Hello again,
In what I have written below I have tried to be clear, but if my use
of English is difficult for you to understand please say so and I will
try harder. I am sorry if some of the things I have written seem too
obvious, but I do not know what is obvious to you and what is not.
On Wed, 30 Sep 2020, Victor Miriti [ICT Security] wrote:
> I would like to scan the files in my solaris 11 box.
If you have installed ClamAV properly I would expect that you now have
available to you a command-line utility called 'clamscan'. At the
simplest level you should, at a "shell" prompt, be able to give this
command:
$ clamscan /path/to/file
and clamscan will scan the file. It might take a while - we can talk
about that later. The '$' symbol on the line is a substitute for the
prompt which your shell will give you before you type the command; you
do not type it yourself. I do not know what shell you have installed
so I can't tell you what it will look like on your screen. If you
normally use a "graphical user interface" or 'GUI' to do most things
on the box then you will need to 'open a terminal' or something like
that to get a shell prompt so you can issue command-line commands.
After you give a command you generally get some output on the screen.
Again we can talk about that later but for now just expect to see some
kind of response to the command followed by another prompt. You have
to wait; you can't give another command until you get the next prompt.
(Well you can't normally, there are ways, but we won't go into that.)
The shell prompt normally changes from something with a '$' symbol in
it to something with a '#' symbol when you change from a normal user
to the 'root' user, which has elevated permissions. These permissions
are generally dangerous, and the 'root' user should not be used unless
there is a good reason for it. Installing system utilities will need
elevated permissions for example.
You should also have a utility called 'clamdscan'. Note that there is
an extra letter 'd' in that command that was not in the first command.
You can also give the command
$ clamdscan /path/to/file
and this time clamdscan will scan the file - in a way. In fact it
merely passes the data to clamd and clamd does the actual scanning.
So clamd needs to be running if you are to use clamdscan. It should
give the result a lot quicker than 'clamscan' did. But it might not
work, because you might have some configuration to do. It might be
that clamd is not running and it might be that clamdscan doesn't know
how to talk to it. That's where configuration probably starts but it
is definitely not where it ends.
What is the box used for?
Is it normally connected to the Internet? How? Is there a firewall
(or something similar) between it and the Internet?
To what risks do you think the box is exposed?
Which files do you want to scan, and why?
What do you want the scan to look for?
What will you do if ClamAV says it has found something?
> I installed clamd
How did you install it? You can install from source, or from some
'package' which was produced by someone else. Please tell us which.
Either way, please tell where you got it from. You can install for
just yourself or for the entire system. Again, please tell us which.
Normally you would install for the entire system but you need to have
permission to do that. If you are at a bank I wonder if you have the
necessary permissions. If you have installed ClamAV properly, there
should be much more than just clamd installed. Amongst other things
you should now have a set of what we call 'man' pages which form the
bulk of the documentation which you may need for day-to-day use. If
for example you type
$ man clamd
at a shell prompt you should see (displayed by your system-configured
pager, which you will need to know how to use) the terse information
typically provided by a 'man' page about clamd. It assumes that you
are familiar with the way that a 'man' page is laid out, and that you
already know quite a bit about the tool. It gives you the essential
information that you need to be able to use it and very little more.
You should also have a manual in HTML format, which is also available
on the ClamAV Website, but I do not know where your local copy will be
without more information from you and apparently in any case you have
had some difficulty with it. If you tell us more about the difficulty
we can try to help, but there is a lot for you to read and understand
and we cannot do that for you.
Do you know very roughly how a scan works?
Do you know what clamd is and what it does?
Are you familiar with the tools on your system which are used to start
and stop system services, and to enquire about their status?
Do you know if clamd is running on your system? If so, how?
If it is not running, do you know why not?
Do you know how to control (stop and start) clamd?
Have you, or has your system, created a ClamAV database directory?
Are there some signature files in it? Are they up to date?
Do you know about freshclam? Do you know what it does?
Do you know if freshclam is running? Again, how, and if not, why not?
Read the following 'man' pages by typing these commands at a prompt:
man clamscan
man clamdscan
man clamd
man clamd.conf
man freshclam
man freshclam.conf
After reading these, please let us know if anything is any clearer to
you, and if you have any specific questions about what you have read.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
image001.gif (1.04 KB)