ide
    Using IDE file decep-fi.ide
    Using IDE file vbs-oz.ide
    Using IDE file fare-dyi.ide
    Using IDE file age-axta.ide
    Using IDE file chisb-tt.ide
    Using IDE file pdfu-dqg.ide
    Using IDE file injec-yy.ide
    Using IDE file age-axuj.ide
    Using IDE file age-axuk.ide
    Using IDE file vb-joz.ide
    Using IDE file delf-glh.ide
    Using IDE file rtfdl-dn.ide
    Using IDE file phis-bls.ide
    Using IDE file fare-dyk.ide
    Using IDE file pdfu-dqi.ide
    Using IDE file pdfu-dql.ide
    Using IDE file inje-cxe.ide
    Using IDE file phis-blt.ide
    Using IDE file phis-blw.ide
    Using IDE file docd-lsb.ide
    Using IDE file docd-lsk.ide
    Using IDE file delf-gli.ide
    Using IDE file pdfu-dqw.ide
    Using IDE file phis-bmd.ide
    Using IDE file rans-ete.ide
    Using IDE file tesla-dk.ide
    Using IDE file trikb-ap.ide
    Using IDE file delf-glj.ide
    Using IDE file age-axur.ide
    Using IDE file docd-ltn.ide

      Usage: savscan [options] <path1> <path2>... <pathN> [include/exclude options]
      where options are listed below.

    (For full details of all options, use savscan -h. [*]indicates option is default)

      -sc [*] -f [ ] -di [ ] -s [*] -c [*] -b [*] -all [ ] -rec [*]-remove [ ]
      -dn [ ] -ss [ ] -eec [ ] -ext=<extension>,.. -p=<file> -idedir=<directory>
      -exclude -include -v -vv -h
      -zip [ ] -gzip [ ] -arj [ ] -cmz [ ] -tar [ ] -rar [ ] -cab [ ] -archive [ ]
      -loopback [ ] -mime [ ] -oe [ ] -tnef [ ] -pua [ ] -suspicious [ ]
      --reset-atime [*] --stop-scan [*] --follow-symlinks [*]
      --stay-on-filesystem [ ] --stay-on-machine  [*] --skip-special [*]
      --backtrack-protection [*] --preserve-backtrack [*]--examine-x-bit [ ]
      --cust-extract [ ] --early-sxl [ ] --show-file-details [ ] --quarantine [ ]
      --quarantine:<uid=nnn>,<user=username>,<gid=nnn>,<group=groupname>,<mode=ppp>
      -move=<quarantine directory> [ ] -rename [ ] --args-file=<file>
      -mbr [ ] -bs=X,... [ ] -bs [ ] -cdr=X,...[ ]
    [root@sophos-centos virus]# ll
    total 20
    -rwxrwxrwx. 1 root root 346 Dec  7 12:59 eicar2.com
    -rwxrwxrwx. 1 root root 610 Dec  7 13:01 eicar3.com
    -rwxrwxrwx. 1 root root 346 Dec  7 14:07 eicar4.com
    -rwxrwxrwx. 1 root root 346 Dec  7 15:33 eicar5.com
    -rwxrwxrwx. 1 root root 346 Dec  7 12:58 eicar.com
    [root@sophos-centos virus]#

    ------------------------------------------------------------------------

     

     

    [root@sophos-centos virus]# sweep /
    SAVScan virus detection utility
    Version 5.38.0 [Linux/AMD64]
    Virus data version 5.46, November 2017
    Includes detection for 15340524 viruses, Trojans and worms
    Copyright (c) 1989-2017 Sophos Limited. All rights reserved.

    System time 10:16:20 AM, System date 08 December 2017

    IDE directory is: /opt/sophos-av/lib/sav

    Using IDE file phis-bgq.ide
    Using IDE file pdfu-dgm.ide
    Using IDE file trick-bg.ide
    Using IDE file chmdld-k.ide
    Using IDE file pdfu-dgx.ide
    Using IDE file yakes-dw.ide
    Using IDE file rans-ern.ide
    Using IDE file docd-lff.ide
    Using IDE file lamber-a.ide
    Using IDE file docd-lce.ide
    Using IDE file delf-gjh.ide
    Using IDE file emote-js.ide
    Using IDE file age-axpl.ide
    Using IDE file injec-xg.ide
    Using IDE file mdro-iag.ide
    Using IDE file docd-lcj.ide
    Using IDE file lock-acj.ide
    Using IDE file phis-bhb.ide
    Using IDE file phis-bhf.ide
    Using IDE file inje-cuz.ide
    Using IDE file docdr-dz.ide
    Using IDE file age-axpq.ide
    Using IDE file docd-lfx.ide
    Using IDE file rans-erx.ide
    Using IDE file docd-lgb.ide
    Using IDE file age-axpt.ide
    Using IDE file wdfloa-c.ide
    Using IDE file docd-lgl.ide
    Using IDE file emote-jw.ide
    Using IDE file emote-jx.ide
    Using IDE file fare-dvh.ide
    Using IDE file delf-gjp.ide
    Using IDE file pdfu-dib.ide
    Using IDE file trick-bk.ide
    Using IDE file docd-lhg.ide
    Using IDE file docd-lhj.ide
    Using IDE file fare-dvk.ide
    Using IDE file pdfu-dix.ide
    Using IDE file fare-dvn.ide
    Using IDE file docd-lhr.ide
    Using IDE file injec-wm.ide
    Using IDE file docd-lem.ide
    Using IDE file delf-gjv.ide
    Using IDE file fare-dvr.ide
    Using IDE file msili-pe.ide
    Using IDE file chisb-tl.ide
    Using IDE file docd-lii.ide
    Using IDE file phis-bih.ide
    Using IDE file docd-lis.ide
    Using IDE file phis-bil.ide
    Using IDE file pdfu-dkb.ide
    Using IDE file fare-dvx.ide
    Using IDE file vbdro-cd.ide
    Using IDE file delf-gjl.ide
    Using IDE file injec-xv.ide
    Using IDE file pdfphi-w.ide
    Using IDE file rans-esh.ide
    Using IDE file shellt-c.ide
    Using IDE file fare-dvy.ide
    Using IDE file aimbo-ak.ide
    Using IDE file docd-liy.ide
    Using IDE file adwi-byb.ide
    Using IDE file age-axqw.ide
    Using IDE file docd-ljk.ide
    Using IDE file fare-dwd.ide
    Using IDE file emoge-do.ide
    Using IDE file docd-lkb.ide
    Using IDE file msil-kpa.ide
    Using IDE file qakbo-co.ide
    Using IDE file docd-lkj.ide
    Using IDE file dwnl-uti.ide
    Using IDE file docd-lku.ide
    Using IDE file decep-dz.ide
    Using IDE file docd-llb.ide
    Using IDE file auto-cde.ide
    Using IDE file trikb-am.ide
    Using IDE file docd-llx.ide
    Using IDE file docd-lly.ide
    Using IDE file docd-lmd.ide
    Using IDE file docd-lhz.ide
    Using IDE file age-axsa.ide
    Using IDE file zbot-lvk.ide
    Using IDE file docd-lmt.ide
    Using IDE file fare-dwi.ide
    Using IDE file docd-lmw.ide
    Using IDE file pdfu-dmk.ide
    Using IDE file docd-lin.ide
    Using IDE file decep-eb.ide
    Using IDE file age-axse.ide
    Using IDE file spy-ant.ide
    Using IDE file msil-kpo.ide
    Using IDE file fare-dwk.ide
    Using IDE file rans-esn.ide
    Using IDE file lethi-ci.ide
    Using IDE file pdfu-dmm.ide
    Using IDE file rtfdl-ct.ide
    Using IDE file docd-lne.ide
    Using IDE file fare-dwo.ide
    Using IDE file qbot-dx.ide
    Using IDE file docd-lnk.ide
    Using IDE file fare-dws.ide
    Using IDE file docd-lnp.ide
    Using IDE file msil-kps.ide
    Using IDE file nanoc-uj.ide
    Using IDE file docd-loc.ide
    Using IDE file docd-loj.ide
    Using IDE file fare-dxa.ide
    Using IDE file docd-loo.ide
    Using IDE file docd-low.ide
    Using IDE file msil-kqc.ide
    Using IDE file age-axsv.ide
    Using IDE file inje-cwt.ide
    Using IDE file docd-lpk.ide
    Using IDE file docd-lpn.ide
    Using IDE file phis-bkg.ide
    Using IDE file delf-gko.ide
    Using IDE file fare-dxc.ide
    Using IDE file docdr-bj.ide
    Using IDE file docd-lpx.ide
    Using IDE file emoge-dq.ide
    Using IDE file gozi-mp.ide
    Using IDE file age-axtf.ide
    Using IDE file docd-lpz.ide
    Using IDE file hawke-qf.ide
    Using IDE file fare-dxl.ide
    Using IDE file java-ask.ide
    Using IDE file nanoc-uo.ide
    Using IDE file msil-kqg.ide
    Using IDE file darkc-gq.ide
    Using IDE file nanoc-up.ide
    Using IDE file msil-kqh.ide
    Using IDE file phis-bko.ide
    Using IDE file darkc-gr.ide
    Using IDE file delf-gla.ide
    Using IDE file fare-dxm.ide
    Using IDE file fare-dxn.ide
    Using IDE file inje-cwu.ide
    Using IDE file chisb-tp.ide
    Using IDE file fare-dxw.ide
    Using IDE file darkc-gs.ide
    Using IDE file pdfu-dow.ide
    Using IDE file wont-act.ide
    Using IDE file darkc-gt.ide
    Using IDE file docd-lre.ide
    Using IDE file mdro-iav.ide
    Using IDE file rans-esv.ide
    Using IDE file krypt-ia.ide
    Using IDE file docd-lro.ide
    Using IDE file rans-esx.ide
    Using IDE file decep-fi.ide
    Using IDE file vbs-oz.ide
    Using IDE file fare-dyi.ide
    Using IDE file age-axta.ide
    Using IDE file chisb-tt.ide
    Using IDE file pdfu-dqg.ide
    Using IDE file injec-yy.ide
    Using IDE file age-axuj.ide
    Using IDE file age-axuk.ide
    Using IDE file vb-joz.ide
    Using IDE file delf-glh.ide
    Using IDE file rtfdl-dn.ide
    Using IDE file phis-bls.ide
    Using IDE file fare-dyk.ide
    Using IDE file pdfu-dqi.ide
    Using IDE file pdfu-dql.ide
    Using IDE file inje-cxe.ide
    Using IDE file phis-blt.ide
    Using IDE file phis-blw.ide
    Using IDE file docd-lsb.ide
    Using IDE file docd-lsk.ide
    Using IDE file delf-gli.ide
    Using IDE file pdfu-dqw.ide
    Using IDE file phis-bmd.ide
    Using IDE file rans-ete.ide
    Using IDE file tesla-dk.ide
    Using IDE file trikb-ap.ide
    Using IDE file delf-glj.ide
    Using IDE file age-axur.ide
    Using IDE file docd-ltn.ide

    Quick Scanning

    Could not check /selinux/disable (virus scan failed)
    Could not check /selinux/commit_pending_bools (virus scan failed)
    Could not check /selinux/load (virus scan failed)
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar5.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar4.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar2.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar3.com
    Could not open /lib/modules/2.6.32-696.16.1.el6.x86_64/source
    Could not open /lib/modules/2.6.32-573.el6.x86_64/source

    8770 files scanned in 54 seconds.
    5 errors were encountered.
    5 viruses were discovered.
    5 files out of 8770 were infected.
    If you need further advice regarding any detections please visit our
    Threat Center at: www.sophos.com/.../threat-center.aspx
    End of Scan.
    [root@sophos-centos virus]#

Reply
  • 0 in reply to Gowtham Mani

    EDIT 10:49 - When I run "savscan / -remove" I got the output

    Quick Scanning

    Could not check /selinux/disable (virus scan failed)
    Could not check /selinux/commit_pending_bools (virus scan failed)
    Could not check /selinux/load (virus scan failed)
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar5.com
    Proceed with removal of /etc/virus/eicar5.com ([Y]es/[N]o/[A]ll) ? All
    Removal successful
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar.com
    Removal successful
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar4.com
    Removal successful
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar2.com
    Removal successful
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar3.com
    Removal successful
    Could not open /lib/modules/2.6.32-696.16.1.el6.x86_64/source
    Could not open /lib/modules/2.6.32-573.el6.x86_64/source

    8754 files scanned in 20 seconds.
    5 errors were encountered.
    5 viruses were discovered.
    5 files out of 8754 were infected.
    If you need further advice regarding any detections please visit our
    Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
    End of Scan.

    Is there a away to auto configure the removal of viruses?



    ------------------------------------------------------------------------------------------
    I'm afraid it didn't resolve the issue (see output below), I also tried sweep /

     

    When run sweep I get the messages:

     

    Quick Scanning

    Could not check /selinux/disable (virus scan failed)
    Could not check /selinux/commit_pending_bools (virus scan failed)
    Could not check /selinux/load (virus scan failed)
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar5.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar4.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar2.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar3.com
    Could not open /lib/modules/2.6.32-696.16.1.el6.x86_64/source
    Could not open /lib/modules/2.6.32-573.el6.x86_64/source

    8770 files scanned in 54 seconds.
    5 errors were encountered.
    5 viruses were discovered.
    5 files out of 8770 were infected.
    If you need further advice regarding any detections please visit our
    Threat Center at: www.sophos.com/.../threat-center.aspx
    End of Scan.

     

     

    -----------------------------------------------------------

    [root@sophos-centos virus]# savscan -remove
    SAVScan virus detection utility
    Version 5.38.0 [Linux/AMD64]
    Virus data version 5.46, November 2017
    Includes detection for 15340524 viruses, Trojans and worms
    Copyright (c) 1989-2017 Sophos Limited. All rights reserved.

    System time 10:13:55 AM, System date 08 December 2017
    Command line qualifiers are: -remove

    IDE directory is: /opt/sophos-av/lib/sav

    Using IDE file phis-bgq.ide
    Using IDE file pdfu-dgm.ide
    Using IDE file trick-bg.ide
    Using IDE file chmdld-k.ide
    Using IDE file pdfu-dgx.ide
    Using IDE file yakes-dw.ide
    Using IDE file rans-ern.ide
    Using IDE file docd-lff.ide
    Using IDE file lamber-a.ide
    Using IDE file docd-lce.ide
    Using IDE file delf-gjh.ide
    Using IDE file emote-js.ide
    Using IDE file age-axpl.ide
    Using IDE file injec-xg.ide
    Using IDE file mdro-iag.ide
    Using IDE file docd-lcj.ide
    Using IDE file lock-acj.ide
    Using IDE file phis-bhb.ide
    Using IDE file phis-bhf.ide
    Using IDE file inje-cuz.ide
    Using IDE file docdr-dz.ide
    Using IDE file age-axpq.ide
    Using IDE file docd-lfx.ide
    Using IDE file rans-erx.ide
    Using IDE file docd-lgb.ide
    Using IDE file age-axpt.ide
    Using IDE file wdfloa-c.ide
    Using IDE file docd-lgl.ide
    Using IDE file emote-jw.ide
    Using IDE file emote-jx.ide
    Using IDE file fare-dvh.ide
    Using IDE file delf-gjp.ide
    Using IDE file pdfu-dib.ide
    Using IDE file trick-bk.ide
    Using IDE file docd-lhg.ide
    Using IDE file docd-lhj.ide
    Using IDE file fare-dvk.ide
    Using IDE file pdfu-dix.ide
    Using IDE file fare-dvn.ide
    Using IDE file docd-lhr.ide
    Using IDE file injec-wm.ide
    Using IDE file docd-lem.ide
    Using IDE file delf-gjv.ide
    Using IDE file fare-dvr.ide
    Using IDE file msili-pe.ide
    Using IDE file chisb-tl.ide
    Using IDE file docd-lii.ide
    Using IDE file phis-bih.ide
    Using IDE file docd-lis.ide
    Using IDE file phis-bil.ide
    Using IDE file pdfu-dkb.ide
    Using IDE file fare-dvx.ide
    Using IDE file vbdro-cd.ide
    Using IDE file delf-gjl.ide
    Using IDE file injec-xv.ide
    Using IDE file pdfphi-w.ide
    Using IDE file rans-esh.ide
    Using IDE file shellt-c.ide
    Using IDE file fare-dvy.ide
    Using IDE file aimbo-ak.ide
    Using IDE file docd-liy.ide
    Using IDE file adwi-byb.ide
    Using IDE file age-axqw.ide
    Using IDE file docd-ljk.ide
    Using IDE file fare-dwd.ide
    Using IDE file emoge-do.ide
    Using IDE file docd-lkb.ide
    Using IDE file msil-kpa.ide
    Using IDE file qakbo-co.ide
    Using IDE file docd-lkj.ide
    Using IDE file dwnl-uti.ide
    Using IDE file docd-lku.ide
    Using IDE file decep-dz.ide
    Using IDE file docd-llb.ide
    Using IDE file auto-cde.ide
    Using IDE file trikb-am.ide
    Using IDE file docd-llx.ide
    Using IDE file docd-lly.ide
    Using IDE file docd-lmd.ide
    Using IDE file docd-lhz.ide
    Using IDE file age-axsa.ide
    Using IDE file zbot-lvk.ide
    Using IDE file docd-lmt.ide
    Using IDE file fare-dwi.ide
    Using IDE file docd-lmw.ide
    Using IDE file pdfu-dmk.ide
    Using IDE file docd-lin.ide
    Using IDE file decep-eb.ide
    Using IDE file age-axse.ide
    Using IDE file spy-ant.ide
    Using IDE file msil-kpo.ide
    Using IDE file fare-dwk.ide
    Using IDE file rans-esn.ide
    Using IDE file lethi-ci.ide
    Using IDE file pdfu-dmm.ide
    Using IDE file rtfdl-ct.ide
    Using IDE file docd-lne.ide
    Using IDE file fare-dwo.ide
    Using IDE file qbot-dx.ide
    Using IDE file docd-lnk.ide
    Using IDE file fare-dws.ide
    Using IDE file docd-lnp.ide
    Using IDE file msil-kps.ide
    Using IDE file nanoc-uj.ide
    Using IDE file docd-loc.ide
    Using IDE file docd-loj.ide
    Using IDE file fare-dxa.ide
    Using IDE file docd-loo.ide
    Using IDE file docd-low.ide
    Using IDE file msil-kqc.ide
    Using IDE file age-axsv.ide
    Using IDE file inje-cwt.ide
    Using IDE file docd-lpk.ide
    Using IDE file docd-lpn.ide
    Using IDE file phis-bkg.ide
    Using IDE file delf-gko.ide
    Using IDE file fare-dxc.ide
    Using IDE file docdr-bj.ide
    Using IDE file docd-lpx.ide
    Using IDE file emoge-dq.ide
    Using IDE file gozi-mp.ide
    Using IDE file age-axtf.ide
    Using IDE file docd-lpz.ide
    Using IDE file hawke-qf.ide
    Using IDE file fare-dxl.ide
    Using IDE file java-ask.ide
    Using IDE file nanoc-uo.ide
    Using IDE file msil-kqg.ide
    Using IDE file darkc-gq.ide
    Using IDE file nanoc-up.ide
    Using IDE file msil-kqh.ide
    Using IDE file phis-bko.ide
    Using IDE file darkc-gr.ide
    Using IDE file delf-gla.ide
    Using IDE file fare-dxm.ide
    Using IDE file fare-dxn.ide
    Using IDE file inje-cwu.ide
    Using IDE file chisb-tp.ide
    Using IDE file fare-dxw.ide
    Using IDE file darkc-gs.ide
    Using IDE file pdfu-dow.ide
    Using IDE file wont-act.ide
    Using IDE file darkc-gt.ide
    Using IDE file docd-lre.ide
    Using IDE file mdro-iav.ide
    Using IDE file rans-esv.ide
    Using IDE file krypt-ia.ide
    Using IDE file docd-lro.ide
    Using IDE file rans-esx.ide
    Using IDE file decep-fi.ide
    Using IDE file vbs-oz.ide
    Using IDE file fare-dyi.ide
    Using IDE file age-axta.ide
    Using IDE file chisb-tt.ide
    Using IDE file pdfu-dqg.ide
    Using IDE file injec-yy.ide
    Using IDE file age-axuj.ide
    Using IDE file age-axuk.ide
    Using IDE file vb-joz.ide
    Using IDE file delf-glh.ide
    Using IDE file rtfdl-dn.ide
    Using IDE file phis-bls.ide
    Using IDE file fare-dyk.ide
    Using IDE file pdfu-dqi.ide
    Using IDE file pdfu-dql.ide
    Using IDE file inje-cxe.ide
    Using IDE file phis-blt.ide
    Using IDE file phis-blw.ide
    Using IDE file docd-lsb.ide
    Using IDE file docd-lsk.ide
    Using IDE file delf-gli.ide
    Using IDE file pdfu-dqw.ide
    Using IDE file phis-bmd.ide
    Using IDE file rans-ete.ide
    Using IDE file tesla-dk.ide
    Using IDE file trikb-ap.ide
    Using IDE file delf-glj.ide
    Using IDE file age-axur.ide
    Using IDE file docd-ltn.ide

      Usage: savscan [options] <path1> <path2>... <pathN> [include/exclude options]
      where options are listed below.

    (For full details of all options, use savscan -h. [*]indicates option is default)

      -sc [*] -f [ ] -di [ ] -s [*] -c [*] -b [*] -all [ ] -rec [*]-remove [ ]
      -dn [ ] -ss [ ] -eec [ ] -ext=<extension>,.. -p=<file> -idedir=<directory>
      -exclude -include -v -vv -h
      -zip [ ] -gzip [ ] -arj [ ] -cmz [ ] -tar [ ] -rar [ ] -cab [ ] -archive [ ]
      -loopback [ ] -mime [ ] -oe [ ] -tnef [ ] -pua [ ] -suspicious [ ]
      --reset-atime [*] --stop-scan [*] --follow-symlinks [*]
      --stay-on-filesystem [ ] --stay-on-machine  [*] --skip-special [*]
      --backtrack-protection [*] --preserve-backtrack [*]--examine-x-bit [ ]
      --cust-extract [ ] --early-sxl [ ] --show-file-details [ ] --quarantine [ ]
      --quarantine:<uid=nnn>,<user=username>,<gid=nnn>,<group=groupname>,<mode=ppp>
      -move=<quarantine directory> [ ] -rename [ ] --args-file=<file>
      -mbr [ ] -bs=X,... [ ] -bs [ ] -cdr=X,...[ ]
    [root@sophos-centos virus]# ll
    total 20
    -rwxrwxrwx. 1 root root 346 Dec  7 12:59 eicar2.com
    -rwxrwxrwx. 1 root root 610 Dec  7 13:01 eicar3.com
    -rwxrwxrwx. 1 root root 346 Dec  7 14:07 eicar4.com
    -rwxrwxrwx. 1 root root 346 Dec  7 15:33 eicar5.com
    -rwxrwxrwx. 1 root root 346 Dec  7 12:58 eicar.com
    [root@sophos-centos virus]#

    ------------------------------------------------------------------------

     

     

    [root@sophos-centos virus]# sweep /
    SAVScan virus detection utility
    Version 5.38.0 [Linux/AMD64]
    Virus data version 5.46, November 2017
    Includes detection for 15340524 viruses, Trojans and worms
    Copyright (c) 1989-2017 Sophos Limited. All rights reserved.

    System time 10:16:20 AM, System date 08 December 2017

    IDE directory is: /opt/sophos-av/lib/sav

    Using IDE file phis-bgq.ide
    Using IDE file pdfu-dgm.ide
    Using IDE file trick-bg.ide
    Using IDE file chmdld-k.ide
    Using IDE file pdfu-dgx.ide
    Using IDE file yakes-dw.ide
    Using IDE file rans-ern.ide
    Using IDE file docd-lff.ide
    Using IDE file lamber-a.ide
    Using IDE file docd-lce.ide
    Using IDE file delf-gjh.ide
    Using IDE file emote-js.ide
    Using IDE file age-axpl.ide
    Using IDE file injec-xg.ide
    Using IDE file mdro-iag.ide
    Using IDE file docd-lcj.ide
    Using IDE file lock-acj.ide
    Using IDE file phis-bhb.ide
    Using IDE file phis-bhf.ide
    Using IDE file inje-cuz.ide
    Using IDE file docdr-dz.ide
    Using IDE file age-axpq.ide
    Using IDE file docd-lfx.ide
    Using IDE file rans-erx.ide
    Using IDE file docd-lgb.ide
    Using IDE file age-axpt.ide
    Using IDE file wdfloa-c.ide
    Using IDE file docd-lgl.ide
    Using IDE file emote-jw.ide
    Using IDE file emote-jx.ide
    Using IDE file fare-dvh.ide
    Using IDE file delf-gjp.ide
    Using IDE file pdfu-dib.ide
    Using IDE file trick-bk.ide
    Using IDE file docd-lhg.ide
    Using IDE file docd-lhj.ide
    Using IDE file fare-dvk.ide
    Using IDE file pdfu-dix.ide
    Using IDE file fare-dvn.ide
    Using IDE file docd-lhr.ide
    Using IDE file injec-wm.ide
    Using IDE file docd-lem.ide
    Using IDE file delf-gjv.ide
    Using IDE file fare-dvr.ide
    Using IDE file msili-pe.ide
    Using IDE file chisb-tl.ide
    Using IDE file docd-lii.ide
    Using IDE file phis-bih.ide
    Using IDE file docd-lis.ide
    Using IDE file phis-bil.ide
    Using IDE file pdfu-dkb.ide
    Using IDE file fare-dvx.ide
    Using IDE file vbdro-cd.ide
    Using IDE file delf-gjl.ide
    Using IDE file injec-xv.ide
    Using IDE file pdfphi-w.ide
    Using IDE file rans-esh.ide
    Using IDE file shellt-c.ide
    Using IDE file fare-dvy.ide
    Using IDE file aimbo-ak.ide
    Using IDE file docd-liy.ide
    Using IDE file adwi-byb.ide
    Using IDE file age-axqw.ide
    Using IDE file docd-ljk.ide
    Using IDE file fare-dwd.ide
    Using IDE file emoge-do.ide
    Using IDE file docd-lkb.ide
    Using IDE file msil-kpa.ide
    Using IDE file qakbo-co.ide
    Using IDE file docd-lkj.ide
    Using IDE file dwnl-uti.ide
    Using IDE file docd-lku.ide
    Using IDE file decep-dz.ide
    Using IDE file docd-llb.ide
    Using IDE file auto-cde.ide
    Using IDE file trikb-am.ide
    Using IDE file docd-llx.ide
    Using IDE file docd-lly.ide
    Using IDE file docd-lmd.ide
    Using IDE file docd-lhz.ide
    Using IDE file age-axsa.ide
    Using IDE file zbot-lvk.ide
    Using IDE file docd-lmt.ide
    Using IDE file fare-dwi.ide
    Using IDE file docd-lmw.ide
    Using IDE file pdfu-dmk.ide
    Using IDE file docd-lin.ide
    Using IDE file decep-eb.ide
    Using IDE file age-axse.ide
    Using IDE file spy-ant.ide
    Using IDE file msil-kpo.ide
    Using IDE file fare-dwk.ide
    Using IDE file rans-esn.ide
    Using IDE file lethi-ci.ide
    Using IDE file pdfu-dmm.ide
    Using IDE file rtfdl-ct.ide
    Using IDE file docd-lne.ide
    Using IDE file fare-dwo.ide
    Using IDE file qbot-dx.ide
    Using IDE file docd-lnk.ide
    Using IDE file fare-dws.ide
    Using IDE file docd-lnp.ide
    Using IDE file msil-kps.ide
    Using IDE file nanoc-uj.ide
    Using IDE file docd-loc.ide
    Using IDE file docd-loj.ide
    Using IDE file fare-dxa.ide
    Using IDE file docd-loo.ide
    Using IDE file docd-low.ide
    Using IDE file msil-kqc.ide
    Using IDE file age-axsv.ide
    Using IDE file inje-cwt.ide
    Using IDE file docd-lpk.ide
    Using IDE file docd-lpn.ide
    Using IDE file phis-bkg.ide
    Using IDE file delf-gko.ide
    Using IDE file fare-dxc.ide
    Using IDE file docdr-bj.ide
    Using IDE file docd-lpx.ide
    Using IDE file emoge-dq.ide
    Using IDE file gozi-mp.ide
    Using IDE file age-axtf.ide
    Using IDE file docd-lpz.ide
    Using IDE file hawke-qf.ide
    Using IDE file fare-dxl.ide
    Using IDE file java-ask.ide
    Using IDE file nanoc-uo.ide
    Using IDE file msil-kqg.ide
    Using IDE file darkc-gq.ide
    Using IDE file nanoc-up.ide
    Using IDE file msil-kqh.ide
    Using IDE file phis-bko.ide
    Using IDE file darkc-gr.ide
    Using IDE file delf-gla.ide
    Using IDE file fare-dxm.ide
    Using IDE file fare-dxn.ide
    Using IDE file inje-cwu.ide
    Using IDE file chisb-tp.ide
    Using IDE file fare-dxw.ide
    Using IDE file darkc-gs.ide
    Using IDE file pdfu-dow.ide
    Using IDE file wont-act.ide
    Using IDE file darkc-gt.ide
    Using IDE file docd-lre.ide
    Using IDE file mdro-iav.ide
    Using IDE file rans-esv.ide
    Using IDE file krypt-ia.ide
    Using IDE file docd-lro.ide
    Using IDE file rans-esx.ide
    Using IDE file decep-fi.ide
    Using IDE file vbs-oz.ide
    Using IDE file fare-dyi.ide
    Using IDE file age-axta.ide
    Using IDE file chisb-tt.ide
    Using IDE file pdfu-dqg.ide
    Using IDE file injec-yy.ide
    Using IDE file age-axuj.ide
    Using IDE file age-axuk.ide
    Using IDE file vb-joz.ide
    Using IDE file delf-glh.ide
    Using IDE file rtfdl-dn.ide
    Using IDE file phis-bls.ide
    Using IDE file fare-dyk.ide
    Using IDE file pdfu-dqi.ide
    Using IDE file pdfu-dql.ide
    Using IDE file inje-cxe.ide
    Using IDE file phis-blt.ide
    Using IDE file phis-blw.ide
    Using IDE file docd-lsb.ide
    Using IDE file docd-lsk.ide
    Using IDE file delf-gli.ide
    Using IDE file pdfu-dqw.ide
    Using IDE file phis-bmd.ide
    Using IDE file rans-ete.ide
    Using IDE file tesla-dk.ide
    Using IDE file trikb-ap.ide
    Using IDE file delf-glj.ide
    Using IDE file age-axur.ide
    Using IDE file docd-ltn.ide

    Quick Scanning

    Could not check /selinux/disable (virus scan failed)
    Could not check /selinux/commit_pending_bools (virus scan failed)
    Could not check /selinux/load (virus scan failed)
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar5.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar4.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar2.com
    >>> Virus 'EICAR-AV-Test' found in file /etc/virus/eicar3.com
    Could not open /lib/modules/2.6.32-696.16.1.el6.x86_64/source
    Could not open /lib/modules/2.6.32-573.el6.x86_64/source

    8770 files scanned in 54 seconds.
    5 errors were encountered.
    5 viruses were discovered.
    5 files out of 8770 were infected.
    If you need further advice regarding any detections please visit our
    Threat Center at: www.sophos.com/.../threat-center.aspx
    End of Scan.
    [root@sophos-centos virus]#

Children
No Data
Unfiltered HTML