Hi Marc, Well I got it to work except the logging (or at least it runs with no errors) I tried the asterisk "*" and no, it doesn't work but adding a space and \ gets it to be accepted. I do have yes to both --recursive and --detect-pua set to yes. I just need to figure out the logging thing and I'm good. I've attached a .txt version of the current script, Andrew helped with suggestions as well.
-- Tim McConnell <tmcconnell...@gmail.com> On Fri, 2023-03-24 at 19:21 +0000, newcomer01 via clamav-users wrote: > as i explained before, please check all given paths. > it must start with "^/DIR/DIR/DIR/ [ ... so on]/" > please don't name folders or files only, always to whole path to > dir/file! > i am not sure if the asterisk "*" work ... > by the way: you search with -recursive="yes" right? > then you don't need the "*" clamscan will scan in depth => this means > -recursive="yes" 😉 > do you use -detect-pua="yes" or -detect-upa without "yes"? > > seems that you have run clamscan not as sudo, you don't have the > permission to scan some path, that's the log says > > > Von / From: Clamav User Mailinglist > <mailto:clamav-users@lists.clamav.net> > An / To: Newcomer01 <mailto:newcome...@posteo.de> > CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com> > Gesendet / Sent: Freitag, März 24, 2023 um 18:25 (at 06:25 PM) +0100 > Betreff / Subject: Re: [clamav-users] How to get rid of or Fix > clamonacc error > > Hi Marc & Andrew, > > Okay now I'm really confused :-( > > If I add what Andrew suggests it complains about > > "/usr/bin/clamscan: > > unrecognized option" and points to the exclude thing. The $EXCLUDE= > > getting removed fixes that and then gives this output: > > $ ./clammy.sh > > Loading: 58s, ETA: 0s [========================>] > > 8.66M/8.66M > > sigs > > Compiling: 11s, ETA: 0s [========================>] 41/41 > > tasks > > > > /home/tmick/package-lock.json: OK > > /home/tmick/.profile: OK > > /home/tmick/.signature: OK > > /home/tmick/.aspell.en.prepl: OK > > /home/tmick/.gitconfig: OK > > /home/tmick/.bash_logout: OK > > /home/tmick/.debian11.draft.txt: OK > > /home/tmick/.mailcap: OK > > /home/tmick/.lesshst: OK > > /home/tmick/.steampath: Symbolic link > > /home/tmick/test.db: Empty file > > /home/tmick/.reportbugrc: OK > > /home/tmick/.lightyears.cfg: OK > > /home/tmick/.aspell.en.pws: OK > > /home/tmick/.Xauthority: OK > > /home/tmick/.face: OK > > /home/tmick/package.json: OK > > /home/tmick/.bash_history: OK > > /home/tmick/.boxes-unknown.draft.txt: OK > > /home/tmick/.pdsettings: OK > > /home/tmick/mysqlaccess.log: Empty file > > /home/tmick/journalctl-error.txt: Access denied > > /home/tmick/clammy.sh: OK > > /home/tmick/.selected_editor: OK > > /home/tmick/.xsession-errors.old: OK > > /home/tmick/.python_history: OK > > /home/tmick/.sudo_as_admin_successful: Empty file > > /home/tmick/.xsession-errors: OK > > /home/tmick/.dmrc: OK > > /home/tmick/firstDB.cfuJ: OK > > /home/tmick/.bashrc: OK > > /home/tmick/.gnomenightly.draft.txt: OK > > /home/tmick/.isag.cfg: OK > > /home/tmick/.steampid: Symbolic link > > /home/tmick/.wget-hsts: OK > > /home/tmick/.mysql_history: OK > > /home/tmick/mysql.db: Empty file > > > > ----------- SCAN SUMMARY ----------- > > Known viruses: 8659055 > > Engine version: 1.0.1 > > Scanned directories: 1 > > Scanned files: 30 > > Infected files: 0 > > Total errors: 1 > > Data scanned: 14.33 MB > > Data read: 29.42 MB (ratio 0.49:1) > > Time: 78.193 sec (1 m 18 s) > > Start Date: 2023:03:24 11:52:59 > > End Date: 2023:03:24 11:54:17 > > ./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No > > such > > file or directory (which is correct, I haven't gotten that far > > yet.) > > ./clammy.sh: line 10: --detect-pua: command not found (HUNH? The > > man > > pages says it's a command?) > > > > And the History in ClamTK shows: > > ------------------------------------------------------------------- > > ---- > > -------- > > > > WARNING: ^/home/tmick/.clamtk/viruses: Can't access file > > WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access > > file > > WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't > > access > > file > > WARNING: ^/home/tmick/Nextcloud/*: Can't access file > > WARNING: /run/user/tmick/gvfs: Can't access file > > WARNING: ^.evolution: Can't access file > > and the directories I'm trying to exclude are still scanned? > > I'm using Debian Bookworm and the man pages (Debian README.zip > > also) > > state there are changes from the "upstream version". > > But the script does run. > > Thanks for the advice given so far. > > > > > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat
#/bin/bash PATH=/bin:/usr/bin:/sbin:/usr/sbin /usr/bin/clamscan "--exclude=/home/tmick/Nextcloud/" \ "--exclude=/home/tmick/Games/" \ "--exclude=/home/tmick/.local/share/Steam" \ "--exclude=/home/tmick/.local/share/wineprefixes" \ --detect-pua="yes" \ --recursive="yes" \ --quiet \ --infected \ --database="/etc/clamav/freshclam.conf" \ --logfile="$LOGFILE" \ touch $LOGFILE="$HOME/.clamtk/history/$(date '+%F').log" # DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY (THIS I DO) #--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER" #--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER" #--remove="yes/no" # ALWAYS AN EMPTY LINE AFTER EACH CODE ON LINUX - SOME FILES ARE SENSITIVE WITH THIS!
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
