On 1/26/20 3:33 PM, Eduardo Lúcio Amorim Costa wrote:
People,Taking into account this statement by G.W. Haywood..."Assuming the package maintainer has not lost his sanity, the service will be configured simply to report findings (for example by logging a message to a system log and, if you use a command-line tool, printing a message on the tty/terminal/whatever)."... and I have one last question (it may sound stupid =D )...Is it correct to assume that the "clamd@scan" service, once started, can find threats that already exist on my server? I explain better! Suppose that on my file system I already had a malicious file - identifiable as a threat by ClamAV's heuristics - before my ClamAV installation waiting to be executed by someone unsuspecting. Is it correct to assume that the "clamd@scan" service in its normal operation will eventually find that threat and notify me (log, mail, etc...)?
No, clamd will only process files passed to it from some other program like clamdscan or clamav-milter. I think you really need to read more of the documentation to understand what clamd and friends do.
Thanks! =DEm dom., 26 de jan. de 2020 às 17:27, Eduardo Lúcio Amorim Costa <[email protected] <mailto:[email protected]>> escreveu:Gentlemen, I found your answers very useful, so I took the liberty of publishing them on the thread I opened about the problem on the internet ( https://unix.stackexchange.com/a/564223/61742 ). If you do not want this content to continue to be published, please let me know so I can delete it. Thanks! =D Em dom., 26 de jan. de 2020 às 08:12, G.W. Haywood via clamav-users <[email protected] <mailto:[email protected]>> escreveu: Hi there, On Sat, 25 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote: > *QUESTION:* What does the "clamav@scan" service do by default if it finds > threats? I do not know exactly which package you are using. The behaviour of the service provided by a package will depend on how it was configured by the package provider. Assuming the package maintainer has not lost his sanity, the service will be configured simply to report findings (for example by logging a message to a system log and, if you use a command-line tool, printing a message on the tty/terminal/whatever). Read the documentation on the ClamAV Website for more information: http://www.clamav.net/documents/clam-antivirus-user-manual Copies and parodies of ClamAV documentation elsewhere on the Internet can be out of date, misleading, sometimes incorrect, and occasionally downright dangerous. > *FURTHER QUESTION:* I would like ClamAV to have the "classic" behavior of > an antivirus engine, that is, remove threats automatically. If he doesn't > do this by default what should I do to make him do it? Read the part which says "Be careful!" If you have not yet found that part, keep reading until you do. > *NOTES:* > *I* - The operating system of choice was CentOS 7 and the process used is > described in this tutorial > https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/ Generally speaking I recommend that you avoid tutorials like this because they tend to make decisions for you without the benefit of information about your situation which only you can have. I recommend that you do NOT attempt to automate threat removal on any Linux system without very careful consideration. Careless use of ClamAV on a Linux system will do more harm than good. In particular, this tutorial will have you scan locations in the filesystem which can not safely be scanned with ClamAV, nor with any anti-virus tool. Keep in mind that, even in a minimal installation, ClamAV scans for much more than just viruses and malware and that the false positive rate is never zero. I feel that you do not at present understand the issues well enough to consider them sufficiently carefully. I have been using ClamAV for many years, on hundreds of Linux systems. Perhaps this is mainly because of good hygiene but I have not yet seen ClamAV find a Linux virus, nor Linux malware, nor Linux rootkit on any Linux system. I should be pleased if anyone who has will report, here on this list, what they have found, when they found it, and how they think it got there. Any Linux system which has been compromised is a danger, and my advice would be to rebuild it from scratch.--73, Ged. _______________________________________________ clamav-users mailing list [email protected] <mailto:[email protected]> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml-- *Eduardo Lúcio*LightBase Consultoria em Software Público [email protected] <mailto:[email protected]> *+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF* ** /*Software livre! Abrace essa idéia!*/** */"Aqueles que negam liberdade aos outros não a merecem para si mesmos."/* */Abraham Lincoln /* -- *Eduardo Lúcio* LightBase Consultoria em Software Público [email protected] <mailto:[email protected]> *+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF* ** /*Software livre! Abrace essa idéia!*/** */"Aqueles que negam liberdade aos outros não a merecem para si mesmos."/* */Abraham Lincoln /*
-- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 https://www.nwra.com/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
