Folder AVG Forums » Archive » Archive » AVG Free » AVG for Linux » avgscan Not Fully Recursive
August 11, 2009 06:44 avgscan Not Fully Recursive #11715
Reply with Quote | Quick Reply | Top
lexlythius

Avatar

Novice
Join Date: 11.8.2009
Posts: 3
avgscan seems to ignore some subdirectories.

I had 6 positively identified viruses inside ~/temp/virus/

virus/juegos.exe Trojan horse SHeur2.MIH
virus/Lua.exe Trojan horse SHeur2.MIH
virus/Metronomo.exe Trojan horse SHeur2.MIH
virus/JavaScript.exe Trojan horse SHeur2.MIH
virus/autorun.inf Virus identified Worm/Generic_c.ZS
virus/Instaladores.exe Trojan horse SHeur2.MIH

and performed the same scan starting from my home directory and from inside temp (virus's parent). Only from inside temp would these viruses be detected.

So I moved virus folder one level deeper, into ~/temp/fok/virus to see if it was a depth limit, but the scanner did find them regardless. So my guess is: it may be something about symbolic links.

In any event, not being able to clean nor trash infected files is an issue (). But not being able to find viruses is a big issue. It gives users a false sensation of security.

Let's hope this can be fixed.

Thanks in advance,
LexLythius

------
Anti-Virus scanner version: 8.5.286
GNU/Linux 2.6.28-14-generic Ubuntu x86_64
UFW firewall installed and active
August 11, 2009 08:08 Re: avgscan Not Fully Recursive #11723
Reply with Quote | Quick Reply | Top
ondraploteny

Avatar

Administrator
Join Date: 27.3.2009
Posts: 6996
Hi,
thread moved to proper topic - "AVG 8.5 Free Edition for Linux"

I will consult it with AVG Linux specialist.

Thanks
***************AVG Team
August 12, 2009 10:57 Re: avgscan Not Fully Recursive #11947
Reply with Quote | Quick Reply | Top
dswinstead

Avatar

Novice
Join Date: 31.7.2009
Posts: 12
lexlythius wrote
So my guess is: it may be something about symbolic links.


Hi lexlythius,

You mention something about symlinks but don't give any specifics:

If ~/temp/ a synlink?

If so, what is the original location of it (eg {/media|/mnt}/hda1/temp), and what happens when this location is scanned directly (sorry about the faulty syntax square brackets arent allowed as its classed as bbcode)?

The reason I ask about locations of symlinked files is AVG 8.5 for Linux currently does not scan the following directories:
/proc
/sys

This is due to unexpected behavior of the system while AVG scans these directories. The hardcoded exclusion on these directories will be removed in future program versions
August 14, 2009 02:12 Re: avgscan Not Fully Recursive #12343
Reply with Quote | Quick Reply | Top
lexlythius

Avatar

Novice
Join Date: 11.8.2009
Posts: 3
Hi dswinstead,

Thanks for your answer.

No, temp is not a symlink nor are any of its children. On the other hand, I do have the following symlinks in my home directory (i.e., these links are temp's siblings):

lrwxrwxrwx Examples -> /usr/share/example-content
lrwxrwxrwx Música -> /media/disk/mp3
lrwxrwxrwx www -> /var/www/

I have read-only access to the first directory (Ubuntu's default example content) and full access to the other two. As you may guess, /media/disk is another partition (NTFS). Maybe there are issues with non-Unix partitions? Or with filenames having non-English characters?

It might prove a good idea to provide an option to skip symlink directories until a better solution comes up. That would still let the user scan regular directories completely.

BR
LexLythius
August 18, 2009 13:55 Re: avgscan Not Fully Recursive #12951
Reply with Quote | Quick Reply | Top
ondraploteny

Avatar

Administrator
Join Date: 27.3.2009
Posts: 6996
Hi,
you will be soon contacted by AVG techsupport for some information.
Thank you
***************AVG Team
August 21, 2009 15:28 Re: avgscan Not Fully Recursive #13455
Reply with Quote | Quick Reply | Top
JArda2

Avatar

AVG fan
Join Date: 2.7.2009
Posts: 55
lexlythius wrote
avgscan seems to ignore some subdirectories.

I had 6 positively identified viruses inside ~/temp/virus/

virus/juegos.exe Trojan horse SHeur2.MIH
virus/Lua.exe Trojan horse SHeur2.MIH
virus/Metronomo.exe Trojan horse SHeur2.MIH
virus/JavaScript.exe Trojan horse SHeur2.MIH
virus/autorun.inf Virus identified Worm/Generic_c.ZS
virus/Instaladores.exe Trojan horse SHeur2.MIH

and performed the same scan starting from my home directory and from inside temp (virus's parent). Only from inside temp would these viruses be detected.

So I moved virus folder one level deeper, into ~/temp/fok/virus to see if it was a depth limit, but the scanner did find them regardless. So my guess is: it may be something about symbolic links.

In any event, not being able to clean nor trash infected files is an issue (). But not being able to find viruses is a big issue. It gives users a false sensation of security.


Can you please post the full listing of the scanned directory? And also please scan it with report file option and post the report file here if possible.

Thanks in advance,

Jardas