[clamav-users] How to get rid of or Fix clamonacc error

Andrew C Aitchison clamav at aitchison.me.uk
Wed Mar 22 10:22:12 UTC 2023 

[ My previous reply did not reach the list, for reasons I do understand. ]

On Tue, 21 Mar 2023, Tim McConnell wrote:

> Hi Andrew,
> So maybe I'm mis understanding something. I'm expecting the scan to run
> once daily at 01:00. Is that not what clamonacc does? I keep getting
> told to remove it but Debian installed it as a dependency so what's
> going to break if I do?

It looks as though the clamav-daemon package contains two daemons,
clamonacc and clamd. You *probably* do want clamd: it runs permanently,
taking up about 1.2 gigabytes of memory and provides a malware 
scanning service that saves about 15 seconds start up time on every scan.
Not significant when you run a full disk scan, but if you do a single scan 
file from time to time it does make a difference.

There is a third ClamAV daemon - clamav-freshclam which keeps the 
virus database up to date; you certainly want that one too.

> As for the question: "Do you have a plan for what you will do when it
> finds a potentially malicious file ?"
> Yes I will analyze it and if it is a malicious file I will remove it
> after sending it to ClamAV (in case it's new)after Googling how to
> safely remove it.

Good. There are options to automatically delete or quarantine suspect 
files; either can stop you system from working or destroy data.

> I'm still baffled by the Whitelist not working in ClamTK but I think if
> I create a cronjob manually to run instead of the scheduled task from
> ClamTK I can get those DIRs to be ignored and hopefully speed up the
> scan?

I have never used ClamTK.
Running clamscan or clamdscan, from cron, on selected directory trees
makes sense, but do be careful to make sure false positives do no harm,
and remember that false negatives do happen frequently, so a clean scan
result proves little.


> Thanks,
>
> -- 
> Tim McConnell <tmcconnell168 at gmail.com>
>
>
> On Sun, 2023-03-19 at 21:40 +0000, Andrew C Aitchison wrote:
>> On Sun, 19 Mar 2023, Tim McConnell via clamav-users wrote:
>>
>>> Hi Marc,
>>> So apparently it was a bug(?) in ClamTK. The errors have gone away
>>> (for
>>> now).
>>
>>> The big problem is I want Clam to do what Clamonacc does so
>>> removing it shouldn't be an option?
>>> I want it to run at certain times to check for malicious files,
>>> etc.
>>
>> That is not what clamonacc does. clamonacc scans each file as it is
>> accesses by some other process (reaf, write or both). The name means
>> CLAM scan ON ACCess.
>>
>> Do you have a plan for what you will do when it finds a potentially
>> malicious file ? It is very important that you think catefully about
>> that.
>>
>>> I'll re-enable the schedule via ClamTK and see if it still hogs the
>>> CPU.
>>> If it does I may have to find another AV solution.
>>
>> How long does it taketo scan a terabtye disk ?
>> If it is full of little files (smaller than MaxScanSize and
>> MaxFileSize)
>> it will have to read the whole disk at the very least.
>>
>

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew at aitchison.me.uk

More information about the clamav-users mailing list