Hi Marc & Andrew, Okay now I'm really confused :-( If I add what Andrew suggests it complains about "/usr/bin/clamscan: unrecognized option" and points to the exclude thing. The $EXCLUDE= getting removed fixes that and then gives this output: $ ./clammy.sh Loading: 58s, ETA: 0s [========================>] 8.66M/8.66M sigs Compiling: 11s, ETA: 0s [========================>] 41/41 tasks
/home/tmick/package-lock.json: OK /home/tmick/.profile: OK /home/tmick/.signature: OK /home/tmick/.aspell.en.prepl: OK /home/tmick/.gitconfig: OK /home/tmick/.bash_logout: OK /home/tmick/.debian11.draft.txt: OK /home/tmick/.mailcap: OK /home/tmick/.lesshst: OK /home/tmick/.steampath: Symbolic link /home/tmick/test.db: Empty file /home/tmick/.reportbugrc: OK /home/tmick/.lightyears.cfg: OK /home/tmick/.aspell.en.pws: OK /home/tmick/.Xauthority: OK /home/tmick/.face: OK /home/tmick/package.json: OK /home/tmick/.bash_history: OK /home/tmick/.boxes-unknown.draft.txt: OK /home/tmick/.pdsettings: OK /home/tmick/mysqlaccess.log: Empty file /home/tmick/journalctl-error.txt: Access denied /home/tmick/clammy.sh: OK /home/tmick/.selected_editor: OK /home/tmick/.xsession-errors.old: OK /home/tmick/.python_history: OK /home/tmick/.sudo_as_admin_successful: Empty file /home/tmick/.xsession-errors: OK /home/tmick/.dmrc: OK /home/tmick/firstDB.cfuJ: OK /home/tmick/.bashrc: OK /home/tmick/.gnomenightly.draft.txt: OK /home/tmick/.isag.cfg: OK /home/tmick/.steampid: Symbolic link /home/tmick/.wget-hsts: OK /home/tmick/.mysql_history: OK /home/tmick/mysql.db: Empty file ----------- SCAN SUMMARY ----------- Known viruses: 8659055 Engine version: 1.0.1 Scanned directories: 1 Scanned files: 30 Infected files: 0 Total errors: 1 Data scanned: 14.33 MB Data read: 29.42 MB (ratio 0.49:1) Time: 78.193 sec (1 m 18 s) Start Date: 2023:03:24 11:52:59 End Date: 2023:03:24 11:54:17 ./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No such file or directory (which is correct, I haven't gotten that far yet.) ./clammy.sh: line 10: --detect-pua: command not found (HUNH? The man pages says it's a command?) And the History in ClamTK shows: ----------------------------------------------------------------------- -------- WARNING: ^/home/tmick/.clamtk/viruses: Can't access file WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access file WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't access file WARNING: ^/home/tmick/Nextcloud/*: Can't access file WARNING: /run/user/tmick/gvfs: Can't access file WARNING: ^.evolution: Can't access file and the directories I'm trying to exclude are still scanned? I'm using Debian Bookworm and the man pages (Debian README.zip also) state there are changes from the "upstream version". But the script does run. Thanks for the advice given so far. -- Tim McConnell <tmcconnell...@gmail.com> On Fri, 2023-03-24 at 07:38 +0000, Andrew C Aitchison wrote: > On Thu, 23 Mar 2023, Tim McConnell via clamav-users wrote: > > > Okay Marc, > > I came up with this: > > #/bin/bash > > declare clammy.sh > > > > PATH=/bin:/usr/bin:/sbin:/usr/sbin > > > > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \ > > --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \ > > --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to > > exclude everything in ACI_Learning dir > > --exclude="^/home/tmick/Nextcloud/" # Try to exclude everything > > under Nextcloud dir > > --exclude="^/run/user/tmick/gvfs/" \ > > --exclude="^/home/tmick/.gvfs/" \ > > --exclude="^/home/tmick/.evolution" \ > > --detect-pua="yes" \ > > --recursive="yes" \ > > --quiet \ > > --infected \ > > --database="/etc/clamav/freshclam.conf" \ > > --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log > > until I'm sure this works :-) > > You need \ at the end of *every* line of the command, which means you > cannot have comments if you do it that way. > > #/bin/bash > declare clammy.sh > > PATH=/bin:/usr/bin:/sbin:/usr/sbin > > EXCLUDE="--exclude ='^/home/tmick/.clamtk/viruses/'" > EXCLUDE="$EXCLUDE -- > exclude='^/home/tmick/Documents/ACI_Learning/CEH/'" > EXCLUDE="$EXCLUDE -- > exclude='^/home/tmick/Nextcloud/Documents/ACI_Learning/'" # Try to > exclude everything in ACI_Learning dir > EXCLUDE="$EXCLUDE --exclude='^/home/tmick/Nextcloud/'" # Try to > exclude everything under Nextcloud dir > EXCLUDE="$EXCLUDE --exclude='^/run/user/tmick/gvfs/'" > EXCLUDE="$EXCLUDE --exclude='^/home/tmick/.gvfs/'" > EXCLUDE="$EXCLUDE --exclude='^/home/tmick/.evolution" > > /usr/bin/clamscan $EXCLUDE \ > --detect-pua="yes" \ > --recursive="yes" \ > --quiet \ > --infected \ > --database="/etc/clamav/freshclam.conf" \ > --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log > until I'm sure this works :-) > > I have changed the quotes so that $EXCLUDE is inside "" rather than > ''. > Without that it would not be expanded. > > I do not see mention of which directory to start scanning from. > > > Tim McConnell <tmcconnell...@gmail.com> > > > > > > On Thu, 2023-03-23 at 02:01 +0000, newcomer01 via clamav-users > > wrote: > > > try this, but check my ** COMMENTS ** please > > > > > > --- > > > > > > #!/bin/bash > > > > > > PATH=/bin:/usr/bin:/sbin:/usr/sbin > > > > > > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \ > > > --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \ > > > --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" ** > > > HERE I > > > DON'T KNOW WHAT YOU TRY TO MATCH ** \ > > > --exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \ > > > --exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \ > > > --exclude="^/run/user/tmick/gvfs/" \ -- > > > exclude="^/home/tmick/.gvfs/" > > > \ > > > --exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH ** > > > --exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE > > > PATH > > > ** > > > --exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH ** > > > --exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO ** > > > --detect-pua="yes" \ > > > --recursive="yes" \ > > > --quiet \ > > > --infected \ > > > --database="PATH TO YOUR LIBS/" \ > > > --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" > > > ** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY > > > (THIS > > > I DO) ** > > > #--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER" > > > #--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER" > > > #--remove="yes/no" > > --move and --remove=yes are *definitely* dangerous > and could destroy your data or machine. > _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
