from:"Tim McConnell via clamav\-users"

Re: [clamav-users] How do I get something added to the ignore list

2023-06-08 Thread Tim McConnell via clamav-users

Thank You Micah!!! 

On Thu, 2023-06-08 at 20:20 +, Micah Snyder (micasnyd) wrote:
> If you wish to ignore the PUA.Doc.Tool.LibreOfficeMacro-2 signature,
> you can create a .ign2 signature file in your clamav database
> directory.
> 
> See 
> https://docs.clamav.net/manual/Signatures/AllowLists.html#signature-
> ignore-lists for details.
> 
> 
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> From: clamav-users  on behalf
> of Tim McConnell via clamav-users 
> Sent: Thursday, June 8, 2023 10:12 AM
> To: Joel Esler ; ClamAV users ML
> 
> Cc: Tim McConnell 
> Subject: Re: [clamav-users] How do I get something added to the
> ignore list
>  
> Well I would assume the clam DB but I've no idea how or any of that.
> I would think the new Macro for Libre Office Calc would be in there
> already but I've been wrong before. 
> 
> On Thu, 2023-06-08 at 13:03 -0400, Joel Esler wrote:
> > What db do you think you want to add it to?
> > 
> > — 
> > Sent from my iPhone
> > 
> > > On Jun 8, 2023, at 12:35, Tim McConnell via clamav-users
> > >  wrote:
> > > 
> > > 
> > > Thanks for that AL, now how do I add to the DB? Two things I'm
> > > not is a programmer or DBA :-(
> > > 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How do I get something added to the ignore list

2023-06-08 Thread Tim McConnell via clamav-users

Well I would assume the clam DB but I've no idea how or any of that. I
would think the new Macro for Libre Office Calc would be in there
already but I've been wrong before. 

On Thu, 2023-06-08 at 13:03 -0400, Joel Esler wrote:
> What db do you think you want to add it to?
> 
> — 
> Sent from my iPhone
> 
> > On Jun 8, 2023, at 12:35, Tim McConnell via clamav-users
> >  wrote:
> > 
> > 
> > Thanks for that AL, now how do I add to the DB? Two things I'm not
> > is a programmer or DBA :-( 
> > 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How do I get something added to the ignore list

2023-06-08 Thread Tim McConnell via clamav-users

Thanks for that AL, now how do I add to the DB? Two things I'm not is a
programmer or DBA :-( 

-- 
Tim McConnell 


On Thu, 2023-06-08 at 05:01 -0700, Al Varnell wrote:
> First get the file's hash value:
> 
> sigtool --md5
> /home/tmick/.config/libreoffice/4/user/basic/Standard/Module1.xba
> 
> Then copy the results to an fp.local file. You will probably have to
> create such a file and add it to the ClamAV database.
> 
> -Al-
> 
> > On Jun 7, 2023, at 11:45 AM, Tim McConnell via clamav-users
> >  wrote:
> > 
> > Hi all, 
> > I get this in my report:
> > /home/tmick/.config/libreoffice/4/user/basic/Standard/Module1.xba:
> > PUA.Doc.Tool.LibreOfficeMacro-2 FOUND
> > How do I request the macro be added to the safe list? 
> > Thanks! 
> > 
> > -- 
> > Tim McConnell 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] How do I get something added to the ignore list

2023-06-07 Thread Tim McConnell via clamav-users

Hi all, 
I get this in my report:
/home/tmick/.config/libreoffice/4/user/basic/Standard/Module1.xba:
PUA.Doc.Tool.LibreOfficeMacro-2 FOUND
How do I request the macro be added to the safe list? 
Thanks! 

-- 
Tim McConnell 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-24 Thread Tim McConnell via clamav-users

Hi Marc, 
Well I got it to work except the logging (or at least it runs with no
errors) I tried the asterisk "*" and no, it doesn't work but adding a
space and \ gets it to be accepted. I do have yes to both --recursive
and --detect-pua set to yes. I just need to figure out the logging
thing and I'm good. 
I've attached a .txt version of the current script, Andrew helped with
suggestions as well. 
 

-- 
Tim McConnell 


On Fri, 2023-03-24 at 19:21 +, newcomer01 via clamav-users wrote:
> as i explained before, please check all given paths.
> it must start with "^/DIR/DIR/DIR/ [ ... so on]/"
> please don't name folders or files only, always to whole path to
> dir/file!
> i am not sure if the asterisk "*" work ...
> by the way: you search with -recursive="yes" right?
> then you don't need the "*" clamscan will scan in depth => this means
> -recursive="yes" 
> do you use -detect-pua="yes" or -detect-upa without "yes"?
> 
> seems that you have run clamscan not as sudo, you don't have the
> permission to scan some path, that's the log says
> 
> 
> Von / From: Clamav User Mailinglist
> 
> An / To: Newcomer01 
> CC / CC: Tim Mcconnell 
> Gesendet / Sent: Freitag, März 24, 2023 um 18:25 (at 06:25 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > Hi Marc & Andrew,
> > Okay now I'm really confused :-(
> > If I add what Andrew suggests it complains about
> > "/usr/bin/clamscan:
> > unrecognized option" and points to the exclude thing. The $EXCLUDE=
> > getting removed fixes that and then gives this output:
> > $ ./clammy.sh
> > Loading:    58s, ETA:   0s [>]   
> > 8.66M/8.66M
> > sigs
> > Compiling:  11s, ETA:   0s [>]   41/41
> > tasks
> > 
> > /home/tmick/package-lock.json: OK
> > /home/tmick/.profile: OK
> > /home/tmick/.signature: OK
> > /home/tmick/.aspell.en.prepl: OK
> > /home/tmick/.gitconfig: OK
> > /home/tmick/.bash_logout: OK
> > /home/tmick/.debian11.draft.txt: OK
> > /home/tmick/.mailcap: OK
> > /home/tmick/.lesshst: OK
> > /home/tmick/.steampath: Symbolic link
> > /home/tmick/test.db: Empty file
> > /home/tmick/.reportbugrc: OK
> > /home/tmick/.lightyears.cfg: OK
> > /home/tmick/.aspell.en.pws: OK
> > /home/tmick/.Xauthority: OK
> > /home/tmick/.face: OK
> > /home/tmick/package.json: OK
> > /home/tmick/.bash_history: OK
> > /home/tmick/.boxes-unknown.draft.txt: OK
> > /home/tmick/.pdsettings: OK
> > /home/tmick/mysqlaccess.log: Empty file
> > /home/tmick/journalctl-error.txt: Access denied
> > /home/tmick/clammy.sh: OK
> > /home/tmick/.selected_editor: OK
> > /home/tmick/.xsession-errors.old: OK
> > /home/tmick/.python_history: OK
> > /home/tmick/.sudo_as_admin_successful: Empty file
> > /home/tmick/.xsession-errors: OK
> > /home/tmick/.dmrc: OK
> > /home/tmick/firstDB.cfuJ: OK
> > /home/tmick/.bashrc: OK
> > /home/tmick/.gnomenightly.draft.txt: OK
> > /home/tmick/.isag.cfg: OK
> > /home/tmick/.steampid: Symbolic link
> > /home/tmick/.wget-hsts: OK
> > /home/tmick/.mysql_history: OK
> > /home/tmick/mysql.db: Empty file
> > 
> > --- SCAN SUMMARY ---
> > Known viruses: 8659055
> > Engine version: 1.0.1
> > Scanned directories: 1
> > Scanned files: 30
> > Infected files: 0
> > Total errors: 1
> > Data scanned: 14.33 MB
> > Data read: 29.42 MB (ratio 0.49:1)
> > Time: 78.193 sec (1 m 18 s)
> > Start Date: 2023:03:24 11:52:59
> > End Date:   2023:03:24 11:54:17
> > ./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No
> > such
> > file or directory (which is correct, I haven't gotten that far
> > yet.)
> > ./clammy.sh: line 10: --detect-pua: command not found (HUNH? The
> > man
> > pages says it's a command?)
> > 
> > And the History in ClamTK shows:
> > ---
> > 
> > 
> > 
> > WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
> > WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access
> > file
> > WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't
> > access
> > file
> > WARNING: ^/home/tmick/Nextcloud/*: Can't access file
> > WARNING: /run/user/tmick/gvfs: Can't access file
> > WARNING: ^.evolution: Can't access file
> > and the directories I'm trying to exclude are still scanned?
> > I'm using Debian Bookworm and the man pages (Debian README.zip
> > also)
> > state there are changes from the "upstream version".
> >   But the script does run.
> > Thanks for the advice given so far.
> > 
> > 
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
#/bin/bash


PATH=/bin:/usr/bin:/sbin:/usr/sbin

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-24 Thread Tim McConnell via clamav-users

Hi Marc & Andrew, 
Okay now I'm really confused :-( 
If I add what Andrew suggests it complains about "/usr/bin/clamscan:
unrecognized option" and points to the exclude thing. The $EXCLUDE=
getting removed fixes that and then gives this output: 
$ ./clammy.sh
Loading:58s, ETA:   0s [>]8.66M/8.66M
sigs  
Compiling:  11s, ETA:   0s [>]   41/41
tasks 

/home/tmick/package-lock.json: OK
/home/tmick/.profile: OK
/home/tmick/.signature: OK
/home/tmick/.aspell.en.prepl: OK
/home/tmick/.gitconfig: OK
/home/tmick/.bash_logout: OK
/home/tmick/.debian11.draft.txt: OK
/home/tmick/.mailcap: OK
/home/tmick/.lesshst: OK
/home/tmick/.steampath: Symbolic link
/home/tmick/test.db: Empty file
/home/tmick/.reportbugrc: OK
/home/tmick/.lightyears.cfg: OK
/home/tmick/.aspell.en.pws: OK
/home/tmick/.Xauthority: OK
/home/tmick/.face: OK
/home/tmick/package.json: OK
/home/tmick/.bash_history: OK
/home/tmick/.boxes-unknown.draft.txt: OK
/home/tmick/.pdsettings: OK
/home/tmick/mysqlaccess.log: Empty file
/home/tmick/journalctl-error.txt: Access denied
/home/tmick/clammy.sh: OK
/home/tmick/.selected_editor: OK
/home/tmick/.xsession-errors.old: OK
/home/tmick/.python_history: OK
/home/tmick/.sudo_as_admin_successful: Empty file
/home/tmick/.xsession-errors: OK
/home/tmick/.dmrc: OK
/home/tmick/firstDB.cfuJ: OK
/home/tmick/.bashrc: OK
/home/tmick/.gnomenightly.draft.txt: OK
/home/tmick/.isag.cfg: OK
/home/tmick/.steampid: Symbolic link
/home/tmick/.wget-hsts: OK
/home/tmick/.mysql_history: OK
/home/tmick/mysql.db: Empty file

--- SCAN SUMMARY ---
Known viruses: 8659055
Engine version: 1.0.1
Scanned directories: 1
Scanned files: 30
Infected files: 0
Total errors: 1
Data scanned: 14.33 MB
Data read: 29.42 MB (ratio 0.49:1)
Time: 78.193 sec (1 m 18 s)
Start Date: 2023:03:24 11:52:59
End Date:   2023:03:24 11:54:17
./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No such
file or directory (which is correct, I haven't gotten that far yet.)
./clammy.sh: line 10: --detect-pua: command not found (HUNH? The man
pages says it's a command?) 

And the History in ClamTK shows: 
---


WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access file
WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't access
file
WARNING: ^/home/tmick/Nextcloud/*: Can't access file
WARNING: /run/user/tmick/gvfs: Can't access file
WARNING: ^.evolution: Can't access file
and the directories I'm trying to exclude are still scanned? 
I'm using Debian Bookworm and the man pages (Debian README.zip also)
state there are changes from the "upstream version". 
 But the script does run. 
Thanks for the advice given so far. 


-- 
Tim McConnell 


On Fri, 2023-03-24 at 07:38 +, Andrew C Aitchison wrote:
> On Thu, 23 Mar 2023, Tim McConnell via clamav-users wrote:
> 
> > Okay Marc,
> > I came up with this:
> > #/bin/bash
> > declare clammy.sh
> > 
> > PATH=/bin:/usr/bin:/sbin:/usr/sbin
> > 
> > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
> > --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
> > --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
> > exclude everything in ACI_Learning dir
> > --exclude="^/home/tmick/Nextcloud/" # Try to exclude everything
> > under Nextcloud dir
> > --exclude="^/run/user/tmick/gvfs/" \
> > --exclude="^/home/tmick/.gvfs/" \
> > --exclude="^/home/tmick/.evolution" \
> > --detect-pua="yes" \
> > --recursive="yes" \
> > --quiet \
> > --infected \
> > --database="/etc/clamav/freshclam.conf" \
> > --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log
> > until I'm sure this works :-)
> 
> You need \ at the end of *every* line of the command, which means you
> cannot have comments if you do it that way.
> 
> #/bin/bash
> declare clammy.sh
> 
> PATH=/bin:/usr/bin:/sbin:/usr/sbin
> 
> EXCLUDE="--exclude ='^/home/tmick/.clamtk/viruses/'"
> EXCLUDE="$EXCLUDE --
> exclude='^/home/tmick/Documents/ACI_Learning/CEH/'"
> EXCLUDE="$EXCLUDE --
> exclude='^/home/tmick/Nextcloud/Documents/ACI_Learning/'" # Try to
> exclude everything in ACI_Learning dir
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/Nextcloud/'" # Try to
> exclude everything under Nextcloud dir
> EXCLUDE="$EXCLUDE --exclude='^/run/user/tmick/gvfs/'"
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/.gvfs/'"
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/.evolution"
> 
> /usr/bin/clamscan $EXCLUDE \
>

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-23 Thread Tim McConnell via clamav-users

Okay Marc, 
I came up with this: 
#/bin/bash
declare clammy.sh

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
exclude everything in ACI_Learning dir
--exclude="^/home/tmick/Nextcloud/" # Try to exclude everything under
Nextcloud dir
--exclude="^/run/user/tmick/gvfs/" \
--exclude="^/home/tmick/.gvfs/" \
--exclude="^/home/tmick/.evolution" \
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="/etc/clamav/freshclam.conf" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log until
I'm sure this works :-)

-- 
Tim McConnell 


On Thu, 2023-03-23 at 02:01 +, newcomer01 via clamav-users wrote:
> try this, but check my ** COMMENTS ** please
> 
> ---
> 
> #!/bin/bash
> 
> PATH=/bin:/usr/bin:/sbin:/usr/sbin
> 
> /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
> --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
> --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" ** HERE I
> DON'T KNOW WHAT YOU TRY TO MATCH ** \
> --exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \
> --exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \
> --exclude="^/run/user/tmick/gvfs/" \ --exclude="^/home/tmick/.gvfs/"
> \
> --exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH **
> --exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE PATH
> **
> --exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH **
> --exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO **
> --detect-pua="yes" \
> --recursive="yes" \
> --quiet \
> --infected \
> --database="PATH TO YOUR LIBS/" \
> --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log"
> ** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY (THIS
> I DO) **
> #--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
> #--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
> #--remove="yes/no"
> 
> ** ALWAYS AN EMPTY LINE AFTER EACH CODE ON LINUX - SOME FILES ARE
> SENSITIVE WITH THIS! **
> 
> ---
> 
> 
> 
> Von / From: Clamav User Mailinglist
> 
> An / To: Newcomer01 
> CC / CC: Tim Mcconnell 
> Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > So Marc, you're saying do something like this:
> > 
> > #/bin/bash
> > declare clammy.sh
> > 
> > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --
> > exclude
> > ="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
> > "^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
> > ="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
> > "^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude
> > =
> > "^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
> > "^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
> > log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null #
> > clamtk-
> > scan
> > 
> > and just call the script from cron?
> > For example 0 1 *** clammy.sh
> > correct??
> > 
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

So Marc, you're saying do something like this: 

#/bin/bash 
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron? 
For example 0 1 *** clammy.sh 
correct?? 

-- 
Tim McConnell +1 (205) 434-5534
tmcconnell...@gmail.com 
https://www.linkedin.com/in/timmcconnell/ 
https://calendly.com/tim_mcconnell/interview 



On Wed, 2023-03-22 at 20:29 +, newcomer01 via clamav-users wrote:
> Tim, it's not heavy write a own bash/sh script - to apply code to
> execute in cronjob isn't the best way.
> Write a small script and this start with your cronjob - that's all.
> 
> If i can help, then i will do this.
> 
> I had at the beginning clamTK too, but the complete tool didn't work
> here (but for some other reasons I know now) so I removed and set up
> all manually, it's little work but you learn much of clamav and
> bash/sh scripting - you can trust in me, it's simpler than it's maybe
> sounds.
> 
> kind regards,
> Marc
> 
> 
> Von / From: Clamav User Mailinglist
> 
> An / To: Newcomer01 
> CC / CC: Tim Mcconnell 
> Gesendet / Sent: Mittwoch, März 22, 2023 um 20:02 (at 08:02 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > On Wed, 2023-03-22 at 18:15 +, newcomer01 via clamav-users
> > wrote:
> > > äähhmmm why you escape the slash? This is not needed.
> > I didn't set that it was done by ClamTK (the GUI Interface) not me.
> > so
> > from the pointers you gave (Marc) ClamTK has bugs? and I should
> > just
> > schedule the cronjob manually?
> > I did appreciate the suggestions too Marc, I'm just trying to use
> > Clam
> > via the GUI (ClamTK) and not having a lot of luck :-(
> > Thanks for the help so far!
> > 
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

On Wed, 2023-03-22 at 18:15 +, newcomer01 via clamav-users wrote:
> äähhmmm why you escape the slash? This is not needed.
I didn't set that it was done by ClamTK (the GUI Interface) not me. so
from the pointers you gave (Marc) ClamTK has bugs? and I should just
schedule the cronjob manually? 
I did appreciate the suggestions too Marc, I'm just trying to use Clam
via the GUI (ClamTK) and not having a lot of luck :-( 
Thanks for the help so far! 

-- 
Tim McConnell 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

Thanks Micah, 
This is for Home use so that might be like hunting flies with a Nuclear
Warhead. 
For what it's worth, I did get the scan to complete in 15 hours. Okay
well it is a big drive. Now I have a real question: 
Using ClamTK to schedule a scan, How do I exclude a Directory? I've
tried Whitelisting but it doesn't skip the scan for those DIRs. 
The Cron Job email shows the command it's running as: 
/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses --exclude-
dir=\/home\/tmick\/Documents\/ACI\ Learning --exclude-
dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning --exclude-
dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k --exclude-
dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs --exclude-
dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-
dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -
r /home/tmick --log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log"
2>/dev/null # clamtk-scan
-- 
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks! 


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-
users wrote:
> >  by the way: if you find another anti-virus for linux without using
> > the terminal (with GUI), let me know, have searched really long
> > time and found nothing (freeware or commerical).
> > some companies (e.g eset) had linux version but now they stopped
> > the development.
> 
> If you need something for a business, Cisco Secure Endpoint has
> clients for Linux, Mac, and Windows. It is a cloud-based security
> suite so you basically login to console.amp.cisco.com and can monitor
> all of your connected clients for suspicious behavior.  The Linux and
> Mac clients use clamav for offline scans, but mostly use other
> methods for malware detection.  
> 
> Here's a link if you're
> interested: https://www.cisco.com/site/us/en/products/security/endpoi
> nt-security/secure-endpoint/index.html
> 
> TBH I think that the Secure Endpoint website is kind of garbage as it
> has a lot of jargon that won't make sense to your average person
> looking for an AV solution.  But it is basically a type of AV
> solution built to protect enterprise network computers.
> 
> The "live demo" will show you want the admin dashboard looks like. 
> It's pretty cool, but maybe a bit overwhelming. 
> 
> Regards,
> Micah
> 
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> From: clamav-users  on behalf
> of newcomer01 via clamav-users 
> Sent: Sunday, March 19, 2023 12:12 PM
> To: Tim McConnell via clamav-users 
> Cc: newcomer01 
> Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>  
> Hi again,
> 
> clamonacc you didn't really need.
> Here i do not have this, i scan normally every 2 hours my e-mails and
> only on sunday my computer.
> we are on linux., linux isn't so much effected for virsuses or
> something.
> by the way: if you find another anti-virus for linux without using
> the terminal (with GUI), let me know, have searched really long time
> and found nothing (freeware or commerical).
> some companies (e.g eset) had linux version but now they stopped the
> development.
> 
> kind greetings
> Marc
> 
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcome...@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
> Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > Hi Marc,
> > So apparently it was a bug(?) in ClamTK. The errors have gone away
> > (for
> > now). The big problem is I want Clam to do what Clamonacc does so
> > removing it shouldn't be an option? I want it to run at certain
> > times
> > to check for malicious files, etc. I'll re-enable the schedule via
> > Clam
> > TK and see if it still hogs the CPU.
> > If it does I may have to find another AV solution.
> >    
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-19 Thread Tim McConnell via clamav-users

Hi Marc, 
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU. 
If it does I may have to find another AV solution.
 
-- 
Tim McConnell 


On Sun, 2023-03-19 at 18:10 +, newcomer01 via clamav-users wrote:
> Hi Tim,
> 
> have you seen this: https://www.mankier.com/8/clamonacc?
> Maybe you can uninstall the clamonacc daemon (sudo apt-get uninstall
> clamonacc?) if you don't need the features of ClamAV Scan OnAccess.
> 
> A big HDD takes really long time for scanning.
> In my case with a really huge list of exceptions (YOU MUST SET
> EXCEPTIONS!) the scan never finished at any time.
> It runs here over 12 hours and as explained before with no automatic
> stop (manually stopped and go to bed).
> 
> kind greetings
> Marc
> 
> Von / From: Clamav User Mailinglist
> 
> An / To: Newcomer01 
> CC / CC: Tim Mcconnell 
> Gesendet / Sent: Donnerstag, März 16, 2023 um 19:55 (at 07:55 PM)
> +0100
> Betreff / Subject: [clamav-users] How to get rid of or Fix clamonacc
> error
> > Hi List,
> > I keep seeing this in my log files:
> > "clamonacc[1200]: ERROR: Clamonacc: at least one of
> > OnAccessExcludeUID,
> > OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified
> > ...
> > it is recommended you exclude the clamd instance UID or uname to
> > prevent infinite event scanning loops"
> > I used CLamTK to configure clamAV and I can't seem to find in the
> > man
> > pages etc. where to correct the issue or what they are even talking
> > about?
> > Which btw about how long should it take to scan a TB HardDrive
> > (roughly)?
> > Thanks!
> > 
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] How to get rid of or Fix clamonacc error

2023-03-16 Thread Tim McConnell via clamav-users

Hi List, 
I keep seeing this in my log files: 
"clamonacc[1200]: ERROR: Clamonacc: at least one of OnAccessExcludeUID,
OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ...
it is recommended you exclude the clamd instance UID or uname to
prevent infinite event scanning loops"
I used CLamTK to configure clamAV and I can't seem to find in the man
pages etc. where to correct the issue or what they are even talking
about? 
Which btw about how long should it take to scan a TB HardDrive
(roughly)? 
Thanks! 

-- 
Tim McConnell 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] need to kill clamscan with pkill

2023-03-01 Thread Tim McConnell via clamav-users

Hi list, 
So I read the documentation and maybe I missed something but I have to
use pkill -9 clamscan to end the scan that is scheduled (through
clamtk) for 22:59. 
I'm running Debian Bookworm that is updated daily. The results from 
clamconf -n
Checking configuration files in /etc/clamav

Config file: clamd.conf
---
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
MaxThreads = "12"
ReadTimeout = "180"
SendBufTimeout = "200"
FollowFileSymlinks = "yes"
SelfCheck = "3600"
User = "clamav"
BytecodeTimeout = "6"
MaxScanTime = "12"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
PCREMatchLimit = "1"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"

Config file: freshclam.conf
---
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogRotate = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"
Checks = "24"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
MaxAttempts = "5"
ReceiveTimeout disabled

Config file: clamav-milter.conf
---
LogFile = "/var/log/clamav/clamav-milter.log"
LogTime = "yes"
LogRotate = "yes"
PidFile = "/var/run/clamav/clamav-milter.pid"
TemporaryDirectory = "/tmp"
User = "clamav"
MaxFileSize = "26214400"
ClamdSocket = "unix:/var/run/clamav/clamd.ctl"
MilterSocket = "/var/run/clamav/clamav-milter.ctl"
MilterSocketGroup = "clamav"
MilterSocketMode = "666"
AddHeader = "Replace"
LogInfected = "Off"
LogClean = "Off"

Software settings
-
Version: 1.0.1
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2
ICONV JSON RAR 

Database information

Database directory: /var/lib/clamav
daily.cld: version 26827, sigs: 2022011, built on Wed Mar  1 02:28:49
2023
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 07:32:42 2021
bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 15:33:21 2023
Total number of signatures: 8669529

Platform information

uname: Linux 6.1.0-5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.12-1
(2023-02-15) x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: No LSB modules are available.
Debian GNU/Linux bookworm/sid
zlib version: 1.2.13 (1.2.13), compile flags: a9
platform id: 0x0a21a1a1080c0200

Build information
-
GNU C: 12.2.0 (12.2.0)
sizeof(void*) = 8
Engine flevel: 161, dconf: 161

The only thing I can find in the log files is the one named
"clamonacc.log" which has multiple entries of: 
ERROR: Clamonacc: at least one of OnAccessExcludeUID,
OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ...
it is recommended you exclude the clamd instance UID or uname to
prevent infinite event scanning loops.

I'm assuming that is what's happening but I can't find where to get the
information that is requested in that message or how to fix it. 
Prior to using pkill clamscan has my CPU at 100% 
The Cron job command (/usr/bin/clamscan --exclude-
dir=/home/tmick/.clamtk/viruses --exclude-dir=smb4k --exclude-
dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs --exclude-
dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-
dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i  --detect-pua
-r /home/tmick --log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log"
2>/dev/null # clamtk-scan)I have run manually and it succeeds fine. 

I'm confused and thanks for the help in advance. 


-- 
Tim McConnell 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How do I get something added to the ignore list

Re: [clamav-users] How do I get something added to the ignore list

Re: [clamav-users] How do I get something added to the ignore list

[clamav-users] How do I get something added to the ignore list

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

[clamav-users] How to get rid of or Fix clamonacc error

[clamav-users] need to kill clamscan with pkill

13 matches

Site Navigation

Mail list logo

Footer information