Re: ClamTK vs KlamAV gui virus scanner

They are the same. KlamAV is just a KDE frontend to ClamAV. ClamTK is the GTK (Gnome) front end to ClamAV. As you have just discovered, Gnome software works just fine on Kubuntu (and vice versa).

Re: ClamTK vs KlamAV gui virus scanner

Well it doesn't seem so because I get around 15 warnings regarding encrypted.zip files when using KlamAV en 0 when using ClamTK. Thats why I posted it. Anyone else notice it? I have a fresh Kubuntu 9.10 installation! And all definitions and gui's are up to date.

Re: ClamTK vs KlamAV gui virus scanner

This is just a guess, because I have never used an AV program in Linux, but it could well be that the default settings with regard to what to report in the Gnome and KDE versions are different, or you might have set them differently. Of course, since that's almost certainly the first thing you checked, I could be wrong.

Re: ClamTK vs KlamAV gui virus scanner

Looks like function in the library used by clamscan. Sorry I can't tell you how to configure the GUI frontends to disable the option. I always call clamscan from the command line.

Re: ClamTK vs KlamAV gui virus scanner

ah yes forgot about that thanks,

But still I have the question if it treats all encrypted files as suspicious=warning why are these files even encrypted? I mean I see the use for libclamav6 to be encrypted (as part of the anti-virus scanner) but files like zip, some office files? Why would they encrypt those?

cheers

Re: ClamTK vs KlamAV gui virus scanner

I don't know whether libclamav6 is encrypted or not. Maybe, but I really don't know. It has nothing to do with your problem as I see it.

There are many reasons to encrypt such files. If you handle sensitive documents for your employer then you may have use for encryption. If you don't want your mom to find your porn, then you might have use for encryption. Any kind of file can be encrypted, given the right utility.

The thing about encrypted archives (.ZIP, .RAR, etc.) is that some viruses might be hidden in encrypted archives. Virus creators might put the virus in an encrypted archive to avoid detection by scanners which rely upon signatures.

Supposing a new game comes out, and everyone wants it. Some people are unscrupulous enough to download the new game over a P2P network to avoid paying for it. One way viruses spread, at least on Windows computers, is to hide the virus in an encrypted archive as part of the game's installation package. Now everyone who downloads that copy of the game (illegally) gets the virus. This is called a trojan horse, and it is a very effective means of spreading viruses and other malicious programs.

Well, those are some things to think about anyway. It is your choice whether to let your scanner detect encrypted archives or not.

Re: ClamTK vs KlamAV gui virus scanner

Thanks for the time and effort you are putting into your post. They do help!

Now I forgot to say that the encrypted files aren't any private files from anyone but they are part of the (K)ubuntu release. This is why it is such an issue for me. I have already seen that no date (last modified, last accessed) and the size is the same up to the last byte.
Can I safely assume these files are ok or do I need to investigate further?

cheers

Re: ClamTK vs KlamAV gui virus scanner

Loosely speaking, maybe you can. Of course there is no way I could guarantee that your system is not infected. I don't know how you administer your system. I can't even guarantee that my own system is not infected, but I am 99% certain it is not infected.

What files are we talking about? Who owns them? Do regular users have write access to them? Do you routinely operate your system with root enabled? Do you add software from shady sources?

Re: ClamTK vs KlamAV gui virus scanner

I have a very, very similar issue. Also about 15 files with the 'warning' tag. They all appear to be installation files (zip and .so).

After reading your thread and considering the responses I received regarding a similar thread I had going earlier, I am concluding that it is a false positive. The warnings are created by the setup which defaults to warn about encrypted files (i.e. zip ans .so).

I may be wrong. So do not rely upon my opinion, please.