ClamAV is a popular malware scanner that can help to find malware on your accounts. You are able to find more information about that at the following link:

http://clamav.net

This software has many built in definitions that will find *most* of the malicious files under your accounts. It can find many shells, phishing sites and other malware. We won’t be able to cover all of the different options available in ClamAV in this article, but we will cover the parts that you will need to initially locate the malware so that it an be removed.

To install that, all you will need to do is run the following command.

If you are on a RedHat based OS, such as CentOS, you can install it with

yum install clamav

If you are using debian, you can use

apt-get install clamav

Once that is installed, you will want to run the freshclam command so that the definitions are updated to the most recent.

root@server [/home/user]# freshclam
ClamAV update process started at Thu Jan 12 04:41:48 2012
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cld is up to date (version: 14300, sigs: 70715, f-level: 63, builder: guitar)
bytecode.cvd is up to date (version: 160, sigs: 38, f-level: 63, builder: edwin)

Then, you can use the clamscan command to run the scan. You will also want to use a couple of flags to only show the infected files, to search recursively, and to log your findings to a log file. The i limits the output to only infected files, the r flag means to recurse through the directoies and the l flag with a file name will log the scan to that file.

root@server [/home/user/public_html]# clamscan -ir -l log.txt

———– SCAN SUMMARY ———–
Known viruses: 1113857
Engine version: 0.97.3
Scanned directories: 139
Scanned files: 1602
Infected files: 0
Data scanned: 29.30 MB
Data read: 15.53 MB (ratio 1.89:1)
Time: 6.608 sec (0 m 6 s)

If a malicious file is found, it will show the path to the file and why it was flagged.

root@server [/home/user/public_html]# clamscan -ir -l log.txt
/home/user/public_html/thing.php: PHP.Shell-38 FOUND

———– SCAN SUMMARY ———–
Known viruses: 1113857
Engine version: 0.97.3
Scanned directories: 2412
Scanned files: 20511
Infected files: 1
Data scanned: 354.85 MB
Data read: 832.57 MB (ratio 0.43:1)
Time: 102.922 sec (1 m 42 s)

The output of the scan will also be logged to a file called log.txt if you run the command as it is in the example. You can then get the timestamps from that file and find the source, remove the file and patch the problem.

A lot of people have used the recent jailbreak tool RedSn0w to unlock their devices. Most have found that this is causing iBooks to no longer open or crash when opening after the jailbreak is done. Thanks Apple. Luckily, some tools have been created to fix this, however not everyone is getting the results they want with it. The issue with the tools looks to be that they are not fixing the permissions correctly when the iBooks files are moved to /var/stash. We found that with an extra step, you can get that working correctly.

First off, you will want to download SBSettings for the BigBoss repo. This repo have came installed with Cydia, so you shouldn’t need to add anything new. Once SBSettings is installed, your device should respring and take you back to the lockscreen.

Now, you will want to install iBooks by using the iBooks Fix for iOS 5 app found in the xsellize repo. To add this, you will need to go to Cydia > Sources > edit > add, then add http://cydia.xsellize.com/. You will get a warning and can just click ok. You can then search for iBooks fix for iOS 5 and install it. Once it has finished installing, it should respring once more.

Now, you should be back at your lockscreen once more. You will now want to go into the SBSettings app, then to System options, which is towards the bottom. Once you are there, just click the “fix user dir permissions.”. It will then fix the permissions of all your files. Your device should respring one more time.

Now, you should be able to open up and use iBooks without a problem. Let us know if this works for you in the comments!