I first attempted the scan using ClamTK, which I wrote about earlier. However, I've been having doubts about ClamTK because there's no way for me to check on the validity or currency of the virus database.
I then ran the scan using the command-line tool
clamscan
, using the virus definitions main.cvd
(released ver. 51 released on 14 May 2009 10:28 :0400) and daily.cvd
(ver. 9814 released on 17 Sep 2009 13:17 :0400) from the ClamAV site. The command I used was:clamscan -d CVD -r /media/disk
where
CVD
was the directory where I put the virus definition files. The result:----------- SCAN SUMMARY -----------
Known viruses: 623483
Engine version: 0.95.2
Scanned directories: 8
Scanned files: 37
Infected files: 0
Data scanned: 50.70 MB
Data read: 88.91 MB (ratio 0.57:1)
Time: 9.567 sec (0 m 9 s)
So, no detection from ClamAV. However, a listing of the files on the USB disk reveals:
-rwx------ 1 dodgie root 1426205 2009-09-17 16:14 Beej's Guides.exe
-r-x------ 1 dodgie root 1426205 2009-09-17 16:14 Recycle.exe
-rwx------ 1 dodgie root 1426205 2009-09-17 16:14 Sample Programs.exe
Running a search on the file size 1426205 led me to the submitted definition on Threat Expert. Checking the MD5SUM on my infected files gives a match on the submitted MD5 numbers on the site. To be fair, the signature was submitted on September 9, but on the other hand, several of the other AV products seem to have already detected the virus.
So, nothing else to do but to submit the file to the ClamAV folks.
Let's see what happens next.