[clamav-users] ClamAV - What does the “clamd at scan” service do by default?

Eduardo Lúcio Amorim Costa eduardolucioac at gmail.com
Sun Jan 26 22:33:15 UTC 2020 

People,

Taking into account this statement by G.W. Haywood...

"Assuming the package maintainer has not lost his sanity, the service will
be configured simply to report findings (for example by logging a message
to a system log and, if you use a command-line tool, printing a message on
the tty/terminal/whatever)."

... and I have one last question (it may sound stupid =D )...

Is it correct to assume that the "clamd at scan" service, once started, can
find threats that already exist on my server? I explain better! Suppose
that on my file system I already had a malicious file - identifiable as a
threat by ClamAV's heuristics - before my ClamAV installation waiting to be
executed by someone unsuspecting. Is it correct to assume that the
"clamd at scan" service in its normal operation will eventually find that
threat and notify me (log, mail, etc...)?

Thanks! =D

Em dom., 26 de jan. de 2020 às 17:27, Eduardo Lúcio Amorim Costa <
eduardolucioac at gmail.com> escreveu:

> Gentlemen,
>
> I found your answers very useful, so I took the liberty of publishing them
> on the thread I opened about the problem on the internet (
> https://unix.stackexchange.com/a/564223/61742 ).
>
> If you do not want this content to continue to be published, please let me
> know so I can delete it.
>
> Thanks! =D
>
> Em dom., 26 de jan. de 2020 às 08:12, G.W. Haywood via clamav-users <
> clamav-users at lists.clamav.net> escreveu:
>
>> Hi there,
>>
>> On Sat, 25 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote:
>>
>> > *QUESTION:* What does the "clamav at scan" service do by default if it
>> finds
>> > threats?
>>
>> I do not know exactly which package you are using.  The behaviour of
>> the service provided by a package will depend on how it was configured
>> by the package provider.  Assuming the package maintainer has not lost
>> his sanity, the service will be configured simply to report findings
>> (for example by logging a message to a system log and, if you use a
>> command-line tool, printing a message on the tty/terminal/whatever).
>>
>> Read the documentation on the ClamAV Website for more information:
>>
>> http://www.clamav.net/documents/clam-antivirus-user-manual
>>
>> Copies and parodies of ClamAV documentation elsewhere on the Internet
>> can be out of date, misleading, sometimes incorrect, and occasionally
>> downright dangerous.
>>
>> > *FURTHER QUESTION:* I would like ClamAV to have the "classic" behavior
>> of
>> > an antivirus engine, that is, remove threats automatically. If he
>> doesn't
>> > do this by default what should I do to make him do it?
>>
>> Read the part which says
>>
>> "Be careful!"
>>
>> If you have not yet found that part, keep reading until you do.
>>
>> > *NOTES:*
>> > *I* - The operating system of choice was CentOS 7 and the process used
>> is
>> > described in this tutorial
>> >
>> https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/
>>
>> Generally speaking I recommend that you avoid tutorials like this
>> because they tend to make decisions for you without the benefit of
>> information about your situation which only you can have.  I recommend
>> that you do NOT attempt to automate threat removal on any Linux system
>> without very careful consideration.  Careless use of ClamAV on a Linux
>> system will do more harm than good.  In particular, this tutorial will
>> have you scan locations in the filesystem which can not safely be
>> scanned with ClamAV, nor with any anti-virus tool.  Keep in mind that,
>> even in a minimal installation, ClamAV scans for much more than just
>> viruses and malware and that the false positive rate is never zero.  I
>> feel that you do not at present understand the issues well enough to
>> consider them sufficiently carefully.
>>
>> I have been using ClamAV for many years, on hundreds of Linux systems.
>> Perhaps this is mainly because of good hygiene but I have not yet seen
>> ClamAV find a Linux virus, nor Linux malware, nor Linux rootkit on any
>> Linux system.  I should be pleased if anyone who has will report, here
>> on this list, what they have found, when they found it, and how they
>> think it got there.  Any Linux system which has been compromised is a
>> danger, and my advice would be to rebuild it from scratch.
>>
>> --
>>
>> 73,
>> Ged.
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> --
> *Eduardo Lúcio*
> LightBase Consultoria em Software Público
> eduardo.lucio at LightBase.com.br
> *+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
> *Software livre! Abrace essa idéia!*
> *"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*
>
>
> *Abraham Lincoln*
>


-- 
*Eduardo Lúcio*
LightBase Consultoria em Software Público
eduardo.lucio at LightBase.com.br
*+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
*Software livre! Abrace essa idéia!*
*"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*


*Abraham Lincoln*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200126/567674fd/attachment.htm>

More information about the clamav-users mailing list