[opensuse] Question on Clamav
Does clamav log everything it outputs by default or do you have to tell it to do so in the syntax? The resion why I am asking this is clamscan says that I have some infected folders, don't know where, and I would like to check to see if it is not giving me a false positive or not.
Adam, hi there clamAV is NOT a real time ant-virus application. If you copy an infected file onto you disk then is will be copied across without saying anything. 1. go to your favourite xterm 2. log in as root 3. execute the command "freshclam" 4. when it finishes you need to run scans from time to time, now that you have executed a freshclam the daily database should be updates regularly - check Yast>system run levels - expert mode. after 5.still as root execute "clamscan - h" This will give you the options you need to scan. If you have more than 30GB of program and data and you scan the lot - let it run overnight - it just might be finished in the morning and the end will contain a -v verbose summary or you can use the "-move=/home/xx/ quarantine" and if anything is found it will be moved the the directory specified, however the directory must exist first. There is a GUI version of clamAV You can search Yast software for KlamAV or see the website http://www.klamav.net or http://www.clamav.net for the xterm Its Beta software and version 0.4.14.1 as it is would have cost me my job in the past despite its beta status and is the absolute worst GUI interface as far as usability/flexibility/performance/adaptability I have ever seen despite its BETA status. 1. You think the xterm scan is slow...just wait. 2. try to load the real-time-agent - I could not. 3. Try and clean an infected file - you cannot. 4. Ignore the little spider top right corner - it contains all the browser script errors - and it uses Konqueror's browsing setting to communicate with the internet so if you have stuffed that up your KlamAV browser wont work 5.The only email it will protect is Kmail. 6.Good luck in loading the auto-scan option 7.If you try to suspend you PC it will not be able to halt the KLamAV application and it will sit in limbo - to get out hit you off button on you PC for 1 second (and I mean 1 second - its quite long)only and your session should restore. 8. It is pretty! Hope this helps Scott Adam Jimerson wrote:
Does clamav log everything it outputs by default or do you have to tell it to do so in the syntax? The resion why I am asking this is clamscan says that I have some infected folders, don't know where, and I would like to check to see if it is not giving me a false positive or not.
On Sunday 12 August 2007 02:17:22 am Registration Account wrote:
Adam, hi there
clamAV is NOT a real time ant-virus application. If you copy an infected file onto you disk then is will be copied across without saying anything.
1. go to your favourite xterm 2. log in as root 3. execute the command "freshclam" 4. when it finishes you need to run scans from time to time, now that you have executed a freshclam the daily database should be updates regularly - check Yast>system run levels - expert mode. after 5.still as root execute "clamscan - h" This will give you the options you need to scan.
If you have more than 30GB of program and data and you scan the lot - let it run overnight - it just might be finished in the morning and the end will contain a -v verbose summary or you can use the "-move=/home/xx/ quarantine" and if anything is found it will be moved the the directory specified, however the directory must exist first.
There is a GUI version of clamAV
You can search Yast software for KlamAV or see the website http://www.klamav.net or http://www.clamav.net for the xterm
Its Beta software and version 0.4.14.1 as it is would have cost me my job in the past despite its beta status and is the absolute worst GUI interface as far as usability/flexibility/performance/adaptability I have ever seen despite its BETA status.
1. You think the xterm scan is slow...just wait. 2. try to load the real-time-agent - I could not. 3. Try and clean an infected file - you cannot. 4. Ignore the little spider top right corner - it contains all the browser script errors - and it uses Konqueror's browsing setting to communicate with the internet so if you have stuffed that up your KlamAV browser wont work 5.The only email it will protect is Kmail. 6.Good luck in loading the auto-scan option 7.If you try to suspend you PC it will not be able to halt the KLamAV application and it will sit in limbo - to get out hit you off button on you PC for 1 second (and I mean 1 second - its quite long)only and your session should restore. 8. It is pretty!
Hope this helps
Scott
Adam Jimerson wrote:
Does clamav log everything it outputs by default or do you have to tell it to do so in the syntax? The resion why I am asking this is clamscan says that I have some infected folders, don't know where, and I would like to check to see if it is not giving me a false positive or not.
The thing is I really don't think my system has a virus, not even in windows, I went and installed Avast Linux Workstation updated its virus database and scanned my system and according to avast the only problems that it found is that it wasn't able to read a couple of files, no viruses or anything. Then to make sure it wasn't under Windows I booted windows updated Avast's virus database then rebooted it into safemode and scanned from there and it came up clean. Then to be sure I used the Microsoft One Care online scanner to see if it could find anything, again every was clean. BTW I know that clamAV does not do real-time scanning and that I have to run freshclam to update its database, and I did that before I ran it the first time.
Adam you do NOT have to run fresh clam every day. one you have performed 1 freshclam close the term open YAST>System>System Services Change to expert mode at the top. In the list you will find 'clamd' 'freshclam' and 'freshclam' Start bother services if not running then finish. This will auto update your daily clam database without interference, however again I caution you this provided NO protection. One your question about being notified of any problem just scan from the root directory as the user root and include the '-v' for be verbose option as well as the option to scan all subdirectories. If you are really worried create a subdirectory directory off /home/ something like /home/quarantine and include in you scan options --b and --move=/home/quarantine in this way you will get an audiable bell if anything is found, the --v option will give you a complete summary at the end and any infection will be moved to the directory as above Dont forget to scan from the root and scan all subdirectories option shown in help Scott Adam Jimerson wrote:
On Sunday 12 August 2007 02:17:22 am Registration Account wrote:
Adam, hi there
clamAV is NOT a real time ant-virus application. If you copy an infected file onto you disk then is will be copied across without saying anything.
1. go to your favourite xterm 2. log in as root 3. execute the command "freshclam" 4. when it finishes you need to run scans from time to time, now that you have executed a freshclam the daily database should be updates regularly - check Yast>system run levels - expert mode. after 5.still as root execute "clamscan - h" This will give you the options you need to scan.
If you have more than 30GB of program and data and you scan the lot - let it run overnight - it just might be finished in the morning and the end will contain a -v verbose summary or you can use the "-move=/home/xx/ quarantine" and if anything is found it will be moved the the directory specified, however the directory must exist first.
There is a GUI version of clamAV
You can search Yast software for KlamAV or see the website http://www.klamav.net or http://www.clamav.net for the xterm
Its Beta software and version 0.4.14.1 as it is would have cost me my job in the past despite its beta status and is the absolute worst GUI interface as far as usability/flexibility/performance/adaptability I have ever seen despite its BETA status.
1. You think the xterm scan is slow...just wait. 2. try to load the real-time-agent - I could not. 3. Try and clean an infected file - you cannot. 4. Ignore the little spider top right corner - it contains all the browser script errors - and it uses Konqueror's browsing setting to communicate with the internet so if you have stuffed that up your KlamAV browser wont work 5.The only email it will protect is Kmail. 6.Good luck in loading the auto-scan option 7.If you try to suspend you PC it will not be able to halt the KLamAV application and it will sit in limbo - to get out hit you off button on you PC for 1 second (and I mean 1 second - its quite long)only and your session should restore. 8. It is pretty!
Hope this helps
Scott
Adam Jimerson wrote:
Does clamav log everything it outputs by default or do you have to tell it to do so in the syntax? The resion why I am asking this is clamscan says that I have some infected folders, don't know where, and I would like to check to see if it is not giving me a false positive or not.
The thing is I really don't think my system has a virus, not even in windows, I went and installed Avast Linux Workstation updated its virus database and scanned my system and according to avast the only problems that it found is that it wasn't able to read a couple of files, no viruses or anything. Then to make sure it wasn't under Windows I booted windows updated Avast's virus database then rebooted it into safemode and scanned from there and it came up clean. Then to be sure I used the Microsoft One Care online scanner to see if it could find anything, again every was clean.
BTW I know that clamAV does not do real-time scanning and that I have to run freshclam to update its database, and I did that before I ran it the first time.
Registration Account wrote:
Adam, hi there
clamAV is NOT a real time ant-virus application. If you copy an infected file onto you disk then is will be copied across without saying anything.
It depends on how you use it. The primary use of any antivirus application on linux machines is basically as a courtesy to protect windoze clients. When used on a mail server, clamav scans incoming messages for viruses, which is pretty close to real time. When used on a samba server, clamav provides on-access virus protection for pc clients via samba-vscan, which is about as real time as it gets. It's a very good thing that clamav is lightweight and non-intrusive by default. I'd be pretty unhappy with a product that wasted system resources constantly monitoring and scanning for windoze viruses on my linux desktop system. I'd much rather use my CPU cycles on something useful, say web browsing, gaming or multimedia ;) Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 16 August 2007 01:33:38 pm Sloan wrote:
Registration Account wrote:
Adam, hi there
clamAV is NOT a real time ant-virus application. If you copy an infected file onto you disk then is will be copied across without saying anything.
It depends on how you use it. The primary use of any antivirus application on linux machines is basically as a courtesy to protect windoze clients.
When used on a mail server, clamav scans incoming messages for viruses, which is pretty close to real time.
When used on a samba server, clamav provides on-access virus protection for pc clients via samba-vscan, which is about as real time as it gets.
It's a very good thing that clamav is lightweight and non-intrusive by default. I'd be pretty unhappy with a product that wasted system resources constantly monitoring and scanning for windoze viruses on my linux desktop system. I'd much rather use my CPU cycles on something useful, say web browsing, gaming or multimedia ;)
Joe
The thing is that Clamav seems to think that the templates for Krita are virus, but when I run avast to double check Clamav's findings avast comes up clean. So the only use I have for Clamav right now is for scanning my emails for virus. The only reason I need an anti virus on Linux is for email scanning, done with Kmail, and scanning of my Windows.
Adam Jimerson wrote:
The thing is that Clamav seems to think that the templates for Krita are virus, but when I run avast to double check Clamav's findings avast comes up clean.
Those false positives should probably be reported to the clamav folks - Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Adam Jimerson -
Registration Account -
Sloan