What does clamAV actually do?
Posts: 363
I recently noticed that clamAV (antivirus) is installed in Mepis, and seems to run as a cron job. I was impressed on the one hand, and perplexed on the other. I hadn't known it was installed or running, and didn't know what to expect.
So I got the phony "virus" test file, eicar.com, put it in my home directory, and then ran a full scan from the command line. It took half an hour to scan my disk (/home at least, I don't know what else, if anything). I was not surprised that it found eicar.com, but I was quite surprised that it found some sort of "html exploit" embedded in three different html emails (spam) that I had neglected to delete though I had never opened them, even in Linux.
I was even more surprised that clamAV didn't seem to actually do anything with the found "viruses", it just found them. What good is it having this run in the background?
Or am I missing something here? (happens all too often, I'm afraid.)

Andy
Ah!
Posts: 363
the preconfigured cron job simply updates clamav's virus definition
Ah! That makes more sense. Kinda, sorta. I guess.
All this time I had an antivirus with up-to-date signatures and I never ran the thing 
Life is funny. Thanks for the info!
Andy

Hi Andy If you add the
Posts: 173
Hi Andy
If you add the clamav frontend programe KlamAV you will be able to use it like any other KDE programe.
I am fairly sure you can get it via Synaptic, but if not you can get it from the KDE apps site.
Hope this helps.
Jim 
Cool!
Posts: 363
Thanks, Jim! Works fine, quarantines the nasties and everything!

Andy

More Details
Posts: 5513
OldJim and Andy, this sounds interesting. I'd like to give it a try.
I found a copy of SOURCE for klamav-0.22 at sourceforge, but I'm wondering if this is the right version. Can you post more info as to where you found the app., whether you had to compile, and if so, what instructions you used?
Also, do you know if it works correctly to quarantine bad emails from thunderbird?
Thanks.
Jon
I tried the deb package
Posts: 363
Jon,
I got the Debian package, also at sourceforge, klamav_0.17-1_i386.deb:
http://sourceforge.net/project/showfiles.php?group_id=102171
which opened in Kpackage when I doubleclicked on it.
It then installed with no complications and was in the Menu, under Utilities, when I looked for it.
I don't know if it can deal with Thunderbird. The only options I have are Kmail and Evolution, both of which I have installed.
Let us know how you make out. Let me warn you it's a little slow.
Andy

Thanks
Posts: 5513
Andy,
Thank you for the update. I was hoping that there was a newer version of the code, but I'm not willing to tackle the compile at this time. The .deb package downloaded and installed with no problem. I'm now in the process of scanning my home directory.
One thing I noticed, when I when searching the 'Net is the description that klamav uses a customized version of the clamav daemon. Hmm.
I'll have to use this for a while and see how the whole thing works. Of course, this is to protect "others" from any bad files that I might receive, since Linux is rarely effected 
The bad news is that it appears that Klamav does not currently (directly) support Thunderbird 
Anyway, thank you again Andy and OldJim 
Jon

auto-scan
Posts: 40
Did you try out the auto-scan? I did and it said I needed to install a file called dazuko, but installion failed. Did anyone else have this problem?
"Always do sober what you said you'd do drunk. That will teach you to keep your mouth shut."
Ernest Miller Hemingway (1899-1961), American writer
Ummm...
Posts: 363
A minor annoyance, I suppose, but every time KDE starts up I get five (5, count 'em, 5) little klamav icons down on the panel by the volume (mixer) icon, etc., left of Kweather.
And I know some like to argue about the plural of "virus" but I'm fairly sure "viruseses" isn't it.
I haven't tried autoscan.
Sigh... 
Andy

Plural of "virus"
Posts: 5513
How 'bout viriises 
Actually, the medical plural of "virus" is "viruses".
Jon
viriises
Posts: 363
viriises
oooooooh! I like it!
Andy
try this !
Posts: 229
control panel-kde components-session manager-on login.
select " start with empty session " reboot x
put on login back.
worked for me.
Carl

(Partial) Answer to Multiple Sessions
Posts: 5513
Andy,
I think I stumbled across part of the reason for multiple sessions. I just restarted my system and I had TWO sessions in the system tray. I tried to Quit them to no avail. I eventually had to kill -15 them.
What I found is that AutoUpdate was set. Since Klamav doesn't work with Thunderbird I don't need to have automatic updates. I turned it on to keep my signatures updated, but when the AutoUpdate is checked then I get the multiple versions.
I don't know why you'd have FIVE sessions though.
Carl, I just tried your modification to session-manager through the control panel. Works very nicely (even leaves the apps that I started still working). Thanks for the tip.
FYI, the tests that I did with Thunderbird. I think I read something about this in a separate location that I no longer remember. Anyway, both clamav and klamav will search your entire personal home area. If you are using Thunderbird, it stores its info under ~/.mozilla-thunderbird/randomstring.default/Mail. Under there, you will have "Local Folders" (and maybe others). Within Local Folders, you will have and Inbox and others. There's an Inbox directory for storing sub-folders, an Inbox.msf that stores other info and finally an Inbox file that contains the actual email. If klamav detects a virus in a single email, it will quarantine the entire Inbox file. So if you decide to use Thunderbird, do not quarantine the emails.
I have developed a kludgy workaround that requires swapping email to/from multiple folders and scanning, but it's definitely time consuming.
Something else I found that may get rid of some of the virus stuff is to "compact" the folders! I originally found SIX VIRUSES, four of which were in very old archived emails. I compacted the folder and rescanned, and they were gone
Jon

Hi JonTo remove the
Posts: 173
Hi Jon
To remove the quarantined e-mails, open the home folder click on View, Show Hidden Files, then click on the faded KlamAV folder, open the Quarantined Folder and manualy delete the e-mails.
Regards Jim
P.S If KlamAV has Quarantined something you wanted to keep, you can copy and past it back into the main folder.
P.P.S Thanks Carl 

Re: Plural of "virus"
Posts: 499
How 'bout viriises![]()
Actually, the medical plural of "virus" is "viruses".
Jon
Hmmm...I thought the plural for virus using medical terminolgy was "viri", and in the case of using the term when discussing technology you would then use "viruses" as the plural. Much like when discussing a mouse as an animal, the plural would be mice when talking about the animal, but when talking about the plural in technology circles you would use "mouses." Keep in mind that I am not an English instructor and I am still trying to fully grasp the English language, (I am from Tennessee). LOL!

Viruses,viri, virii or who cares?
Posts: 849
If you do have a look here
This is from the wikipedia:
http://en.wikipedia.org/wiki/Plural_of_virus
anticapitalista
Philosophers have interpreted the world in many ways; the point is to change it.
I think that the cron job
Posts: 380
As far as I know, the preconfigured cron job simply updates clamav's virus definition file(s), and doesn't perform a virus scan. I suppose you could add your own cron job to do virus scans.