2006/8/9, Paul Johnson <baloo@ursine.ca>:
On Wednesday 09 August 2006 07:11, Alejandro wrote: > Hi all, > > I have a Debian Sarge mail server with clamav antivirus, but I suspect > it only scan for virus and don't remove them. Only scans. Generally if you have a virus to remove, you should be reinstalling your OS as you are compromised anyway.
Before you reinstall the OS, try to run chkroot on the system, if you don't see nothing. Try to run the command top the process that have a peak on the table and run onto 80-90% the cpu it's the process that have installed the virus. kill the process with kill -9 and sing the program that block it. This program is that it have the virus on board, uninstall and reinstall only this program. If you have a backdoor with chkroot could eliminated it. regards heba