Clamscan to virtfs can't remove found files

Support for security such as Firewalls and securing linux
Post Reply
JoeVega
Posts: 2
Joined: 2018/01/01 01:52:01

Clamscan to virtfs can't remove found files

Post by JoeVega » 2018/01/01 02:19:28

Hello,

I am having problems when I use the clamscan -r -i --remove on /home/virtfs, files can't be removed and send some errors (this are only a few errors):

/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/clean/gzbase64.inject.unclassed: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/clean/gzbase64.inject.unclassed'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31241.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31241.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31241.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31241.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.25829.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.25829.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31016.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31016.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31016.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.31016.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.25829.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.25829.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.31241: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.31241'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.25829: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.25829'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.9796: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.9796'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.9796.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.9796.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.31016: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.hexsigs.31016'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.9796.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/tmp/.runtime.user.9796.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/md5.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/md5.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/md5v2.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/md5v2.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/hex.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/hex.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.yara: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs.old/rfxn.yara'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/feeds.php.2136711491: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/feeds.php.2136711491'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/wp-ultimate.php.2619816100: {HEX}php.uploader.berhasil.619.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/wp-ultimate.php.2619816100'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_coimsamx_Dec_2017.gz.2577718812: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_coimsamx_Dec_2017.gz.2577718812'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_gikmrmx_Dec_2017.gz.1269525077: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_gikmrmx_Dec_2017.gz.1269525077'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/key.php.suspected.1596321831: {HEX}php.malware.fopo.538.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/key.php.suspected.1596321831'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/grupokamar.com-Dec-2017.gz.43444132: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/grupokamar.com-Dec-2017.gz.43444132'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_gpokmrcm_Dec_2017.gz.1596720485: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/modsec2_gpokmrcm_Dec_2017.gz.1596720485'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/wp-ultimate.php.1501110854: {HEX}php.uploader.berhasil.619.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/wp-ultimate.php.1501110854'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/gikamar.mx-Dec-2017.gz.540924081: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/gikamar.mx-Dec-2017.gz.540924081'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/coimsagik.mx-Dec-2017.gz.153097772: YARA.eval_post.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/quarantine/coimsagik.mx-Dec-2017.gz.153097772'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/md5.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/md5.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.hdb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.ndb'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/md5v2.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/md5v2.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/hex.dat: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/hex.dat'.
/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.yara: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/maldetect.bk20652/sigs/rfxn.yara'.
/home/virtfs/aktvsmx/usr/local/chkrootkit/chkrootkit: YARA.r57shell_php_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/chkrootkit/chkrootkit'.
/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.hdb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.hdb'.
/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.ndb: YARA.Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.ndb'.
/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.yara: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND
ERROR: Can't remove file '/home/virtfs/aktvsmx/usr/local/cpanel/3rdparty/share/clamav/rfxn.yara'.

Is this something to worry about? Why files in virtfs can't be removed?

Thanks,

Joe

Post Reply