Mysterious installation of ClamAv on my popos system - AOS for Lemmy.World - A generic Lemmy server for everyone to use.

176

Mysterious installation of ClamAv on my popos system

1y 2mon ago by lemmy.ml/u/Artemis_Mystique in linux@lemmy.ml

I don't remember installing it, everything about it seems "legitimate" grepping through the logs the installation date seems to be 21st January. There was always some slow down when I initially started firefox and today I had HTOP open just to see what was happening and Clamav and ClamAV freshclam process was there. How do I check if it is compromised or which user if any installed it?

SSH is disabled.

Was anything else installed on the 21st? Might have been pulled down as a dependency of something.

to answer this question: if you're on a dpkg-based system, check /var/log/dpkg.log (or /var/log/dpkg.log.2.gz to get logs from January, if your system rotates them once a month).

Or as a way for someone putting malware on the system to keep other malware away...

As a start, you can use opensnitch to see what connections it makes.

Or Wireshark

ClamAV

But on a serious note, no, I have no idea why that would happen.