Mailing List Archive

Please help
Thank you for writing in. where post_id=82391;

Go to this URL to change user options or unsubscribe:
https://lists.ClamAV.net/mailman/listinfo/ClamAV-devel

or by sending an email to ClamAV-devel-leave@lists.ClamAV.net

Thanks!
;
Re: Please help [ In reply to ]
Thank you for writing in. where post_id=82391;

Go to this URL to change user options or unsubscribe:
https://lists.ClamAV.net/mailman/listinfo/ClamAV-devel

or by sending an email to ClamAV-devel-leave@lists.ClamAV.net

Thanks!
;
Re: Please help [ In reply to ]
Thank you for writing in. where post_id=82391;

Go to this URL to change user options or unsubscribe:
https://lists.ClamAV.net/mailman/listinfo/ClamAV-devel

or by sending an email to ClamAV-devel-leave@lists.ClamAV.net

Thanks!
;
Re: Please help [ In reply to ]
Jan,

Look in clamd.conf for something like:

LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666

or

TCPSocket 3310
TCPAddr xxx.xxx.xxx.xxx

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Jan
Elliott
Sent: Wednesday, August 31, 2022 3:05 PM
To: clamd user questions <clamav-users@lists.clamav.net>
Subject: [clamav-users] Please help

TO: "clamd user questions" <clamav-users@lists.clamav.net>

QUESTION: When I try to execute the command "clamd" I get the following
message:
ERROR: Please define server type (local and/or TCP)

BACKGROUND; I worked in Bell Labs for 17 years, where I learned UNIX. After
leaving, I got assistance from a former co-worker to install Linux on my
laptop in 2002.
Since then, I've used Fedora Red Hat versions 12, 24, and recently had my
laptop upgraded to version 36. My experience with system administration is
limited and I no longer have someone with UNIX/Linux admin knowledge to
assist me. The person who installed Fedora v36 suggested I try CLAMD to get
rid of a virus/whatever that apparently infected my Chrome browser when I
went to a music site I had been using for several years; the site now causes
continual pornographic pop-ups!!

I also have a Firefox browser and used it to download a new Chrome after I
deleted the infected one, but I still get the pop-ups. Was able to install
CLAMD (rpm) and have read most of the man pages I could find, and checked
what configuration files, etc., I could find, but still get the ERROR
message. What do I need to read, edit, run, etc. to successfully get the
"clamd" command to work.

HELP, please!!! Thanx, Jan Elliott

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Please help [ In reply to ]
Hi there,

On Wed, 31 Aug 2022, Jan Elliott wrote:

> TO: "clamd user questions" <clamav-users@lists.clamav.net>
>
> QUESTION: When I try to execute the command "clamd" I
> get the following message:
> ERROR: Please define server type (local and/or TCP)

The tool (possibly 'clamdscan', but whatever it is) which tells clamd
what it is to scan communicates with clamd through a socket. Running
clamd on Linux, most people most of the time configure clamd to use a
Unix socket but it can also use a TCP socket. You need to choose one.
Using a TCP socket may have security implications which I don't think
you need to worry about in your present situation.

https://docs.clamav.net/manual/Usage/Configuration.html#clamdconf

and try the command

man clamd.conf

Look for the configuration options which start with "TCP" and also
those which contain the word "Socket".

> .... The person who installed Fedora v36 suggested I
> try CLAMD to get rid of a virus/whatever that apparently
> infected my Chrome browser ...

Try to think of ClamAV as an attempt to prevent rather than a cure.

It isn't generally a good idea to try to get an infected system to
repair itself. If the criminals who produced the malicious code are
any good at their jobs - and some of them are *very* good because it
can pay well - they will have ways of preventing something like ClamAV
from doing its job. There might easily be hundreds of compromised
executables in the box. If you try to replace them all, you only need
to miss one for the exercise to be pointless. You could never be sure
that you'd found everything, and you might waste a lot of time finding
out that you hadn't.

My advice is to wipe the system and start from scratch. Thesedays it
seems that even that isn't always enough and if the threat has reached
into the firmware then you might need to write off the machine, or at
least substantial parts of it. It isn't an especially likely outcome,
but it's one that you should bear in mind.

What's the state of your backups?

--

73,
Ged.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Please help [ In reply to ]
Hello -- Thanx for your response, although it really
doesn't help, since I do seem to need a CURE for the
infection I already have. The pop-ups only start when I
open the Chrome browser and they don't go away until I
reboot. The "virus" (or whatever the problem is called in
this instance) came from a specific website that I have
used many times over the past few years; I wish there was
some way I could warn people to NOT use this site...
unless they're into porn...

I gave my machine to a local shop to assist with some
error messages I started getting when I booted the Linux
partition (I have Windows on another partition that I
rarely used and NEVER connect to the internet with any
Windows OS!). The techie found that the machine needed to
have more space to get rid of the error messages and
suggested the best way to get ahead of the problem was to
upgrade to the current Linus version, meaning going from
Fedora v24 to v36. As I didn't know at the time that such
an extensive re-do was needed, I didn't make a backup
before I turned over the laptop. I did try to do a backup
recently, but it failed because there wasn't enough room
on the USB drive I tried to use. Was planning to get a
larger drive, but not sure if doing a backup now will do
any good with the screwed-up Chrome browser I now have.
Would you think that removing the browser, then doing a
backup of my $HOME, would be of any help?

I tried to search through as many of the ASCII files that
seem to be part of the ClamD suite, looking for words
like: server, TCP, Linux. I didn't find any, and tried to
use some of the config tools to set the appropriate
variables, but didn't find what I thought I should be
looking for.

As I said, I am not an experienced system administrator,
getting only some formal training at Bell Labs with the
AT&T 3B2 computer, and those were pretty stable and the
machines I was in charge of (aka "babysitting") were used
for specific testing, not general usage for all those in
my organization. And the Labs only started using more
Linux after I left. I've educated myself as best possible
(given that computers are no longer part of my job, since
I'm now retired), using various books I've purchased and
whatever on-line info I've stumbled across. But I'd rather
be not-very-good with Linux than an expert with a Windows
OS!! The longer I've been away from the Labs, the more
friends and co-workers I lose touch with, so I turn to
"outside" help wherever I can find it. I've already used
"man" for most of the ClamD commands and tools available,
but sometimes it's better for me to just seek guidance
from any expert whose willing to give me some advise, and
for that I thank you!!

If I totally stop using Chrome, my system seems to be safe
and deleting that browser seems to be called for...
AGAIN... Since installing the different Linux versions
were done by others (first by a friend with any early text
version, then by "Linux Certified" when I purchased 2
ThinkPads over a period of about 15 years, and they
probably used "rpm" which I only used for the very first
time to re-install Chrome in the hopes of replacing the
"damaged" browser with one that didn't cause those nasty
pop-ups), at least I now know the basics of rpm.

If ClamD is really not what would help me best, do you
have any suggestions (or, better still, recommendations)
for an actual CURE that might work? I've always thought
Linux to be almost as bullet-proof as UNIX, so this
episode with these pop-ups has been an eye-opener, one
that I could have done without!!!

Again, thanx for your response, and, if you have any
further thoughts, I'd be interested in hearing from you
again. Jan

=>> Hi there,
=>>
=>> On Wed, 31 Aug 2022, Jan Elliott wrote:
=>>
=>>> TO: "clamd user questions"
=>>> <clamav-users@lists.clamav.net>
=>>>
=>>> QUESTION: When I try to execute the command "clamd" I
=>>> get the following message:
=>>> ERROR: Please define server type (local and/or TCP)
=>>
=>> The tool (possibly 'clamdscan', but whatever it is) which
=>> tells clamd
=>> what it is to scan communicates with clamd through a
=>> socket. Running
=>> clamd on Linux, most people most of the time configure
=>> clamd to use a
=>> Unix socket but it can also use a TCP socket. You
need to
=>> choose one.
=>> Using a TCP socket may have security implications which I
=>> don't think
=>> you need to worry about in your present situation.
=>>
=>>
https://docs.clamav.net/manual/Usage/Configuration.html#clamdconf
=>>
=>> and try the command
=>>
=>> man clamd.conf
=>>
=>> Look for the configuration options which start with "TCP"
=>> and also
=>> those which contain the word "Socket".
=>>
=>>> .... The person who installed Fedora v36 suggested I
=>>> try CLAMD to get rid of a virus/whatever that apparently
=>>> infected my Chrome browser ...
=>>
=>> Try to think of ClamAV as an attempt to prevent rather
=>> than a cure.
=>>
=>> It isn't generally a good idea to try to get an infected
=>> system to
=>> repair itself. If the criminals who produced the
=>> malicious code are
=>> any good at their jobs - and some of them are *very* good
=>> because it
=>> can pay well - they will have ways of preventing
something
=>> like ClamAV
=>> from doing its job. There might easily be hundreds of
=>> compromised
=>> executables in the box. If you try to replace them all,
=>> you only need
=>> to miss one for the exercise to be pointless. You could
=>> never be sure
=>> that you'd found everything, and you might waste a lot of
=>> time finding
=>> out that you hadn't.
=>>
=>> My advice is to wipe the system and start from scratch.
=>> Thesedays it
=>> seems that even that isn't always enough and if the
threat
=>> has reached
=>> into the firmware then you might need to write off the
=>> machine, or at
=>> least substantial parts of it. It isn't an especially
=>> likely outcome,
=>> but it's one that you should bear in mind.
=>>
=>> What's the state of your backups?
=>>
=>> --
=>>
=>> 73,
=>> Ged.
=>> _______________________________________________
=>>
=>> clamav-users mailing list
=>> clamav-users@lists.clamav.net
=>> https://lists.clamav.net/mailman/listinfo/clamav-users
=>>
=>>
=>> Help us build a comprehensive ClamAV guide:
=>> https://github.com/Cisco-Talos/clamav-documentation
=>>
=>> https://docs.clamav.net/#mailing-lists-and-chat
=>>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Please help [ In reply to ]
Thanx very much! I'll give it a try ASAP. Jan

=>> Jan,
=>>
=>> Look in clamd.conf for something like:
=>>
=>> LocalSocket /var/run/clamav/clamd.ctl
=>> FixStaleSocket true
=>> LocalSocketGroup clamav
=>> LocalSocketMode 666
=>>
=>> or
=>>
=>> TCPSocket 3310
=>> TCPAddr xxx.xxx.xxx.xxx
=>>
=>> Sincerely,
=>>
=>> Eric Tykwinski
=>> TrueNet, Inc.
=>> P: 610-429-8300
=>>
=>> -----Original Message-----
=>> From: clamav-users
<clamav-users-bounces@lists.clamav.net>
=>> On Behalf Of Jan
=>> Elliott
=>> Sent: Wednesday, August 31, 2022 3:05 PM
=>> To: clamd user questions <clamav-users@lists.clamav.net>
=>> Subject: [clamav-users] Please help
=>>
=>> TO: "clamd user questions"
=>> <clamav-users@lists.clamav.net>
=>>
=>> QUESTION: When I try to execute the command "clamd" I
=>> get the following
=>> message:
=>> ERROR: Please define server type (local and/or TCP)
=>>
=>> BACKGROUND; I worked in Bell Labs for 17 years, where I
=>> learned UNIX. After
=>> leaving, I got assistance from a former co-worker to
=>> install Linux on my
=>> laptop in 2002.
=>> Since then, I've used Fedora Red Hat versions 12, 24, and
=>> recently had my
=>> laptop upgraded to version 36. My experience with system
=>> administration is
=>> limited and I no longer have someone with UNIX/Linux
admin
=>> knowledge to
=>> assist me. The person who installed Fedora v36
suggested I
=>> try CLAMD to get
=>> rid of a virus/whatever that apparently infected my
Chrome
=>> browser when I
=>> went to a music site I had been using for several years;
=>> the site now causes
=>> continual pornographic pop-ups!!
=>>
=>> I also have a Firefox browser and used it to download a
=>> new Chrome after I
=>> deleted the infected one, but I still get the pop-ups.
Was
=>> able to install
=>> CLAMD (rpm) and have read most of the man pages I could
=>> find, and checked
=>> what configuration files, etc., I could find, but still
=>> get the ERROR
=>> message. What do I need to read, edit, run, etc. to
=>> successfully get the
=>> "clamd" command to work.
=>>
=>> HELP, please!!! Thanx, Jan Elliott
=>>
=>> _______________________________________________
=>>
=>> clamav-users mailing list
=>> clamav-users@lists.clamav.net
=>> https://lists.clamav.net/mailman/listinfo/clamav-users
=>>
=>>
=>> Help us build a comprehensive ClamAV guide:
=>> https://github.com/Cisco-Talos/clamav-documentation
=>>
=>> https://docs.clamav.net/#mailing-lists-and-chat
=>>
=>>
=>> _______________________________________________
=>>
=>> clamav-users mailing list
=>> clamav-users@lists.clamav.net
=>> https://lists.clamav.net/mailman/listinfo/clamav-users
=>>
=>>
=>> Help us build a comprehensive ClamAV guide:
=>> https://github.com/Cisco-Talos/clamav-documentation
=>>
=>> https://docs.clamav.net/#mailing-lists-and-chat
=>>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat