Hello,
I am having problems when I use the clamscan -r -i --remove on /home/virtfs, files can't be removed and send some errors (this are only a few errors):
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/clean/gzbase64.inject.unclassed: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/clean/gzbase64.inject.unclassed'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31241.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31241.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31241.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31241.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.25829.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.25829.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31016.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31016.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31016.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31016.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.25829.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.25829.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.31241: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.31241'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.25829: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.25829'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.9796: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.9796'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.9796.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.9796.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.31016: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.31016'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.9796.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.9796.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/md5.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/md5.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/md5v2.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/md5v2.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/hex.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/hex.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.yara: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.yara'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/feeds.php.2136711491: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/feeds.php.2136711491'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/wp-ultimate.php.2619816100: {HEX}php.uploader.berhasil.619.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/wp-ultimate.php.2619816100'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_coimsamx_Dec_2017.gz.2577718812: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_coimsamx_Dec_2017.gz.2577718812'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_gikmrmx_Dec_2017.gz.1269525077: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_gikmrmx_Dec_2017.gz.1269525077'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/key.php.suspected.1596321831: {HEX}php.malware.fopo.538.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/key.php.suspected.1596321831'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/grupokamar.com-Dec-2017.gz.43444132: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/grupokamar.com-Dec-2017.gz.43444132'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_gpokmrcm_Dec_2017.gz.1596720485: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_gpokmrcm_Dec_2017.gz.1596720485'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/wp-ultimate.php.1501110854: {HEX}php.uploader.berhasil.619.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/wp-ultimate.php.1501110854'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/gikamar.mx-Dec-2017.gz.540924081: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/gikamar.mx-Dec-2017.gz.540924081'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/coimsagik.mx-Dec-2017.gz.153097772: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/coimsagik.mx-Dec-2017.gz.153097772'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/md5.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/md5.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/md5v2.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/md5v2.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/hex.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/hex.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.yara: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.yara'.
/home/virtfs/aktvsmx/usr/local/chkrootkit/chkrootkit: YARA.r57shell_php_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/chkrootkit/chkrootkit'.
/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.hdb'.
/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.ndb'.
/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.yara: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.yara'.
Is this something to worry about? Why files in virtfs can't be removed?
Thanks,
Joe
Clamscan to virtfs can't remove found files
Support for security such as Firewalls and securing linux
Return to “CentOS 7 - Security Support”
Jump to
- CentOS General Purpose
- ↳ CentOS - FAQ & Readme First
- ↳ Announcements
- ↳ CentOS Social
- ↳ User Comments
- ↳ Website Problems
- CentOS 8 / 8-Stream / 9-Stream
- ↳ 8 /8-Stream / 9-Stream - General Support
- ↳ 8 /8-Stream / 9-Stream - Hardware Support
- ↳ 8 /8-Stream / 9-Stream - Networking Support
- ↳ 8 /8-Stream / 9-Stream - Security Support
- CentOS 7
- ↳ CentOS 7 - General Support
- ↳ CentOS 7 - Software Support
- ↳ CentOS 7 - Hardware Support
- ↳ CentOS 7 - Networking Support
- ↳ CentOS 7 - Security Support
- CentOS Legacy Versions
- ↳ CentOS 5
- ↳ CentOS 5 - General Support
- ↳ CentOS 5 - Software Support
- ↳ CentOS 5 - Hardware Support
- ↳ CentOS 5 - Networking Support
- ↳ CentOS 5 - Server Support
- ↳ CentOS 5 - Security Support
- ↳ CentOS 5 - Oracle Installation and Support
- ↳ CentOS 5 - Miscellaneous Questions
- ↳ CentOS 6
- ↳ CentOS 6 - General Support
- ↳ CentOS 6 - Software Support
- ↳ CentOS 6 - Hardware Support
- ↳ CentOS 6 - Networking Support
- ↳ CentOS 6 - Security Support