I am having problems trying to understand how ClamAV works. From my testing it looks like it does not run resident and protect the file system. So for example if I scan a folder that has the eicar virus in it it detects.
However if I download this virus and save it to the file system it does not intercept the write and prompt me saying I am saving a virus.
If I am wrong in my understanding please correct me as I would like to configure it much like the PC Av products allow me to.
whorsfall wrote:
> If I am wrong in my understanding please correct me as I would like to
> configure it much like the PC Av products allow me to.
-=welcome=- to our forum and i guess to Linux in general if not
openSUSE in specific…
i know it is hard to believe and i know you won’t immediately believe
it but, well…let me say it this way: i do not run ClamAV. i do not
have a virus checker on my machine…i have not had a virus checker
on my machine since 1995, at least…
i do not need a virus checker because 99.999999% of all the viruses
today are written to attack MS-Windows, a system i do not
run…therefore i do not need to be fearful of viruses, today…
the day MAY come when i have to care, but that day is not today…
now, if you dual boot then it is wise to (while booted into Linux) to
run ClamAV looking for bad stuff—but that is just to protect your MS
system…if you find a virus just squash it…
there is NO need to caution you to not save a virus to your Linux
drives, so that is not built in…
read around and you find many opinions–some folks suggest you should
run an AV so you don’t accidentally forward an email with a bad to a
Windows using friends…but, i figure i don’t need to waste my clock
cycles trying to help my friends protect their machines…that is
THEIR job, not mine…
Unlike on the malware-ridden Windows OS, apps on Linux are not affected by Windows viruses, which are the overwhelming majority, close to 100%. Therefore scanning is done on demand only by those applications that need to do so, e.g. mail servers that may receive from or deliver to Windows clients, e.g. postfix via amavis, web apps that handle uploads, e.g. Moodle, maybe FTP servers, and so forth.
You need to readjust your ideas about OSes. With Linux you are not constantly looking behind your shoulder to protect yourself against what those miscreants throw at you. It makes for a more peaceful life, less work for the machine and better for the planet too. Think of all the C02 generated by virus-scanning.
If anything, infection via files is a bit old-hat. These days, the baddies tend to take advantage of holes in web browsers, PDF readers, Flash players, etc. Those are the weaknesses you should be dealing with by keeping your packages up to date.
On Mon, 21 Jun 2010 14:16:01 +0000, whorsfall wrote for a reply:
> Hi,
>
> I am having problems trying to understand how ClamAV works. From my
> testing it looks like it does not run resident and protect the file
> system. So for example if I scan a folder that has the eicar virus in it
> it detects.
>
> However if I download this virus and save it to the file system it does
> not intercept the write and prompt me saying I am saving a virus.
>
> If I am wrong in my understanding please correct me as I would like to
> configure it much like the PC Av products allow me to.
>
> So any ideas or alternatives.
>
> Thanks,
>
> Ward
IIRC, Clamav and Clamd have to be configured for to real time scanning,
which is limited to email and some other services like Apache(?).
Likewise depending on your email client you’ll have to point it to clam/
av/clamd as your default A-V checker.
Personally, I prefer AVAST for Workstation (or Linux). I’ve set it up to
run weekly to :
download of the latest AVAST virus definition
scan my /home/ and any other partitions/folders I might use for
downloaded and saved files.
On Tue, 22 Jun 2010 05:16:01 +0000, whorsfall wrote for a reply:
> Hi,
>
> Big thanks for all the comments from people.
>
> So can I assume if I want to get ClamAV to do this I need to somehow get
> the kernel module dazuko to load?
>
>
> Also the AVast does that have a GUI and offer real-time scanning?
>
> Thanks,
>
> Ward
Avast for Workstation (or Linux) does have a GUI and it scans email, it
doesn’t have real time scanning of downloaded and accessed files like
Windows A-V tools.
IMO, its best for scheduled scans, ie, cron job.
code:
Run Avast A-V update at 12:45 and scan every 2hrs
45 12 * * * sh /usr/bin/avast-update
55 */2 * * * sh /usr/bin/avast --report=/tmp/avrpt.html /target
