[clamav-users] recently noted that scanning firefox browser cache reports many errors
G.W. Haywood
clamav at jubileegroup.co.uk
Thu Oct 8 17:31:46 UTC 2020
Hi there,
On Thu, 8 Oct 2020, mum laris via clamav-users wrote:
> G.W. Haywood wrote:
>> Are you running freshclam?
> At least daily. but I understand your point, so may be I'd like to check if
> "clam-tk" (or something like that), is available ...
Not necessary. A freshclam.conf is pretty straightforward, just put
one in the same directory as your clamd.conf, edit to taste, and start
the freshclam daemon. It will then automatically update your database
periodically. To start it I just have a line in /etc/rc.local e.g.:
/usr/local/bin/freshclam -d --config-file=/etc/mail/clamav/freshclam.conf
People do all sorts of fancy things with sysvinit or systemd. Up to you.
> ... my roaming profile ... all my devices (android, Windows and Linux).
Ah, so you're vulnerable to *everything*! :/
> anyway, You are suggesting to? from manual I see:
>
> --heuristic-alerts[=yes(*)/no]
>
> so these kind of files haven't to be yet detected and managed autonously?
Not at all what I meant. In the distribution, these default to 'yes':
8<----------------------------------------------------------------------
$ grep '#Alert' /usr/local/etc/clamd.conf.sample
#AlertBrokenExecutables yes
#AlertEncrypted yes
#AlertEncryptedArchive yes
#AlertEncryptedDoc yes
#AlertOLE2Macros yes
#AlertPhishingSSLMismatch yes
#AlertPhishingCloak yes
#AlertPartitionIntersection yes
#AlertExceedsMax yes
8<----------------------------------------------------------------------
but in your clamconf output I see this:
8<----------------------------------------------------------------------
$ grep Alert clamconf
AlertExceedsMax disabled
HeuristicAlerts = "yes"
AlertBrokenExecutables disabled
AlertEncrypted disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
8<----------------------------------------------------------------------
You might want to know about some of those things rather than have
clamd potentially ignore them, especially if you have Windoze boxes.
> /dev/sdaX: clean, 545729/6553600 files, 21748990/26214400 blocks
OK. I hope the SSD is backed up regularly to some other medium.
> file FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F
> FF13A1C7B9A4E5C26BE58596DF7F58E6CCB3F19F: gzip compressed data, from Unix
> ...
> ... please let me know if You think further analysis' needed.
Well it's a compressed file, you could try testing it using gzip.
Check the gzip man page for how to do that. If it tests out OK then
you could extract the contents (gunzip) and see if it's anything you
can make sense of. If not a little more digging might be needed.
> So you're no more relaxing my thoughts...
That's good. :)
--
73,
Ged.
More information about the clamav-users
mailing list