subject:"Re\: \[clamav\-users\] How to get rid of or Fix clamonacc error"

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-24 Thread Tim McConnell via clamav-users

Hi Marc, 
Well I got it to work except the logging (or at least it runs with no
errors) I tried the asterisk "*" and no, it doesn't work but adding a
space and \ gets it to be accepted. I do have yes to both --recursive
and --detect-pua set to yes. I just need to figure out the logging
thing and I'm good. 
I've attached a .txt version of the current script, Andrew helped with
suggestions as well. 
 

-- 
Tim McConnell 


On Fri, 2023-03-24 at 19:21 +, newcomer01 via clamav-users wrote:
> as i explained before, please check all given paths.
> it must start with "^/DIR/DIR/DIR/ [ ... so on]/"
> please don't name folders or files only, always to whole path to
> dir/file!
> i am not sure if the asterisk "*" work ...
> by the way: you search with -recursive="yes" right?
> then you don't need the "*" clamscan will scan in depth => this means
> -recursive="yes" 
> do you use -detect-pua="yes" or -detect-upa without "yes"?
> 
> seems that you have run clamscan not as sudo, you don't have the
> permission to scan some path, that's the log says
> 
> 
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcome...@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
> Gesendet / Sent: Freitag, März 24, 2023 um 18:25 (at 06:25 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > Hi Marc & Andrew,
> > Okay now I'm really confused :-(
> > If I add what Andrew suggests it complains about
> > "/usr/bin/clamscan:
> > unrecognized option" and points to the exclude thing. The $EXCLUDE=
> > getting removed fixes that and then gives this output:
> > $ ./clammy.sh
> > Loading:    58s, ETA:   0s [>]   
> > 8.66M/8.66M
> > sigs
> > Compiling:  11s, ETA:   0s [>]   41/41
> > tasks
> > 
> > /home/tmick/package-lock.json: OK
> > /home/tmick/.profile: OK
> > /home/tmick/.signature: OK
> > /home/tmick/.aspell.en.prepl: OK
> > /home/tmick/.gitconfig: OK
> > /home/tmick/.bash_logout: OK
> > /home/tmick/.debian11.draft.txt: OK
> > /home/tmick/.mailcap: OK
> > /home/tmick/.lesshst: OK
> > /home/tmick/.steampath: Symbolic link
> > /home/tmick/test.db: Empty file
> > /home/tmick/.reportbugrc: OK
> > /home/tmick/.lightyears.cfg: OK
> > /home/tmick/.aspell.en.pws: OK
> > /home/tmick/.Xauthority: OK
> > /home/tmick/.face: OK
> > /home/tmick/package.json: OK
> > /home/tmick/.bash_history: OK
> > /home/tmick/.boxes-unknown.draft.txt: OK
> > /home/tmick/.pdsettings: OK
> > /home/tmick/mysqlaccess.log: Empty file
> > /home/tmick/journalctl-error.txt: Access denied
> > /home/tmick/clammy.sh: OK
> > /home/tmick/.selected_editor: OK
> > /home/tmick/.xsession-errors.old: OK
> > /home/tmick/.python_history: OK
> > /home/tmick/.sudo_as_admin_successful: Empty file
> > /home/tmick/.xsession-errors: OK
> > /home/tmick/.dmrc: OK
> > /home/tmick/firstDB.cfuJ: OK
> > /home/tmick/.bashrc: OK
> > /home/tmick/.gnomenightly.draft.txt: OK
> > /home/tmick/.isag.cfg: OK
> > /home/tmick/.steampid: Symbolic link
> > /home/tmick/.wget-hsts: OK
> > /home/tmick/.mysql_history: OK
> > /home/tmick/mysql.db: Empty file
> > 
> > --- SCAN SUMMARY ---
> > Known viruses: 8659055
> > Engine version: 1.0.1
> > Scanned directories: 1
> > Scanned files: 30
> > Infected files: 0
> > Total errors: 1
> > Data scanned: 14.33 MB
> > Data read: 29.42 MB (ratio 0.49:1)
> > Time: 78.193 sec (1 m 18 s)
> > Start Date: 2023:03:24 11:52:59
> > End Date:   2023:03:24 11:54:17
> > ./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No
> > such
> > file or directory (which is correct, I haven't gotten that far
> > yet.)
> > ./clammy.sh: line 10: --detect-pua: command not found (HUNH? The
> > man
> > pages says it's a command?)
> > 
> > And the History in ClamTK shows:
> > ---
> > 
> > 
> > 
> > WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
> > WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access
> > file
> > WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't
> > access
> > file
> > WARNING: ^/home/tmick/Nextcloud/*: Can't access file
> > WARNING: /run/user/tmick/gvfs: Can't access file
> > WARNING: ^.ev

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-24 Thread newcomer01 via clamav-users


as i explained before, please check all given paths.
it must start with "^/DIR/DIR/DIR/ [ ... so on]/"
please don't name folders or files only, always to whole path to dir/file!
i am not sure if the asterisk "*" work ...
by the way: you search with -recursive="yes" right?
then you don't need the "*" clamscan will scan in depth => this means 
-recursive="yes" 
do you use -detect-pua="yes" or -detect-upa without "yes"?

seems that you have run clamscan not as sudo, you don't have the permission to 
scan some path, that's the log says


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Freitag, März 24, 2023 um 18:25 (at 06:25 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc & Andrew,
Okay now I'm really confused :-(
If I add what Andrew suggests it complains about "/usr/bin/clamscan:
unrecognized option" and points to the exclude thing. The $EXCLUDE=
getting removed fixes that and then gives this output:
$ ./clammy.sh
Loading:58s, ETA:   0s [>]8.66M/8.66M
sigs
Compiling:  11s, ETA:   0s [>]   41/41
tasks

/home/tmick/package-lock.json: OK
/home/tmick/.profile: OK
/home/tmick/.signature: OK
/home/tmick/.aspell.en.prepl: OK
/home/tmick/.gitconfig: OK
/home/tmick/.bash_logout: OK
/home/tmick/.debian11.draft.txt: OK
/home/tmick/.mailcap: OK
/home/tmick/.lesshst: OK
/home/tmick/.steampath: Symbolic link
/home/tmick/test.db: Empty file
/home/tmick/.reportbugrc: OK
/home/tmick/.lightyears.cfg: OK
/home/tmick/.aspell.en.pws: OK
/home/tmick/.Xauthority: OK
/home/tmick/.face: OK
/home/tmick/package.json: OK
/home/tmick/.bash_history: OK
/home/tmick/.boxes-unknown.draft.txt: OK
/home/tmick/.pdsettings: OK
/home/tmick/mysqlaccess.log: Empty file
/home/tmick/journalctl-error.txt: Access denied
/home/tmick/clammy.sh: OK
/home/tmick/.selected_editor: OK
/home/tmick/.xsession-errors.old: OK
/home/tmick/.python_history: OK
/home/tmick/.sudo_as_admin_successful: Empty file
/home/tmick/.xsession-errors: OK
/home/tmick/.dmrc: OK
/home/tmick/firstDB.cfuJ: OK
/home/tmick/.bashrc: OK
/home/tmick/.gnomenightly.draft.txt: OK
/home/tmick/.isag.cfg: OK
/home/tmick/.steampid: Symbolic link
/home/tmick/.wget-hsts: OK
/home/tmick/.mysql_history: OK
/home/tmick/mysql.db: Empty file

--- SCAN SUMMARY ---
Known viruses: 8659055
Engine version: 1.0.1
Scanned directories: 1
Scanned files: 30
Infected files: 0
Total errors: 1
Data scanned: 14.33 MB
Data read: 29.42 MB (ratio 0.49:1)
Time: 78.193 sec (1 m 18 s)
Start Date: 2023:03:24 11:52:59
End Date:   2023:03:24 11:54:17
./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No such
file or directory (which is correct, I haven't gotten that far yet.)
./clammy.sh: line 10: --detect-pua: command not found (HUNH? The man
pages says it's a command?)

And the History in ClamTK shows:
---


WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access file
WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't access
file
WARNING: ^/home/tmick/Nextcloud/*: Can't access file
WARNING: /run/user/tmick/gvfs: Can't access file
WARNING: ^.evolution: Can't access file
and the directories I'm trying to exclude are still scanned?
I'm using Debian Bookworm and the man pages (Debian README.zip also)
state there are changes from the "upstream version".
  But the script does run.
Thanks for the advice given so far.




___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-24 Thread Tim McConnell via clamav-users

Hi Marc & Andrew, 
Okay now I'm really confused :-( 
If I add what Andrew suggests it complains about "/usr/bin/clamscan:
unrecognized option" and points to the exclude thing. The $EXCLUDE=
getting removed fixes that and then gives this output: 
$ ./clammy.sh
Loading:58s, ETA:   0s [>]8.66M/8.66M
sigs  
Compiling:  11s, ETA:   0s [>]   41/41
tasks 

/home/tmick/package-lock.json: OK
/home/tmick/.profile: OK
/home/tmick/.signature: OK
/home/tmick/.aspell.en.prepl: OK
/home/tmick/.gitconfig: OK
/home/tmick/.bash_logout: OK
/home/tmick/.debian11.draft.txt: OK
/home/tmick/.mailcap: OK
/home/tmick/.lesshst: OK
/home/tmick/.steampath: Symbolic link
/home/tmick/test.db: Empty file
/home/tmick/.reportbugrc: OK
/home/tmick/.lightyears.cfg: OK
/home/tmick/.aspell.en.pws: OK
/home/tmick/.Xauthority: OK
/home/tmick/.face: OK
/home/tmick/package.json: OK
/home/tmick/.bash_history: OK
/home/tmick/.boxes-unknown.draft.txt: OK
/home/tmick/.pdsettings: OK
/home/tmick/mysqlaccess.log: Empty file
/home/tmick/journalctl-error.txt: Access denied
/home/tmick/clammy.sh: OK
/home/tmick/.selected_editor: OK
/home/tmick/.xsession-errors.old: OK
/home/tmick/.python_history: OK
/home/tmick/.sudo_as_admin_successful: Empty file
/home/tmick/.xsession-errors: OK
/home/tmick/.dmrc: OK
/home/tmick/firstDB.cfuJ: OK
/home/tmick/.bashrc: OK
/home/tmick/.gnomenightly.draft.txt: OK
/home/tmick/.isag.cfg: OK
/home/tmick/.steampid: Symbolic link
/home/tmick/.wget-hsts: OK
/home/tmick/.mysql_history: OK
/home/tmick/mysql.db: Empty file

--- SCAN SUMMARY ---
Known viruses: 8659055
Engine version: 1.0.1
Scanned directories: 1
Scanned files: 30
Infected files: 0
Total errors: 1
Data scanned: 14.33 MB
Data read: 29.42 MB (ratio 0.49:1)
Time: 78.193 sec (1 m 18 s)
Start Date: 2023:03:24 11:52:59
End Date:   2023:03:24 11:54:17
./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No such
file or directory (which is correct, I haven't gotten that far yet.)
./clammy.sh: line 10: --detect-pua: command not found (HUNH? The man
pages says it's a command?) 

And the History in ClamTK shows: 
---


WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access file
WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't access
file
WARNING: ^/home/tmick/Nextcloud/*: Can't access file
WARNING: /run/user/tmick/gvfs: Can't access file
WARNING: ^.evolution: Can't access file
and the directories I'm trying to exclude are still scanned? 
I'm using Debian Bookworm and the man pages (Debian README.zip also)
state there are changes from the "upstream version". 
 But the script does run. 
Thanks for the advice given so far. 


-- 
Tim McConnell 


On Fri, 2023-03-24 at 07:38 +, Andrew C Aitchison wrote:
> On Thu, 23 Mar 2023, Tim McConnell via clamav-users wrote:
> 
> > Okay Marc,
> > I came up with this:
> > #/bin/bash
> > declare clammy.sh
> > 
> > PATH=/bin:/usr/bin:/sbin:/usr/sbin
> > 
> > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
> > --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
> > --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
> > exclude everything in ACI_Learning dir
> > --exclude="^/home/tmick/Nextcloud/" # Try to exclude everything
> > under Nextcloud dir
> > --exclude="^/run/user/tmick/gvfs/" \
> > --exclude="^/home/tmick/.gvfs/" \
> > --exclude="^/home/tmick/.evolution" \
> > --detect-pua="yes" \
> > --recursive="yes" \
> > --quiet \
> > --infected \
> > --database="/etc/clamav/freshclam.conf" \
> > --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log
> > until I'm sure this works :-)
> 
> You need \ at the end of *every* line of the command, which means you
> cannot have comments if you do it that way.
> 
> #/bin/bash
> declare clammy.sh
> 
> PATH=/bin:/usr/bin:/sbin:/usr/sbin
> 
> EXCLUDE="--exclude ='^/home/tmick/.clamtk/viruses/'"
> EXCLUDE="$EXCLUDE --
> exclude='^/home/tmick/Documents/ACI_Learning/CEH/'"
> EXCLUDE="$EXCLUDE --
> exclude='^/home/tmick/Nextcloud/Documents/ACI_Learning/'" # Try to
> exclude everything in ACI_Learning dir
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/Nextcloud/'" # Try to
> exclude everything under Nextcloud dir
> EXCLUDE="$EXCLUDE --exclude='^/run/user/tmick/gvfs/'"
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/.gvfs/'"
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/.evolution"
> 
> /usr/bin/clamscan $EXCLUDE \
>   --detect-pua="yes" \
>   --recursive="yes" \
>   --quiet \
>   --infected \
>   --database="/etc/clamav/freshclam.conf" \
>   --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log
> until I'm sure this works :-)
> 
> I have changed the quotes so that $EXCLUDE is inside "" rather than
> ''.
> Without that it would not be expanded.
> 
> I do not see mention of which directory to start scanning from.
> 
> > Tim

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-24 Thread newcomer01 via clamav-users


--database="/etc/clamav/freshclam.conf" \ here you should have to path to your 
.cvd, .dat, so on files
and not the dir to you conf file - clamscan did not support to read the 
con.file while scanning
see clamscan --help

i think, this here will also not work, you create dynamically by date your log files, 
this is okay but the option --log="" did'nt create this file if it not exists.
Maybe you should have a rule that creates this log file, if it not exists -> 
read doku for touch

this here i would change additionally:
/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \

/usr/bin/clamscan \
--exclude ="^/home/tmick/.clamtk/viruses/" \


but now it looks good for me, this should work now - good job.


kind greetings
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Donnerstag, März 23, 2023 um 23:32 (at 11:32 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Okay Marc,
I came up with this:
#/bin/bash
declare clammy.sh

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
exclude everything in ACI_Learning dir
--exclude="^/home/tmick/Nextcloud/" # Try to exclude everything under
Nextcloud dir
--exclude="^/run/user/tmick/gvfs/" \
--exclude="^/home/tmick/.gvfs/" \
--exclude="^/home/tmick/.evolution" \
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="/etc/clamav/freshclam.conf" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log until
I'm sure this works :-)



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-23 Thread Tim McConnell via clamav-users

Okay Marc, 
I came up with this: 
#/bin/bash
declare clammy.sh

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
exclude everything in ACI_Learning dir
--exclude="^/home/tmick/Nextcloud/" # Try to exclude everything under
Nextcloud dir
--exclude="^/run/user/tmick/gvfs/" \
--exclude="^/home/tmick/.gvfs/" \
--exclude="^/home/tmick/.evolution" \
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="/etc/clamav/freshclam.conf" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log until
I'm sure this works :-)

-- 
Tim McConnell 


On Thu, 2023-03-23 at 02:01 +, newcomer01 via clamav-users wrote:
> try this, but check my ** COMMENTS ** please
> 
> ---
> 
> #!/bin/bash
> 
> PATH=/bin:/usr/bin:/sbin:/usr/sbin
> 
> /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
> --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
> --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" ** HERE I
> DON'T KNOW WHAT YOU TRY TO MATCH ** \
> --exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \
> --exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \
> --exclude="^/run/user/tmick/gvfs/" \ --exclude="^/home/tmick/.gvfs/"
> \
> --exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH **
> --exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE PATH
> **
> --exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH **
> --exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO **
> --detect-pua="yes" \
> --recursive="yes" \
> --quiet \
> --infected \
> --database="PATH TO YOUR LIBS/" \
> --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log"
> ** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY (THIS
> I DO) **
> #--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
> #--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
> #--remove="yes/no"
> 
> ** ALWAYS AN EMPTY LINE AFTER EACH CODE ON LINUX - SOME FILES ARE
> SENSITIVE WITH THIS! **
> 
> ---
> 
> 
> 
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcome...@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
> Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > So Marc, you're saying do something like this:
> > 
> > #/bin/bash
> > declare clammy.sh
> > 
> > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --
> > exclude
> > ="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
> > "^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
> > ="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
> > "^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude
> > =
> > "^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
> > "^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
> > log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null #
> > clamtk-
> > scan
> > 
> > and just call the script from cron?
> > For example 0 1 *** clammy.sh
> > correct??
> > 
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


and please note: your own sh script needs chmod 0775 - it must be run as 
program for all users!
your log folder should have chmod 0775 and your log files inside chmod 0644 - 
bust this are suggestions only


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


try this, but check my ** COMMENTS ** please

---

#!/bin/bash

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" ** HERE I DON'T 
KNOW WHAT YOU TRY TO MATCH ** \
--exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \
--exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \
--exclude="^/run/user/tmick/gvfs/" \ --exclude="^/home/tmick/.gvfs/" \
--exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH **
--exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE PATH **
--exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH **
--exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO **
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="PATH TO YOUR LIBS/" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log"
** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY (THIS I DO) **
#--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
#--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
#--remove="yes/no"

** ALWAYS AN EMPTY LINE AFTER EACH CODE ON LINUX - SOME FILES ARE SENSITIVE 
WITH THIS! **

---



Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


exact but please check your path's - some will so not work aner the asterik "*" 
i think will also not work 
cron: 0 1 * * * clammy.sh - always space between the values


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

So Marc, you're saying do something like this: 

#/bin/bash 
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron? 
For example 0 1 *** clammy.sh 
correct?? 

-- 
Tim McConnell +1 (205) 434-5534
tmcconnell...@gmail.com 
https://www.linkedin.com/in/timmcconnell/ 
https://calendly.com/tim_mcconnell/interview 



On Wed, 2023-03-22 at 20:29 +, newcomer01 via clamav-users wrote:
> Tim, it's not heavy write a own bash/sh script - to apply code to
> execute in cronjob isn't the best way.
> Write a small script and this start with your cronjob - that's all.
> 
> If i can help, then i will do this.
> 
> I had at the beginning clamTK too, but the complete tool didn't work
> here (but for some other reasons I know now) so I removed and set up
> all manually, it's little work but you learn much of clamav and
> bash/sh scripting - you can trust in me, it's simpler than it's maybe
> sounds.
> 
> kind regards,
> Marc
> 
> 
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcome...@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
> Gesendet / Sent: Mittwoch, März 22, 2023 um 20:02 (at 08:02 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > On Wed, 2023-03-22 at 18:15 +, newcomer01 via clamav-users
> > wrote:
> > > äähhmmm why you escape the slash? This is not needed.
> > I didn't set that it was done by ClamTK (the GUI Interface) not me.
> > so
> > from the pointers you gave (Marc) ClamTK has bugs? and I should
> > just
> > schedule the cronjob manually?
> > I did appreciate the suggestions too Marc, I'm just trying to use
> > Clam
> > via the GUI (ClamTK) and not having a lot of luck :-(
> > Thanks for the help so far!
> > 
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


Tim, it's not heavy write a own bash/sh script - to apply code to execute in 
cronjob isn't the best way.
Write a small script and this start with your cronjob - that's all.

If i can help, then i will do this.

I had at the beginning clamTK too, but the complete tool didn't work here (but 
for some other reasons I know now) so I removed and set up all manually, it's 
little work but you learn much of clamav and bash/sh scripting - you can trust 
in me, it's simpler than it's maybe sounds.

kind regards,
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 20:02 (at 08:02 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

On Wed, 2023-03-22 at 18:15 +, newcomer01 via clamav-users wrote:

äähhmmm why you escape the slash? This is not needed.

I didn't set that it was done by ClamTK (the GUI Interface) not me. so
from the pointers you gave (Marc) ClamTK has bugs? and I should just
schedule the cronjob manually?
I did appreciate the suggestions too Marc, I'm just trying to use Clam
via the GUI (ClamTK) and not having a lot of luck :-(
Thanks for the help so far!



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

On Wed, 2023-03-22 at 18:15 +, newcomer01 via clamav-users wrote:
> äähhmmm why you escape the slash? This is not needed.
I didn't set that it was done by ClamTK (the GUI Interface) not me. so
from the pointers you gave (Marc) ClamTK has bugs? and I should just
schedule the cronjob manually? 
I did appreciate the suggestions too Marc, I'm just trying to use Clam
via the GUI (ClamTK) and not having a lot of luck :-( 
Thanks for the help so far! 

-- 
Tim McConnell 
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


and please refer the clamscan --help
--detect-pua needs "=yes/no"


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


___

Manage your clamav-users mailing list subscription / unsub

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


Additional: if you really want only to exclude didn't use the "-dir" 
parameters, with this I had lot of trouble in the past.

Use instead --exclude="^/home/Folder/Folder/..." and yes, you always need the 
complete path!


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Ci

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread newcomer01 via clamav-users


Hi Tim,

äähhmmm why you escape the slash? This is not needed.
Try to set follow:

--include="^/home/Folder/Folder/Folder/..." ends up with slash!

Its better to include as to exclude much more then include.
All Path's starts with --include="^/home/..." will be scanned and all others 
not.
Please do not mix --include and --exclude, with this i had lot of trouble in 
the past.
I would also prefer to search with --recursive="yes", this means go in depth as 
possible for the given Path.


kind greetings
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay well it 
is a big drive. Now I have a real question:
Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried 
Whitelisting but it doesn't skip the scan for those DIRs.
The Cron Job email shows the command it's running as:
*/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses 
--exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning 
--exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k 
--exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs 
--exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution 
--exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick 
--log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
--
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks!


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-users 
wrote:

 by the way: if you find another anti-virus for linux without using the 
terminal (with GUI), let me know, have searched really long time and found 
nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.


If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

From: clamav-users  on behalf of newcomer01 
via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://git

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Tim McConnell via clamav-users

Thanks Micah, 
This is for Home use so that might be like hunting flies with a Nuclear
Warhead. 
For what it's worth, I did get the scan to complete in 15 hours. Okay
well it is a big drive. Now I have a real question: 
Using ClamTK to schedule a scan, How do I exclude a Directory? I've
tried Whitelisting but it doesn't skip the scan for those DIRs. 
The Cron Job email shows the command it's running as: 
/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses --exclude-
dir=\/home\/tmick\/Documents\/ACI\ Learning --exclude-
dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning --exclude-
dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k --exclude-
dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs --exclude-
dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-
dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -
r /home/tmick --log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log"
2>/dev/null # clamtk-scan
-- 
Tim McConnell 

So how would I get the directories I want ignored, ignored?
Thanks! 


On Wed, 2023-03-22 at 17:08 +, Micah Snyder (micasnyd) via clamav-
users wrote:
> >  by the way: if you find another anti-virus for linux without using
> > the terminal (with GUI), let me know, have searched really long
> > time and found nothing (freeware or commerical).
> > some companies (e.g eset) had linux version but now they stopped
> > the development.
> 
> If you need something for a business, Cisco Secure Endpoint has
> clients for Linux, Mac, and Windows. It is a cloud-based security
> suite so you basically login to console.amp.cisco.com and can monitor
> all of your connected clients for suspicious behavior.  The Linux and
> Mac clients use clamav for offline scans, but mostly use other
> methods for malware detection.  
> 
> Here's a link if you're
> interested: https://www.cisco.com/site/us/en/products/security/endpoi
> nt-security/secure-endpoint/index.html
> 
> TBH I think that the Secure Endpoint website is kind of garbage as it
> has a lot of jargon that won't make sense to your average person
> looking for an AV solution.  But it is basically a type of AV
> solution built to protect enterprise network computers.
> 
> The "live demo" will show you want the admin dashboard looks like. 
> It's pretty cool, but maybe a bit overwhelming. 
> 
> Regards,
> Micah
> 
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> From: clamav-users  on behalf
> of newcomer01 via clamav-users 
> Sent: Sunday, March 19, 2023 12:12 PM
> To: Tim McConnell via clamav-users 
> Cc: newcomer01 
> Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>  
> Hi again,
> 
> clamonacc you didn't really need.
> Here i do not have this, i scan normally every 2 hours my e-mails and
> only on sunday my computer.
> we are on linux., linux isn't so much effected for virsuses or
> something.
> by the way: if you find another anti-virus for linux without using
> the terminal (with GUI), let me know, have searched really long time
> and found nothing (freeware or commerical).
> some companies (e.g eset) had linux version but now they stopped the
> development.
> 
> kind greetings
> Marc
> 
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcome...@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
> Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > Hi Marc,
> > So apparently it was a bug(?) in ClamTK. The errors have gone away
> > (for
> > now). The big problem is I want Clam to do what Clamonacc does so
> > removing it shouldn't be an option? I want it to run at certain
> > times
> > to check for malicious files, etc. I'll re-enable the schedule via
> > Clam
> > TK and see if it still hogs the CPU.
> > If it does I may have to find another AV solution.
> >    
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Micah Snyder (micasnyd) via clamav-users

> by the way: if you find another anti-virus for linux without using the 
> terminal (with GUI), let me know, have searched really long time and found 
> nothing (freeware or commerical).
> some companies (e.g eset) had linux version but now they stopped the 
> development.

If you need something for a business, Cisco Secure Endpoint has clients for 
Linux, Mac, and Windows. It is a cloud-based security suite so you basically 
login to console.amp.cisco.com and can monitor all of your connected clients 
for suspicious behavior.  The Linux and Mac clients use clamav for offline 
scans, but mostly use other methods for malware detection.

Here's a link if you're interested: 
https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot 
of jargon that won't make sense to your average person looking for an AV 
solution.  But it is basically a type of AV solution built to protect 
enterprise network computers.

The "live demo" will show you want the admin dashboard looks like.  It's pretty 
cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


From: clamav-users  on behalf of 
newcomer01 via clamav-users 
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users 
Cc: newcomer01 
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Hi Marc,
> So apparently it was a bug(?) in ClamTK. The errors have gone away (for
> now). The big problem is I want Clam to do what Clamonacc does so
> removing it shouldn't be an option? I want it to run at certain times
> to check for malicious files, etc. I'll re-enable the schedule via Clam
> TK and see if it still hogs the CPU.
> If it does I may have to find another AV solution.
>

___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Musc via clamav-users


On 3/22/23 6:22 AM, Andrew C Aitchison via clamav-users wrote:

be careful to make sure false positives do no harm,


I've had so many positives that I couldn't examine them all.  Does this 
happen to others?  What do you do for that?



and remember that false negatives do happen frequently


How do we become aware of false negatives?


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-22 Thread Andrew C Aitchison via clamav-users




[ My previous reply did not reach the list, for reasons I do understand. ]

On Tue, 21 Mar 2023, Tim McConnell wrote:


Hi Andrew,
So maybe I'm mis understanding something. I'm expecting the scan to run
once daily at 01:00. Is that not what clamonacc does? I keep getting
told to remove it but Debian installed it as a dependency so what's
going to break if I do?


It looks as though the clamav-daemon package contains two daemons,
clamonacc and clamd. You *probably* do want clamd: it runs permanently,
taking up about 1.2 gigabytes of memory and provides a malware 
scanning service that saves about 15 seconds start up time on every scan.
Not significant when you run a full disk scan, but if you do a single scan 
file from time to time it does make a difference.


There is a third ClamAV daemon - clamav-freshclam which keeps the 
virus database up to date; you certainly want that one too.



As for the question: "Do you have a plan for what you will do when it
finds a potentially malicious file ?"
Yes I will analyze it and if it is a malicious file I will remove it
after sending it to ClamAV (in case it's new)after Googling how to
safely remove it.


Good. There are options to automatically delete or quarantine suspect 
files; either can stop you system from working or destroy data.



I'm still baffled by the Whitelist not working in ClamTK but I think if
I create a cronjob manually to run instead of the scheduled task from
ClamTK I can get those DIRs to be ignored and hopefully speed up the
scan?


I have never used ClamTK.
Running clamscan or clamdscan, from cron, on selected directory trees
makes sense, but do be careful to make sure false positives do no harm,
and remember that false negatives do happen frequently, so a clean scan
result proves little.



Thanks,

--
Tim McConnell 


On Sun, 2023-03-19 at 21:40 +, Andrew C Aitchison wrote:

On Sun, 19 Mar 2023, Tim McConnell via clamav-users wrote:


Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away
(for
now).



The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option?
I want it to run at certain times to check for malicious files,
etc.


That is not what clamonacc does. clamonacc scans each file as it is
accesses by some other process (reaf, write or both). The name means
CLAM scan ON ACCess.

Do you have a plan for what you will do when it finds a potentially
malicious file ? It is very important that you think catefully about
that.


I'll re-enable the schedule via ClamTK and see if it still hogs the
CPU.
If it does I may have to find another AV solution.


How long does it taketo scan a terabtye disk ?
If it is full of little files (smaller than MaxScanSize and
MaxFileSize)
it will have to read the whole disk at the very least.





--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-19 Thread newcomer01 via clamav-users


Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on 
sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal 
(with GUI), let me know, have searched really long time and found nothing 
(freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the 
development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell...@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU.
If it does I may have to find another AV solution.
  


___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-19 Thread Tim McConnell via clamav-users

Hi Marc, 
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU. 
If it does I may have to find another AV solution.
 
-- 
Tim McConnell 


On Sun, 2023-03-19 at 18:10 +, newcomer01 via clamav-users wrote:
> Hi Tim,
> 
> have you seen this: https://www.mankier.com/8/clamonacc?
> Maybe you can uninstall the clamonacc daemon (sudo apt-get uninstall
> clamonacc?) if you don't need the features of ClamAV Scan OnAccess.
> 
> A big HDD takes really long time for scanning.
> In my case with a really huge list of exceptions (YOU MUST SET
> EXCEPTIONS!) the scan never finished at any time.
> It runs here over 12 hours and as explained before with no automatic
> stop (manually stopped and go to bed).
> 
> kind greetings
> Marc
> 
> Von / From: Clamav User Mailinglist
> 
> An / To: Newcomer01 
> CC / CC: Tim Mcconnell 
> Gesendet / Sent: Donnerstag, März 16, 2023 um 19:55 (at 07:55 PM)
> +0100
> Betreff / Subject: [clamav-users] How to get rid of or Fix clamonacc
> error
> > Hi List,
> > I keep seeing this in my log files:
> > "clamonacc[1200]: ERROR: Clamonacc: at least one of
> > OnAccessExcludeUID,
> > OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified
> > ...
> > it is recommended you exclude the clamd instance UID or uname to
> > prevent infinite event scanning loops"
> > I used CLamTK to configure clamAV and I can't seem to find in the
> > man
> > pages etc. where to correct the issue or what they are even talking
> > about?
> > Which btw about how long should it take to scan a TB HardDrive
> > (roughly)?
> > Thanks!
> > 
> 
> ___
> 
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
> 
> https://docs.clamav.net/#mailing-lists-and-chat
___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

2023-03-19 Thread newcomer01 via clamav-users


Hi Tim,

have you seen this: https://www.mankier.com/8/clamonacc?
Maybe you can uninstall the clamonacc daemon (sudo apt-get uninstall 
clamonacc?) if you don't need the features of ClamAV Scan OnAccess.

A big HDD takes really long time for scanning.
In my case with a really huge list of exceptions (YOU MUST SET EXCEPTIONS!) the 
scan never finished at any time.
It runs here over 12 hours and as explained before with no automatic stop 
(manually stopped and go to bed).

kind greetings
Marc

Von / From: Clamav User Mailinglist 
An / To: Newcomer01 
CC / CC: Tim Mcconnell 
Gesendet / Sent: Donnerstag, März 16, 2023 um 19:55 (at 07:55 PM) +0100
Betreff / Subject: [clamav-users] How to get rid of or Fix clamonacc error

Hi List,
I keep seeing this in my log files:
"clamonacc[1200]: ERROR: Clamonacc: at least one of OnAccessExcludeUID,
OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ...
it is recommended you exclude the clamd instance UID or uname to
prevent infinite event scanning loops"
I used CLamTK to configure clamAV and I can't seem to find in the man
pages etc. where to correct the issue or what they are even talking
about?
Which btw about how long should it take to scan a TB HardDrive
(roughly)?
Thanks!



___

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

Re: [clamav-users] How to get rid of or Fix clamonacc error

21 matches

Site Navigation

Mail list logo

Footer information