Ask Your Question
1

comodo anti virus

asked 2015-02-21 10:56:51 -0500

Arttalbert gravatar image

Any one else get this message from comodo anti virus program?

Malware@#30wnk9b93bae3 /usr/lib64/totem/plugins/grilo/totem-grilo.conf

edit retag flag offensive close merge delete

Comments

Man; Comodo Antivirus?; surely all use a proprietary Antivirus here haha

davidva gravatar imagedavidva ( 2015-02-22 23:56:51 -0500 )edit

Guess what, Fedora 21 & Clamav, just said that cmgdaemon has a virus. I moved it to quarantine and it vanished. Strange, I'll have to find that file to check it out. I'll run Clamscan again to find it. Found it. ".core.cmgdaemon.0.2a145ef0d4844cfdba5539ed6407edb3.843.1424601835000000828b506bf4715b8d" That's two that I've found, I've been running Clamav for quiet a while, and never found any virus at all. Comodo just ran one time, and I've found it in the Fedora install.

Arttalbert gravatar imageArttalbert ( 2015-02-23 14:14:45 -0500 )edit

3 Answers

Sort by ยป oldest newest most voted
3

answered 2015-02-21 14:49:55 -0500

I don't use comodo antivirus on Fedora, but can give you a few pointers.

First, Comodo antivirus is a third party proprietary product. Your best venue for support for such products is from the place you got it from.

I don't have this file on my system, or any package in the configured repos that would provide it. Check if you have a third party repo that provides it with repoquery -qf /usr/lib64/totem/plugins/grilo/totem-grilo.conf to get the name of the package. If it is packaged, rpm -V $packagename will verify that the package's contents have not been altered.

That still leaves you with the question of whether the file is actually malware. If this were an open source package, you could look at the software's sources to verify it isn't doing anything malicious. (Note, btw, that you probably cannot do this with comodo!). If the package would have come from the Fedora repositories, you would have the further assurance that the code and package had been reviewed by Fedora maintainers.

For the most part, any concerns about bad actors (outside of your home directory, anyway) are typically mitigated on Fedora by restricting yourself to trusted, transparent software sources, careful use of administrative privileges, and built-in security features like SELinux.

edit flag offensive delete link more
1

answered 2015-03-07 14:17:17 -0500

Arttalbert gravatar image

Found it. Comodo anti-virus is using the core dump '/var/lib/systemd/coredump/.core.cmgdaemon.0.973ae84158de44c3b54cc922b157797b.838.14256315200000004d0c6ba703c2db67: Exploit.JS.HTML-2 FOUND' as the quarantine directory. Cool, when I run the Clamav anti-virus program, it finds the quarantine directory, and my command line moves the virus to the trash. All is good on Fedora.

edit flag offensive delete link more
0

answered 2015-03-07 20:24:04 -0500

I believed that your questions was answered, but one more thing.

Linux users normally used limited user accounts and became the root user only when necessary. Linux also has other security features, like AppArmor and SELinux.

Also if there is a partitions that you need to scan in a dual boot machine you will need ClamTk.

Regards,

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-02-21 10:56:51 -0500

Seen: 982 times

Last updated: Mar 07 '15