Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

ClamAV scan on Debian 9 shows "empty files" - What to do?

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
Robert_A
Posts: 2
Joined: 2017-07-18 15:01

ClamAV scan on Debian 9 shows "empty files" - What to do?

#1 Post by Robert_A »

Hello, the World of Debian Linux!

First of all, I am new to the forum and somewhat new to Debian, although having used Debian- & Ubuntu-based distros before. I am also new to the forum, and I have read both guidelines for this forum and what I am expected to have done before posting. I hope my question will be met with patience, and not hatred.

Secondly, my question. I installed 64-bit Debian 9 Stretch with the xfce desktop yesterday, and it works absolutely perfectly. However, I decided to run an anti-virus program yesterday to check for viruses. I used the program ClamAV, recommended to me buy some folks of the Linux community on YouTube. I let the program do it's job, scanning all files on my computer except the /sys folder, and save the everything into a .log file. When I woke up this morning and saw the results of the anti-virus scan, I was a bit surprised over the results. The summary reads as follow:

Code: Select all

----------- SCAN SUMMARY -----------
Known viruses: 6306876
Engine version: 0.99.2
Scanned directories: 15539
Scanned files: 171428
Infected files: [b]87[/b]
Data scanned: 12109.84 MB
Data read: 17542.61 MB (ratio 0.69:1)
Time: 3340.597 sec (55 m 40 s)
I investigated the "infected files" and saw there they were exclusively "empty files". Now, my question is, what should I do with these empty files? Should I just ignore them or remove them? After all, the anti-virus program said that they were "infected".

These "empty files" were mainly files found in the /usr/lib/libreoffice/share/extensions/ director, but there was also some Mozilla Firefox files in there (including /tmp/firefox-esr_robert/.parentlock), five files for the chat client Riot (all of those ending in the suffix "-journal") one for "orange" (the calender and clock service; /home/robert/.local/share/orage/orage_persistent_alarms.txt), and quite a few of files in /var/lib/sudo, /var/cache/cups, var/lib/systemd and /var/cache/debconf.

Unnecessary to say, I did not want to post all of the 87 empty files here on the forum for obvious reasons, but I can show them to you that would be helpful.

I would greatly appreciate any advice and help I can get. :D

/Robert A.
Debian 9 user.

User avatar
dasein
Posts: 7680
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: ClamAV scan on Debian 9 shows "empty files" - What to do

#2 Post by dasein »

Robert_A wrote:Unnecessary to say, I did not want to post all of the 87 empty files here on the forum for obvious reasons, but I can show them to you that would be helpful.
Probably not.

There is no clear one-size-fits-all answer to your question. Some of those files serve a temporary purpose, others may may be totally superfluous. Since they are zero-length, you may safely ignore the AV warning. (Wondering WTF an AV cares about zero-byte files?)

Robert_A
Posts: 2
Joined: 2017-07-18 15:01

Re: ClamAV scan on Debian 9 shows "empty files" - What to do

#3 Post by Robert_A »

OK. Thank you very much, Dasein! Now I an call myself down. :D

joseph059
Posts: 8
Joined: 2017-07-14 03:33

Re: ClamAV scan on Debian 9 shows "empty files" - What to do

#4 Post by joseph059 »

Why do you feel the need to run AV on Debian linux? Do you share or receive files from Windows users? It's highly unlikely you'll ever get a virus running linux. AV can also bog your system down, that is slow it down. Just a thought!

Post Reply