puzzling anti-virus results

I have my Clamtk scheduled to scan my home directory at a given time each day. The Scheduled scan will have a half dozen suspicions. But if I do a manual scan, then the scan will have clean results. Clamtk does receive its updates every day, and I do expect to see a false positive on occasion.

What I find puzzling is the results from schedule to manual.

Sounds normal
Probably a waste of time

As not very many people bother to use such types of programs on their Linux systems, I doubt if you will get many usefull answers. The fact that the program you use is not even in the openSUSE standard repos (and thus you installed it from elsewhere) will not make it a well known poduct here either IMHO.

I do of course not know what it is that you gather in your home directory and you want to test there on MS Windows threatening viruses, but you are an exception.

i always get false positives with Clam for any signed pdf files.

I do understand false positives. Those will always be there. The difference between scheduled and manual is where I am puzzled. Those 2 scans can be just a few minutes apart.

Lets just drop the topic, its just one of those stupid things i was thinking about.

I don’t think it is that irrelevant as many of us do e.g. network sharing with windows machines.

And ClamAV, for which ClamTK is just a front-end, is still an official package (standard repo) with 12.3:)

I don’t do scheduled scans, but I use ClamAV (from command line) from time to time.

And, by the way, if you wish me to set-up and test a scheduled scan Mike, I can do that.

On 2013-05-22 18:46, mike7757 wrote:

> What I find puzzling is the results from schedule to manual.

Are you sure they both use the same options?

You can use the ‘ps’ command with appropriate options to learn the
actual command line used, if you do it while it is running.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Oh yes, when the OP realy wants others to look in this case, he should provide information:
. the cron entry (and when it aclls a script, the script of course) of the"scheduled run";
. the command as typed for the “manual run”.

Carlos E. R. wrote:
> On 2013-05-22 18:46, mike7757 wrote:
>
>> What I find puzzling is the results from schedule to manual.
>
> Are you sure they both use the same options?
>
> You can use the ‘ps’ command with appropriate options to learn the
> actual command line used, if you do it while it is running.

What Carlos said. It’s almost certainly some options set in the
scheduled job that you don’t use when running it manually, IMHO.

How is the scheduled job started? And are there any config files that
might be scanned?

When it comes to linux everyone here is around a million years ahead of me. I’m down here at the pre elementary level.
Please slow down with the hard questions and fancy talk.

Well, it is rather logical and not restricted to Linux. When it is about computers, you should be exact, presice and show computer evidence.

You only told us what you think you saw. But no computer facts included. When somebody (myself included) thinks that doing two times the same gives different results, like you I would think that that is not realy possible because computers are very good in doing exectly the same over and over again, producing the same every time, bit only if everything is the same.

Thus when you say you do a manual scan, you should tell what you do. And when it is in a terminal, then you should post that terminal session part here. And when you say that there is a scheduled run, you should post here what the contents of that run is (it is probably in your crontab).

When all this is in a GUI only (and I slowly get the feeling that it all is), then it is getting difficult because the GUI will hide all real stuff. And of course behind a GUI there can be so many unseen things that it shouldn’t make you wonder while those two are different.