ClamTk

no quarantine possible

Bug #1307103 reported by Johan Herbschleb on 2014-04-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ClamTk	New	Undecided	Unassigned

Bug Description

ClamTk5.05 under Fedora 19 finds files with PUA, but quarantine is not possible only delete is active.

Revision history for this message

Dave M (dave-nerd) wrote on 2014-04-13:

Johan,

Can you provide a little more information? What is the filename?

Also, I'd like to see if any errors pop up: can you run "clamtk" from the commandline (no quotes), run the same scan, and let me know if anything shows up in the terminal window?

Also, remember that PUAs are not necessarily harmful - be careful removing those. I no longer recommend using the PUA in the scans and may remove it from future versions soon.

Thanks,
Dave M

Revision history for this message

Johan Herbschleb (johan-herbschleb) wrote on 2014-04-13: Re: [Bug 1307103] Re: no quarantine possible

Hello Dave,

ClamTk runs from commandline as from GUI.
Installed are 18353 signatures, available are 18786. A few days ago
there where less signatures installed, the program installed up to 18353
and then stopped installing.

7 out of 8 files had in common: /usr/lib/mono/..
PUA.Win32.Packer.PrivateProte-7. I have no idea what type of files these
are.
Thanks for your response.

On 04/13/2014 11:36 AM, Dave M wrote:
> Johan,
>
> Can you provide a little more information? What is the filename?
>
> Also, I'd like to see if any errors pop up: can you run "clamtk" from
> the commandline (no quotes), run the same scan, and let me know if
> anything shows up in the terminal window?
>
> Also, remember that PUAs are not necessarily harmful - be careful
> removing those. I no longer recommend using the PUA in the scans and
> may remove it from future versions soon.
>
> Thanks,
> Dave M
>

--
Johan Nicolaas Herbschleb
Praceta da Eira de Baixo, 60
3300-450 Secarias, Portugal
http://herbschleb.hopto.org

Revision history for this message

Dave M (dave-nerd) wrote on 2014-04-13:

Johan,

Those files are likely part of Mono... I wouldn't remove those. The reason you probably can't remove them is likely permissions.

I really need to disable PUA scanning...

Thanks,
Dave M

Revision history for this message

Johan Herbschleb (johan-herbschleb) wrote on 2014-04-13:

Dave,
thanks for the explanations. Next time I'll run clamtk as root and keep
all PUA's.

On 04/13/2014 07:14 PM, Dave M wrote:
> Johan,
>
> Those files are likely part of Mono... I wouldn't remove those. The
> reason you probably can't remove them is likely permissions.
>
> I really need to disable PUA scanning...
>
> Thanks,
> Dave M
>

--
Johan Nicolaas Herbschleb
Praceta da Eira de Baixo, 60
3300-450 Secarias, Portugal
http://herbschleb.hopto.org

Revision history for this message

Dave M (dave-nerd) wrote on 2014-04-13:

Johan,

Thanks for following up. For the record, my point isn't to automatically keep or remove PUAs, but rather get a second opinion on them. Do some quick research or submit the file to virustotal.com.

Hope that helps,

Thanks,
Dave M

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.