date:20230322

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

2023-03-22 Thread Al Varnell via clamav-users

Just a note that in my experience, e-mail phishing detection is routinely 
disabled, perhaps because of excessive false positives, but also because 
signature maintenance appears to be a low priority.

Sent from my iPad

-Al-

On Mar 22, 2023, at 10:44, newcomer01 via clamav-users 
 wrote:
> Hi Paul,
> 
> yes, submit all files. Maybe ClamAV need different Phising - Sigs for each 
> file or something ...
> For my submitted file, ClamAV currently not warn ...
> 
> kind greetings
> Marc
> 
> 
> Von / From: Clamav User Mailinglist 
> An / To: Newcomer01 
> CC / CC: Paul Kosinski 
> Gesendet / Sent: Mittwoch, März 22, 2023 um 18:35 (at 06:35 PM) +0100
> Betreff / Subject: Re: [clamav-users] Be wary of emails with attachments 
> targeting clamav-users list members
>> I have just started getting these claiming to be relevant to ClamAV, but I 
>> have *also* been receiving this sort of thing claiming to be from the 
>> Firefox ESR list for months now.
>> 
>> I am posting (one of) the HTMLs "about" ClamAV to 
>> https://www.clamav.net/reports/malware. Should I also post (one of) the 
>> Firefox phishes? (In fact, I have several of each, but it quickly gets 
>> tedious.)
>> 
>> 
>> 
>>> On Wed, 22 Mar 2023 16:48:32 +
>>> "Micah Snyder \(micasnyd\) via clamav-users" 
>>>  wrote:
>>> 
>>> All,
>>> 
>>> Some users have reported receiving emails that appear to be a reply to a 
>>> clamav-users mailing list thread but are in fact a phishing attempt have 
>>> attached malware.
>>> 
>>> Most recently, Marc reported receiving an email that appeared to be a reply 
>>> to an older clamav-users mailing list thread but was in fact a direct email 
>>> targeting him.  It had this fairly generic phishing text:
>>> 
>>> "Would you please look through the last agreement? I have attached some 
>>> extra details about it."
>>> 
>>> The attached file was some small HTML file containing malicious obfuscated 
>>> javascript.
>>> 
>>> This isn't the first time we've heard of this type of phishing using our 
>>> mailing list archives. Please be careful when you see any sort of 
>>> attachment, even if it appears to be from this community.
>>> 
>>> If you receive this sort of phishing email, please report the attached HTML 
>>> file to https://www.clamav.net/reports/malware
>>> 
>>> Regards,
>>> Micah
>>> 
>>> 
>>> 
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


and please note: your own sh script needs chmod 0775 - it must be run as 
program for all users!
your log folder should have chmod 0775 and your log files inside chmod 0644 - 
bust this are suggestions only


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


try this, but check my ** COMMENTS ** please

---

#!/bin/bash

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" ** HERE I DON'T 
KNOW WHAT YOU TRY TO MATCH ** \
--exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \
--exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \
--exclude="^/run/user/tmick/gvfs/" \ --exclude="^/home/tmick/.gvfs/" \
--exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH **
--exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE PATH **
--exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH **
--exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO **
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="PATH TO YOUR LIBS/" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log"
** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY (THIS I DO) **
#--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
#--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
#--remove="yes/no"

** ALWAYS AN EMPTY LINE AFTER EACH CODE ON LINUX - SOME FILES ARE SENSITIVE 
WITH THIS! **

---



Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


exact but please check your path's - some will so not work aner the asterik "*" 
i think will also not work 😉
cron: 0 1 * * * clammy.sh - always space between the values


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

So Marc, you're saying do something like this: 

#/bin/bash 
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron? 
For example 0 1 *** clammy.sh 
correct?? 

-- 
Tim McConnell +1 (205) 434-5534
tmcconnell...@gmail.com 
https://www.linkedin.com/in/timmcconnell/ 
https://calendly.com/tim_mcconnell/interview 



On Wed, 2023-03-22 at 20:29 +, newcomer01 via clamav-users wrote:
> Tim, it's not heavy write a own bash/sh script - to apply code to
> execute in cronjob isn't the best way.
> Write a small script and this start with your cronjob - that's all.
> 
> If i can help, then i will do this.
> 
> I had at the beginning clamTK too, but the complete tool didn't work
> here (but for some other reasons I know now) so I removed and set up
> all manually, it's little work but you learn much of clamav and
> bash/sh scripting - you can trust in me, it's simpler than it's maybe
> sounds.
> 
> kind regards,
> Marc
> 
> 
> Von / From: Clamav User Mailinglist
> 
> An / To: Newcomer01 
> CC / CC: Tim Mcconnell 
> Gesendet / Sent: Mittwoch, März 22, 2023 um 20:02 (at 08:02 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > On Wed, 2023-03-22 at 18:15 +, newcomer01 via clamav-users
> > wrote:
> > > äähhmmm why you escape the slash? This is not needed.
> > I didn't set that it was done by ClamTK (the GUI Interface) not me.
> > so
> > from the pointers you gave (Marc) ClamTK has bugs? and I should
> > just
> > schedule the cronjob manually?
> > I did appreciate the suggestions too Marc, I'm just trying to use
> > Clam
> > via the GUI (ClamTK) and not having a lot of luck :-(
> > Thanks for the help so far!
> > 
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

2023-03-22 Thread Steve Basford via clamav-users



The attached file was some small HTML file containing malicious obfuscated 
javascript.


Just to note that at my workplace 1 user received a similar email, using 
older email threads to make it look convincing

and a with a single html attachment.

0/55 av's so far 6 hours after submitting..

In case this helps...

https://www.virustotal.com/gui/file/8cb4b28d9c452dfa77e8a061791158bb851681550c889e579a0acc4cb0ff2c86

Cheers,

Steve
Twitter: @sanesecurityhttps://fosstodon.org/@sanesecurity
Sanesecurity.com
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


Tim, it's not heavy write a own bash/sh script - to apply code to execute in 
cronjob isn't the best way.
Write a small script and this start with your cronjob - that's all.

If i can help, then i will do this.

I had at the beginning clamTK too, but the complete tool didn't work here (but 
for some other reasons I know now) so I removed and set up all manually, it's 
little work but you learn much of clamav and bash/sh scripting - you can trust 
in me, it's simpler than it's maybe sounds.

kind regards,
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 20:02 (at 08:02 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

On Wed, 2023-03-22 at 18:15 +, newcomer01 via clamav-users wrote:

äähhmmm why you escape the slash? This is not needed.

I didn't set that it was done by ClamTK (the GUI Interface) not me. so
from the pointers you gave (Marc) ClamTK has bugs? and I should just
schedule the cronjob manually?
I did appreciate the suggestions too Marc, I'm just trying to use Clam
via the GUI (ClamTK) and not having a lot of luck :-(
Thanks for the help so far!



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

On Wed, 2023-03-22 at 18:15 +, newcomer01 via clamav-users wrote:
> äähhmmm why you escape the slash? This is not needed.
I didn't set that it was done by ClamTK (the GUI Interface) not me. so
from the pointers you gave (Marc) ClamTK has bugs? and I should just
schedule the cronjob manually? 
I did appreciate the suggestions too Marc, I'm just trying to use Clam
via the GUI (ClamTK) and not having a lot of luck :-( 
Thanks for the help so far! 

-- 
Tim McConnell 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


and please refer the clamscan --help
--detect-pua needs "=yes/no"


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


Additional: if you really want only to exclude didn't use the "-dir" 
parameters, with this I had lot of trouble in the past.

Use instead --exclude="^/home/Folder/Folder/..." and yes, you always need the 
complete path!


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


__

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


Hi Tim,

äähhmmm why you escape the slash? This is not needed.
Try to set follow:

--include="^/home/Folder/Folder/Folder/..." ends up with slash!

Its better to include as to exclude much more then include.
All Path's starts with --include="^/home/..." will be scanned and all others 
not.
Please do not mix --include and --exclude, with this i had lot of trouble in 
the past.
I would also prefer to search with --recursive="yes", this means go in depth as 
possible for the given Path.


kind greetings
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Ma

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

Thanks Micah, 
This is for Home use so that might be like hunting flies with a Nuclear
Warhead. 
For what it's worth, I did get the scan to complete in 15 hours. Okay
well it is a big drive. Now I have a real question: 
Using ClamTK to schedule a scan, How do I exclude a Directory? I've
tried Whitelisting but it doesn't skip the scan for those DIRs. 
The Cron Job email shows the command it's running as: 
/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses --exclude-
dir=\/home\/tmick\/Documents\/ACI\ Learning --exclude-
dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning --exclude-
dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k --exclude-
dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs --exclude-
dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-
dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -
r /home/tmick --log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log"
2>/dev/null # clamtk-scan
-- 
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks! 


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-
users wrote:
> >  by the way: if you find another anti-virus for linux without using
> > the terminal (with GUI), let me know, have searched really long
> > time and found nothing (freeware or commerical).
> > some companies (e.g eset) had linux version but now they stopped
> > the development.
> 
> If you need something for a business, Cisco Secure Endpoint has
> clients for Linux, Mac, and Windows. It is a cloud-based security
> suite so you basically login to console.amp.cisco.com and can monitor
> all of your connected clients for suspicious behavior.  The Linux and
> Mac clients use clamav for offline scans, but mostly use other
> methods for malware detection.  
> 
> Here's a link if you're
> interested: https://www.cisco.com/site/us/en/products/security/endpoi
> nt-security/secure-endpoint/index.html
> 
> TBH I think that the Secure Endpoint website is kind of garbage as it
> has a lot of jargon that won't make sense to your average person
> looking for an AV solution.  But it is basically a type of AV
> solution built to protect enterprise network computers.
> 
> The "live demo" will show you want the admin dashboard looks like. 
> It's pretty cool, but maybe a bit overwhelming. 
> 
> Regards,
> Micah
> 
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> From: clamav-users  on behalf
> of newcomer01 via clamav-users 
> Sent: Sunday, March 19, 2023 12:12 PM
> To: Tim McConnell via clamav-users 
> Cc: newcomer01 
> Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>  
> Hi again,
> 
> clamonacc you didn't really need.
> Here i do not have this, i scan normally every 2 hours my e-mails and
> only on sunday my computer.
> we are on linux., linux isn't so much effected for virsuses or
> something.
> by the way: if you find another anti-virus for linux without using
> the terminal (with GUI), let me know, have searched really long time
> and found nothing (freeware or commerical).
> some companies (e.g eset) had linux version but now they stopped the
> development.
> 
> kind greetings
> Marc
> 
> Von / From: Clamav User Mailinglist
> 
> An / To: Newcomer01 
> CC / CC: Tim Mcconnell 
> Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > Hi Marc,
> > So apparently it was a bug(?) in ClamTK. The errors have gone away
> > (for
> > now). The big problem is I want Clam to do what Clamonacc does so
> > removing it shouldn't be an option? I want it to run at certain
> > times
> > to check for malicious files, etc. I'll re-enable the schedule via
> > Clam
> > TK and see if it still hogs the CPU.
> > If it does I may have to find another AV solution.
> >    
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

2023-03-22 Thread newcomer01 via clamav-users


Hi Paul,

yes, submit all files. Maybe ClamAV need different Phising - Sigs for each file 
or something ...
For my submitted file, ClamAV currently not warn ...

kind greetings
Marc


Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Paul Kosinski 
Gesendet / Sent: Mittwoch, März 22, 2023 um 18:35 (at 06:35 PM) +0100
Betreff / Subject: Re: [clamav-users] Be wary of emails with attachments 
targeting clamav-users list members

I have just started getting these claiming to be relevant to ClamAV, but I have 
*also* been receiving this sort of thing claiming to be from the Firefox ESR 
list for months now.

I am posting (one of) the HTMLs "about" ClamAV to 
https://www.clamav.net/reports/malware. Should I also post (one of) the Firefox phishes? 
(In fact, I have several of each, but it quickly gets tedious.)



On Wed, 22 Mar 2023 16:48:32 +
"Micah Snyder \(micasnyd\) via clamav-users"  
wrote:


All,

Some users have reported receiving emails that appear to be a reply to a 
clamav-users mailing list thread but are in fact a phishing attempt have 
attached malware.

Most recently, Marc reported receiving an email that appeared to be a reply to 
an older clamav-users mailing list thread but was in fact a direct email 
targeting him.  It had this fairly generic phishing text:

"Would you please look through the last agreement? I have attached some extra 
details about it."

The attached file was some small HTML file containing malicious obfuscated 
javascript.

This isn't the first time we've heard of this type of phishing using our 
mailing list archives. Please be careful when you see any sort of attachment, 
even if it appears to be from this community.

If you receive this sort of phishing email, please report the attached HTML 
file to https://www.clamav.net/reports/malware

Regards,
Micah



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

2023-03-22 Thread Paul Kosinski via clamav-users

I have just started getting these claiming to be relevant to ClamAV, but I have 
*also* been receiving this sort of thing claiming to be from the Firefox ESR 
list for months now.

I am posting (one of) the HTMLs "about" ClamAV to 
https://www.clamav.net/reports/malware. Should I also post (one of) the Firefox 
phishes? (In fact, I have several of each, but it quickly gets tedious.)



On Wed, 22 Mar 2023 16:48:32 +
"Micah Snyder \(micasnyd\) via clamav-users"  
wrote:

> All,
> 
> Some users have reported receiving emails that appear to be a reply to a 
> clamav-users mailing list thread but are in fact a phishing attempt have 
> attached malware.
> 
> Most recently, Marc reported receiving an email that appeared to be a reply 
> to an older clamav-users mailing list thread but was in fact a direct email 
> targeting him.  It had this fairly generic phishing text:
> 
> "Would you please look through the last agreement? I have attached some extra 
> details about it."
> 
> The attached file was some small HTML file containing malicious obfuscated 
> javascript.
> 
> This isn't the first time we've heard of this type of phishing using our 
> mailing list archives. Please be careful when you see any sort of attachment, 
> even if it appears to be from this community.
> 
> If you receive this sort of phishing email, please report the attached HTML 
> file to https://www.clamav.net/reports/malware
> 
> Regards,
> Micah
> 
> 
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Micah Snyder (micasnyd) via clamav-users

> by the way: if you find another anti-virus for linux without using the 
> terminal (with GUI), let me know, have searched really long time and found 
> nothing (freeware or commerical).
> some companies (e.g eset) had linux version but now they stopped the 
> development.

If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


From: clamav-users  on behalf of 
newcomer01 via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Hi Marc,
> So apparently it was a bug(?) in ClamTK. The errors have gone away (for
> now). The big problem is I want Clam to do what Clamonacc does so
> removing it shouldn't be an option? I want it to run at certain times
> to check for malicious files, etc. I'll re-enable the schedule via Clam
> TK and see if it still hogs the CPU.
> If it does I may have to find another AV solution.
>

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] Be wary of emails with attachments targeting clamav-users list members

2023-03-22 Thread Micah Snyder (micasnyd) via clamav-users

All,

Some users have reported receiving emails that appear to be a reply to a 
clamav-users mailing list thread but are in fact a phishing attempt have 
attached malware.

Most recently, Marc reported receiving an email that appeared to be a reply to 
an older clamav-users mailing list thread but was in fact a direct email 
targeting him.  It had this fairly generic phishing text:

"Would you please look through the last agreement? I have attached some extra 
details about it."

The attached file was some small HTML file containing malicious obfuscated 
javascript.

This isn't the first time we've heard of this type of phishing using our 
mailing list archives. Please be careful when you see any sort of attachment, 
even if it appears to be from this community.

If you receive this sort of phishing email, please report the attached HTML 
file to https://www.clamav.net/reports/malware

Regards,
Micah



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Musc via clamav-users


On 3/22/23 6:22 AM, Andrew C Aitchison via clamav-users wrote:

be careful to make sure false positives do no harm,


I've had so many positives that I couldn't examine them all.  Does this 
happen to others?  What do you do for that?



and remember that false negatives do happen frequently


How do we become aware of false negatives?


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Funny --include-dir behaviour

2023-03-22 Thread Marc via clamav-users


Sorry, the attachment i will not open!

You send over an .de Domain and the descriptions are in french only and 
contanins ONLY javascript Codes!

NO!

@Admin: maybe we should block the user from list?

Von / From: Clamav Users Ml 
An / To: Newcomer01 
Gesendet / Sent: Mittwoch, März 22, 2023 um 14:14 (at 02:14 PM) +0100
Betreff / Subject: Re: [clamav-users] Funny --include-dir behaviour


Would you please look through the last agreement? I have attached some extra 
details about it.

--
Hi,

For
>        nice -n -20 clamscan \
> --include-dir="^/home/$SUDO_USER/.thunderbird/Marc/Mail/" \
>        --recursive="yes" \
>        --quiet \
>        --infected \
>        --alert-broken-media="no" \
>        --database="/var/lib/clamav" \
>        --log="/var/log/clamav/clamscan.log"
>        #--move="/etc/clamav/virusevent.d/Mail"

what is your current directory?  Since none is specified, the current directory 
is chosen, so if you aren't in a parent directory of Mail, it will not be 
scanned.

Thanks,
Andy

--
*From:* clamav-users on behalf of newcomer01 via clamav-users
*Sent:* Monday, February 13, 2023 4:51 AM
*To:* ClamAV User Mailinglist
*Cc:* newcomer01
*Subject:* [clamav-users] Funny --include-dir behaviour
this is hilarious, why this won't work?
>        nice -n -20 clamscan \
> --include-dir="^/home/$SUDO_USER/.thunderbird/Marc/Mail/" \
>        --recursive="yes" \
>        --quiet \
>        --infected \
>        --alert-broken-media="no" \
>        --database="/var/lib/clamav" \
>        --log="/var/log/clamav/clamscan.log"
>        #--move="/etc/clamav/virusevent.d/Mail"
this should scan only the included path recursive

But when i do this:
>        nice -n -20 clamscan \
>        "/home/$SUDO_USER/.thunderbird/Marc/Mail" \
>        --recursive="yes" \
>        --quiet \
>        --infected \
>        --alert-broken-media="no" \
>        --database="/var/lib/clamav" \
>        --log="/var/log/clamav/clamscan.log"
>        #--move="/etc/clamav/virusevent.d/Mail"
it worked well.
Can someone explain what's the reason for this?
Oh and the var SUDO_USER is the whoami

regards,
Marc

___

Manage your clamav-users mailing list subscription / unsubscribe:



Help us build a comprehensive ClamAV guide:





___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Andrew C Aitchison via clamav-users




[ My previous reply did not reach the list, for reasons I do understand. ]

On Tue, 21 Mar 2023, Tim McConnell wrote:


Hi Andrew,
So maybe I'm mis understanding something. I'm expecting the scan to run
once daily at 01:00. Is that not what clamonacc does? I keep getting
told to remove it but Debian installed it as a dependency so what's
going to break if I do?


It looks as though the clamav-daemon package contains two daemons,
clamonacc and clamd. You *probably* do want clamd: it runs permanently,
taking up about 1.2 gigabytes of memory and provides a malware 
scanning service that saves about 15 seconds start up time on every scan.
Not significant when you run a full disk scan, but if you do a single scan 
file from time to time it does make a difference.


There is a third ClamAV daemon - clamav-freshclam which keeps the 
virus database up to date; you certainly want that one too.



As for the question: "Do you have a plan for what you will do when it
finds a potentially malicious file ?"
Yes I will analyze it and if it is a malicious file I will remove it
after sending it to ClamAV (in case it's new)after Googling how to
safely remove it.


Good. There are options to automatically delete or quarantine suspect 
files; either can stop you system from working or destroy data.



I'm still baffled by the Whitelist not working in ClamTK but I think if
I create a cronjob manually to run instead of the scheduled task from
ClamTK I can get those DIRs to be ignored and hopefully speed up the
scan?


I have never used ClamTK.
Running clamscan or clamdscan, from cron, on selected directory trees
makes sense, but do be careful to make sure false positives do no harm,
and remember that false negatives do happen frequently, so a clean scan
result proves little.



Thanks,

--
Tim McConnell 


On Sun, 2023-03-19 at 21:40 +, Andrew C Aitchison wrote:

On Sun, 19 Mar 2023, Tim McConnell via clamav-users wrote:


Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away
(for
now).



The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option?
I want it to run at certain times to check for malicious files,
etc.


That is not what clamonacc does. clamonacc scans each file as it is
accesses by some other process (reaf, write or both). The name means
CLAM scan ON ACCess.

Do you have a plan for what you will do when it finds a potentially
malicious file ? It is very important that you think catefully about
that.


I'll re-enable the schedule via ClamTK and see if it still hogs the
CPU.
If it does I may have to find another AV solution.


How long does it taketo scan a terabtye disk ?
If it is full of little files (smaller than MaxScanSize and
MaxFileSize)
it will have to read the whole disk at the very least.





--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

Re: [clamav-users] Be wary of emails with attachments targeting clamav-users list members

Re: [clamav-users] How to get rid of or Fix clamonacc error

[clamav-users] Be wary of emails with attachments targeting clamav-users list members

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] Funny --include-dir behaviour

Re: [clamav-users] How to get rid of or Fix clamonacc error

19 matches

Site Navigation

Mail list logo

Footer information