Re: Virus and file /proc/kcore
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(Please turn on your line wraps to something around 72 columns)
On Sat, Aug 10, 2002 at 08:56:03AM -0400, colemw@cox.net wrote:
> I did a virus scan with clamscan and then f-prot. Clamscan notified
> me of one virus: V801 in file /proc/kcore. Going to this file it is
> VERY large (in fact takes up the majority of my partition). I can't
> seem to rm or shred this file. f-prot called it a W32 virus? But
> neither application will remove the file. It has permissions set at
> '-r--------' with owners root.root. What does this file do? Is
> there any way to get rid of the virus without wiping the partition
> which is /? Let me know if you need more info.
My guess is this is the kernel core. Don't worry too much about
anything in /proc, it's a virtual filesystem containing information
about what's going on, and does not take up disk space. I'm going to
hazard to guess your virus scanner saw itself when it scanned /proc.
Be aware there are a total of five viruses for Unix, three of those
for Linux specifically, and those three target long-since-outdated
versions of Red Hat.
- --
Baloo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9VR0QNtWkM9Ny9xURAg0GAJ9uegO4XFGSp6W3ngcNbLZaBN1aMgCglNPc
NGPoIQbIaj21kASq/1l/kjw=
=QIMN
-----END PGP SIGNATURE-----
Reply to: