Re: [clamav-users] Help With clamscan vs clamdscan
Yep. That's fine. /tmp or /var/tmp (or /run) is usually where it goes anyway. Welcome to the ClamAV club :) On Mon, Aug 20, 2018 at 7:45 PM Michael Newman wrote: > > On Aug 20, 2018, at 23:00, *Maarten Broekman* wrote: > > > For clamdscan to work you need to enable LocalSocket at the very least. > > > Thank you. I had no idea what a socket was. Now I know. > > I didn’t know where to put it, so I tried this: > > LocalSocket /var/tmp/clamd.socket > > It seems to have worked and now I can run clamdscan. I hope that’s OK. > > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Help With clamscan vs clamdscan
> On Aug 20, 2018, at 23:00, Maarten Broekman wrote: > > For clamdscan to work you need to enable LocalSocket at the very least. Thank you. I had no idea what a socket was. Now I know. I didn’t know where to put it, so I tried this: LocalSocket /var/tmp/clamd.socket It seems to have worked and now I can run clamdscan. I hope that’s OK. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Help With clamscan vs clamdscan
For clamdscan to work you need to enable LocalSocket at the very least. On Mon, Aug 20, 2018 at 5:32 PM Michael Newman wrote: > > On Aug 20, 2018, at 23:00, Al Varnell wrote: > > > Please post the results of the following Terminal Command: > > sudo clamconf > > > MrMuscle:~ mnewman$ sudo clamconf > Password: > Checking configuration files in /opt/local/etc > > Config file: clamd.conf > --- > BlockMax disabled > PreludeEnable disabled > PreludeAnalyzerName disabled > LogFile disabled > LogFileUnlock disabled > LogFileMaxSize = "1048576" > LogTime disabled > LogClean disabled > LogSyslog disabled > LogFacility = "LOG_LOCAL6" > LogVerbose disabled > LogRotate disabled > ExtendedDetectionInfo disabled > PidFile disabled > TemporaryDirectory disabled > DatabaseDirectory = "/opt/local/share/clamav" > OfficialDatabaseOnly disabled > LocalSocket disabled > LocalSocketGroup disabled > LocalSocketMode disabled > FixStaleSocket = "yes" > TCPSocket disabled > TCPAddr disabled > MaxConnectionQueueLength = "200" > StreamMaxLength = "26214400" > StreamMinPort = "1024" > StreamMaxPort = "2048" > MaxThreads = "10" > ReadTimeout = "120" > CommandReadTimeout = "5" > SendBufTimeout = "500" > MaxQueue = "100" > IdleTimeout = "30" > ExcludePath disabled > MaxDirectoryRecursion = "15" > FollowDirectorySymlinks disabled > FollowFileSymlinks disabled > CrossFilesystems = "yes" > SelfCheck = "600" > DisableCache disabled > VirusEvent disabled > ExitOnOOM disabled > AllowAllMatchScan = "yes" > Foreground disabled > Debug disabled > LeaveTemporaryFiles disabled > User disabled > Bytecode = "yes" > BytecodeSecurity = "TrustSigned" > BytecodeTimeout = "5000" > BytecodeUnsigned disabled > BytecodeMode = "Auto" > DetectPUA disabled > ExcludePUA disabled > IncludePUA disabled > AlgorithmicDetection = "yes" > ScanPE = "yes" > ScanELF = "yes" > DetectBrokenExecutables disabled > ScanMail = "yes" > ScanPartialMessages disabled > PhishingSignatures = "yes" > PhishingScanURLs = "yes" > PhishingAlwaysBlockCloak disabled > PhishingAlwaysBlockSSLMismatch disabled > PartitionIntersection disabled > HeuristicScanPrecedence disabled > StructuredDataDetection disabled > StructuredMinCreditCardCount = "3" > StructuredMinSSNCount = "3" > StructuredSSNFormatNormal = "yes" > StructuredSSNFormatStripped disabled > ScanHTML = "yes" > ScanOLE2 = "yes" > OLE2BlockMacros disabled > ScanPDF = "yes" > ScanSWF = "yes" > ScanXMLDOCS = "yes" > ScanHWP3 = "yes" > ScanArchive = "yes" > ArchiveBlockEncrypted disabled > ForceToDisk disabled > MaxScanSize = "104857600" > MaxFileSize = "26214400" > MaxRecursion = "16" > MaxFiles = "1" > MaxEmbeddedPE = "10485760" > MaxHTMLNormalize = "10485760" > MaxHTMLNoTags = "2097152" > MaxScriptNormalize = "5242880" > MaxZipTypeRcg = "1048576" > MaxPartitions = "50" > MaxIconsPE = "100" > MaxRecHWP3 = "16" > PCREMatchLimit = "10" > PCRERecMatchLimit = "5000" > PCREMaxFileSize = "26214400" > ScanOnAccess disabled > OnAccessMountPath disabled > OnAccessIncludePath disabled > OnAccessExcludePath disabled > OnAccessExcludeRootUID disabled > OnAccessExcludeUID disabled > OnAccessMaxFileSize = "5242880" > OnAccessDisableDDD disabled > OnAccessPrevention disabled > OnAccessExtraScanning disabled > DevACOnly disabled > DevACDepth disabled > DevPerformance disabled > DevLiblog disabled > DisableCertCheck disabled > > Config file: freshclam.conf > --- > LogFileMaxSize = "1048576" > LogTime disabled > LogSyslog disabled > LogFacility = "LOG_LOCAL6" > LogVerbose disabled > LogRotate disabled > PidFile disabled > DatabaseDirectory = "/opt/local/share/clamav" > Foreground disabled > Debug disabled > UpdateLogFile disabled > DatabaseOwner = "clamav" > Checks = "12" > DNSDatabaseInfo = "current.cvd.clamav.net" > DatabaseMirror = "db.TH.clamav.net", "database.clamav.net" > PrivateMirror disabled > MaxAttempts = "3" > ScriptedUpdates = "yes" > TestDatabases = "yes" > CompressLocalDatabase disabled > ExtraDatabase disabled > DatabaseCustomURL disabled > HTTPProxyServer disabled > HTTPProxyPort disabled > HTTPProxyUsername disabled > HTTPProxyPassword disabled > HTTPUserAgent disabled > NotifyClamd = "/opt/local/etc/clamd.conf" > OnUpdateExecute disabled > OnErrorExecute disabled > OnOutdatedExecute disabled > LocalIPAddress disabled > ConnectTimeout = "30" > ReceiveTimeout = "30" > SafeBrowsing disabled > Bytecode = "yes" > > clamav-milter.conf not found > > Software settings > - > Version: 0.100.1 > Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 > ICONV RAR > > Database information > > Database directory: /opt/local/share/clamav > daily.cvd: version 24859, sigs: 2055376, built on Mon Aug 20 15:44:44 2018 > main.cvd: version 58, sigs: 4566249, built on Thu Jun 8 04:38:10 2017 > bytecode.cvd: version 327, sigs: 91, built on Thu Aug 9 07:43:48 2018 > Total number of signatures: 6621716 > > Platform information > ---
Re: [clamav-users] Help With clamscan vs clamdscan
> On Aug 20, 2018, at 23:00, Al Varnell wrote: > > Please post the results of the following Terminal Command: > > sudo clamconf MrMuscle:~ mnewman$ sudo clamconf Password: Checking configuration files in /opt/local/etc Config file: clamd.conf --- BlockMax disabled PreludeEnable disabled PreludeAnalyzerName disabled LogFile disabled LogFileUnlock disabled LogFileMaxSize = "1048576" LogTime disabled LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled ExtendedDetectionInfo disabled PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/opt/local/share/clamav" OfficialDatabaseOnly disabled LocalSocket disabled LocalSocketGroup disabled LocalSocketMode disabled FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "200" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "10" ReadTimeout = "120" CommandReadTimeout = "5" SendBufTimeout = "500" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User disabled Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "5000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "1" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "10" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --- LogFileMaxSize = "1048576" LogTime disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled PidFile disabled DatabaseDirectory = "/opt/local/share/clamav" Foreground disabled Debug disabled UpdateLogFile disabled DatabaseOwner = "clamav" Checks = "12" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.TH.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "3" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/opt/local/etc/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SafeBrowsing disabled Bytecode = "yes" clamav-milter.conf not found Software settings - Version: 0.100.1 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV RAR Database information Database directory: /opt/local/share/clamav daily.cvd: version 24859, sigs: 2055376, built on Mon Aug 20 15:44:44 2018 main.cvd: version 58, sigs: 4566249, built on Thu Jun 8 04:38:10 2017 bytecode.cvd: version 327, sigs: 91, built on Thu Aug 9 07:43:48 2018 Total number of signatures: 6621716 Platform information uname: Darwin 17.7.0 Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT 2018; root x86_64 OS: darwin17.6.0, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x04235c5c08040201 Build information - Clang: 4.2.1 Compatible Apple LLVM 9.1.0 (clang-902.0.39.2) (4.2.1) CPPFLAGS: -I/opt/local/include -I/opt/local/include CFLAGS: -pipe -Os -arch x86_64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS
Re: [clamav-users] Help With clamscan vs clamdscan
Hello, Am 20.08.2018 um 13:05 schrieb Matus UHLAR - fantomas: On 20.08.18 17:55, Michael Newman wrote: clamd is running: MrMuscle:~ mnewman$ ps -A | grep -m1 clamd 31610 ?? 0:10.14 clamd When I run clamscan it works and detects a known problem. But, when I run clamdscan on the same directory, it just instantly stops without scanning. What have I done wrong? MrMuscle:~ mnewman$ clamdscan -i ~/bin --- SCAN SUMMARY --- Infected files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s) clamd is running under a user that must have read/execude permissions for your ~/bin directory. yes, and files itself should be readable. But may be you hit the same problem like me a few das ago: http://lists.clamav.net/pipermail/clamav-users/2018-August/006712.html Hajo ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Help With clamscan vs clamdscan
On 20.08.18 17:55, Michael Newman wrote: clamd is running: MrMuscle:~ mnewman$ ps -A | grep -m1 clamd 31610 ?? 0:10.14 clamd When I run clamscan it works and detects a known problem. But, when I run clamdscan on the same directory, it just instantly stops without scanning. What have I done wrong? MrMuscle:~ mnewman$ clamdscan -i ~/bin --- SCAN SUMMARY --- Infected files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s) clamd is running under a user that must have read/execude permissions for your ~/bin directory. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Help With clamscan vs clamdscan
Check the logs and config files. Clamscan loads the databases itself before running. It does not need clamd to be running in order to work. Clamdscan attempts to use a socket to talk with clamd for the scanning of files. If there is an error, one of two things is happening: Either the permissions on the socket aren’t allow clamdscan (as you) to use it, Or clamd isn’t listening on it. Maarten Sent from a tiny keyboard > On Aug 20, 2018, at 06:55, Michael Newman wrote: > > Mac 10.13.6 > > clamd is running: > > MrMuscle:~ mnewman$ ps -A | grep -m1 clamd > 31610 ?? 0:10.14 clamd > > When I run clamscan it works and detects a known problem. > > But, when I run clamdscan on the same directory, it just instantly stops > without scanning. > > What have I done wrong? > > MrMuscle:~ mnewman$ clamscan -i ~/bin > /Users/mnewman/bin/wacaw: Osx.Malware.Agent-1760787 FOUND > > --- SCAN SUMMARY --- > Known viruses: 6615382 > Engine version: 0.100.1 > Scanned directories: 1 > Scanned files: 58 > Infected files: 1 > Data scanned: 0.24 MB > Data read: 0.18 MB (ratio 1.30:1) > Time: 10.544 sec (0 m 10 s) > > MrMuscle:~ mnewman$ clamdscan -i ~/bin > > --- SCAN SUMMARY --- > Infected files: 0 > Total errors: 1 > Time: 0.000 sec (0 m 0 s) > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Help With clamscan vs clamdscan
Please post the results of the following Terminal Command: sudo clamconf -Al- On Mon, Aug 20, 2018 at 03:55 AM, Michael Newman wrote: > Mac 10.13.6 > > clamd is running: > > MrMuscle:~ mnewman$ ps -A | grep -m1 clamd > 31610 ?? 0:10.14 clamd > > When I run clamscan it works and detects a known problem. > > But, when I run clamdscan on the same directory, it just instantly stops > without scanning. > > What have I done wrong? > > MrMuscle:~ mnewman$ clamscan -i ~/bin > /Users/mnewman/bin/wacaw: Osx.Malware.Agent-1760787 FOUND > > --- SCAN SUMMARY --- > Known viruses: 6615382 > Engine version: 0.100.1 > Scanned directories: 1 > Scanned files: 58 > Infected files: 1 > Data scanned: 0.24 MB > Data read: 0.18 MB (ratio 1.30:1) > Time: 10.544 sec (0 m 10 s) > > MrMuscle:~ mnewman$ clamdscan -i ~/bin > > --- SCAN SUMMARY --- > Infected files: 0 > Total errors: 1 > Time: 0.000 sec (0 m 0 s) smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Help With clamscan vs clamdscan
Mac 10.13.6 clamd is running: MrMuscle:~ mnewman$ ps -A | grep -m1 clamd 31610 ?? 0:10.14 clamd When I run clamscan it works and detects a known problem. But, when I run clamdscan on the same directory, it just instantly stops without scanning. What have I done wrong? MrMuscle:~ mnewman$ clamscan -i ~/bin /Users/mnewman/bin/wacaw: Osx.Malware.Agent-1760787 FOUND --- SCAN SUMMARY --- Known viruses: 6615382 Engine version: 0.100.1 Scanned directories: 1 Scanned files: 58 Infected files: 1 Data scanned: 0.24 MB Data read: 0.18 MB (ratio 1.30:1) Time: 10.544 sec (0 m 10 s) MrMuscle:~ mnewman$ clamdscan -i ~/bin --- SCAN SUMMARY --- Infected files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s) ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
