Mailing List Archive

help with my system please hybrid os does not update signatures
let me first say sorry for hyjacking someone elses post i did not really know what i was doing
and it was just out of frustration

i am in real bother with this system as it is bumping up my cpu
there does not seem to be a lot of antivirus software for my low end capablity laptop
anyway hybrid system windows linux mint tara 19 not a dual boot you understand but a combantion
of windows and linux files
long story short i cant update clamav i also have the tk version
there is zero signatures on it ,so it cant find any dogey files , sigh :(


kind regards colin

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Citeren colin course via clamav-users <clamav-users@lists.clamav.net>:

> long story short i cant update clamav i also have the tk version
> there is zero signatures on it ,so it cant find any dogey files , sigh :(

Which version of ClamAV? Please post the output of 'clamscan -V' here.
You'll need at least version 0.103 in order to download signatures,
older versions [1] are not supported anymore.

[1] https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
thank you for helping me :) i have come across this and you are indeed correct
though i have used sanaptic to reinstall a couple of times but cant seem to get the updated version
i guess i better go read the http doc
regards colin

Tue Nov 23 23:17:58 2021 -> WARNING: Your ClamAV installation is OUTDATED!
Tue Nov 23 23:17:58 2021 -> WARNING: Local version: 0.103.2 Recommended version: 0.103.4
Tue Nov 23 23:17:58 2021 -> DON'T PANIC! Read https://www.clamav.net/documents

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
last installment of log file is this
regards colin

Thu Jan 6 11:26:43 2022 -> Giving up on https://database.clamav.net...
Thu Jan 6 11:26:43 2022 -> ERROR: Update failed for database: daily
Thu Jan 6 11:26:43 2022 -> ERROR: Database update process failed: HTTP GET failed
Thu Jan 6 11:26:43 2022 -> ERROR: Update failed.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Hi there,

On Sun, 16 Jan 2022, colin course via clamav-users wrote:

> last installment of log file is this
> regards colin
>
> Thu Jan 6 11:26:43 2022 -> Giving up on https://database.clamav.net...
> Thu Jan 6 11:26:43 2022 -> ERROR: Update failed for database: daily
> Thu Jan 6 11:26:43 2022 -> ERROR: Database update process failed: HTTP GET failed
> Thu Jan 6 11:26:43 2022 -> ERROR: Update failed.

Could you let us have a bit more than that? There are many possible
reasons why an HTTP GET request could fail. The message you've shown
is what happens when the FC_EFAILEDGET is set, but there are a dozen
or so places in the code where that can happen for different reasons.

In most cases there's a also a more informative message, immediately
before the general 'HTTP GET failed' message.

You can also get more verbose logging, which is sometimes useful, by
tweaking your configuration (e.g. set LogVerbose in freshclam.conf).

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Citeren colin course via clamav-users <clamav-users@lists.clamav.net>:

> last installment of log file is this
> regards colin
>
> Thu Jan 6 11:26:43 2022 -> Giving up on https://database.clamav.net...
> Thu Jan 6 11:26:43 2022 -> ERROR: Update failed for database: daily
> Thu Jan 6 11:26:43 2022 -> ERROR: Database update process failed:
> HTTP GET failed
> Thu Jan 6 11:26:43 2022 -> ERROR: Update failed.

This doesn't look like you're using freshclam to update the
signatures. Download methods that don't use freshclam are actively
blocked (with a few exceptions), so chances are you're being blocked
now. Unless you want to mirror the signature database to internally
redistribute the signature files, you really should be using freshclam.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Citeren Arjen de Korte <build+clamav@de-korte.org>:

> Citeren colin course via clamav-users <clamav-users@lists.clamav.net>:
>
>> last installment of log file is this
>> regards colin
>>
>> Thu Jan 6 11:26:43 2022 -> Giving up on https://database.clamav.net...
>> Thu Jan 6 11:26:43 2022 -> ERROR: Update failed for database: daily
>> Thu Jan 6 11:26:43 2022 -> ERROR: Database update process failed:
>> HTTP GET failed
>> Thu Jan 6 11:26:43 2022 -> ERROR: Update failed.
>
> This doesn't look like you're using freshclam to update the
> signatures. Download methods that don't use freshclam are actively
> blocked (with a few exceptions), so chances are you're being blocked
> now. Unless you want to mirror the signature database to internally
> redistribute the signature files, you really should be using
> freshclam.

Never mind the above: the output indicates you're actually using freshclam.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
yes sorry ged i relized i posted the wong bit but it was to late
i also have a vital peice of information for you and humanity and any who read this post dont know how to get it to you i will have to make it cyptic so as to pass the mordrators

as it could be mistaken for advitising which is not my objective

there is an alban cover of a pink floyed record two men shaking hands
one of the men is on fire i am not like that
it is an information war
and there does indeed exsist a red pill stay tuned before are interataction is over i will give you this vital souce of information
though you may alredy know of it i have no way of knowing and this souce has been heavly propagandised

regards colin

Thu Jan 6 11:26:38 2022 -> WARNING: remote_cvdhead: Download failed (6) Thu Jan 6 11:26:38 2022 -> WARNING: Message: Couldn't resolve host name
Thu Jan 6 11:26:38 2022 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Thu Jan 6 11:26:38 2022 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Thu Jan 6 11:26:38 2022 -> Trying again in 5 secs...
Thu Jan 6 11:26:43 2022 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Thu Jan 6 11:26:43 2022 -> ERROR: remote_cvdhead: Download failed (6) Thu Jan 6 11:26:43 2022 -> ERROR: Message: Couldn't resolve host name
Thu Jan 6 11:26:43 2022 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Thu Jan 6 11:26:43 2022 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
thank you arjen
going to have to look at this tommow as i am pushed for time but thank you for all your help
its a log file from the db folder
regards colin
freshclam.log, mirrors.dat = copy and pasted


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
On 16.01.22 15:38, colin course via clamav-users wrote:
>yes sorry ged i relized i posted the wong bit but it was to late

>Thu Jan 6 11:26:38 2022 -> WARNING: remote_cvdhead: Download failed (6) Thu Jan 6 11:26:38 2022 -> WARNING: Message: Couldn't resolve host name

this looks like DNS problem.
does this error appear all the time?

>Thu Jan 6 11:26:38 2022 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
>Thu Jan 6 11:26:38 2022 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
>Thu Jan 6 11:26:38 2022 -> Trying again in 5 secs...
>Thu Jan 6 11:26:43 2022 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
>Thu Jan 6 11:26:43 2022 -> ERROR: remote_cvdhead: Download failed (6) Thu Jan 6 11:26:43 2022 -> ERROR: Message: Couldn't resolve host name
>Thu Jan 6 11:26:43 2022 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
>Thu Jan 6 11:26:43 2022 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
i have no idear ged
i asked my provider what there dns server was but the person i spoke to
did not even have understanding of what dns was tech um ok

any way i will find out what you have asked
and hears a bit more of what i talked about last time
on the souce which you do not have at this present time
there is a catholic preist italian evrebody needs to hear what he has to say
carlos marinos varogone ,put his life on the line
there was an italian doctor saying the same thing but he is no longer with us jfks ghost would proberly say i told you so

right down to my bit fighting this thing on a daily basis
ran a scan with out knowing it read out below
now this is the strange bit i have recently been changing permisions
when it was root on the process tab i am talking about
the user was 1000 which is me. down on the comand line bit it said ignore
many directories to scan such as home and ect i cant rember exsactly .

Now that i have changed the permission the user is 121
and the command lins says

security context usr/bin/freshclam enforce
command line usr/bin/freshclam -d --foreground true

i tried to copy and past but was not possibe hear is the scan that came about by mistake nope lost that one so hear is another though its probely of no use as the other one succeeded to scan and this one did not dam!!

WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:22
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
zone8@zone8-Latitude-D510:~$

kind regards colin
















_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Hello again,

On Mon, 17 Jan 2022, colin course via clamav-users wrote:

> ... i have recently been changing permisions ...

Please do not romp around the operating system changing permissions on
things unless you are sure that you know what you're doing and why.
At best you will make the system insecure, at worst you will break it.

> ... security context usr/bin/freshclam enforce ...

This tells me that you're using an 'add-on' kind of package which adds
extra security to the system. Unfortunately some of these packages
bring with them constraints which can sometimes make things difficult
for a beginner - especially if you blindly opt for the highest levels
of security when you configure it. I wouldn't want to suggest that
you disable anything like that, but it might be worth your time to
find out more about it and about how to tell it what you want to do
with ClamAV, both when you dowload and install ClamAV data and when
you tell ClamAV to scan things.

> ...
> WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:22
> ...

The SafeBrowsing option was deprecated a long time ago. It's just
about possible that up to date packages from current distributions
still have deprecated options in their sample configurations, but
perhaps you're using an out of date version of the ClamAV software?
Check for the latest available package for your system on the ClamAV
Website and install that using the package manager for your system if
you can (see below). Old ClamAV versions are blocked from accessing
the database download servers because they have inefficient download
utilities compared with recent versions, and that has caused problems
for the download servers in the recent past.

> ...
> ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
> ...

If the freshclam utility cannot write to its log file then either
you're running freshclam as the wrong user or something is broken.
Maybe you should use the package manager to purge all the packages
which together make up ClamAV on your distribution, and then start
again by reinstalling them using the package manager.

It seems to me that your efforts to improve the security of your
systems risk doing more or less the oppposite. A lot of talented
people with wide experience and good motivation have put huge amounts
of effort (here I'm talking in terms of at least man-centuries) into
the systems you're using. You aren't going to improve on what they've
done without a respectable amount of study and probably quite a bit of
experimentation. You might be better advised to take a deep breath
and spend some time learning about the systems (and their security)
before you try doing anything to improve them. Bear in mind that even
if you get ClamAV working perfectly, just by using it carelessly you
can cause problems for an otherwise working system. Especially note
the memory requirements; you will probably need a gigabyte of RAM for
the signature database alone, and if your configuration doesn't take
precautions you may need twice that to do a clamd database reload.
Things will probably go really slow if you make the system 'swap'.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
hello ged thanks for all your help
i know changing permissions is not a good thing but when you have a
rampant virus running around the system there is not much choice
for restricting it to getting to other files
would not belive the pain i am going threw just to get the browser to work
any way thats a long story suffice it to say i have many hunndreds of binary files on this linux opertating system and i have indeed broke it quite a few times but timeshift is helping me and my enemy because i think its dipping in to it as well

right last part of what i have been talking about and i beg you to look
source first part of word
if i give you a B?? to tast then you might like it
second part of word
what you throw your rubish down or what you use to jump out of a aroplane spelt that way
not the spelling of what a gun does or if plant is showing any signs of
C????
put those two words together and seach that word i will not now mention of it anymore you have the souce

now thats done let me give you something usefull as i know i have not so far regarding this problem
i looked on the clam page Read https://www.clamav.net/documentsbut it gave me a headach maybe you could walk
me threw the removal and instaltion of my system if you cant thats fine
as you have written loads already and i will have to read it with close inspection
hears what i have according to snaptic on my 32bit system first part of the word is there in that sentence

0.103 .2 dfgs oubunta clamav
0.103.2 dfsg oubunta clambase
0.103 .2 dfsg oubunta clamav
clamtk 2.25-1 and then just empty space

ok ged thats it when searching souce dont listen to the propagda as
certain partys are leading people to the cliffs edge

regards colin

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
one more thing ged
who is this user 121 ?is that normal to see on process properties
and its only on clam
it was root and thats when the scan worked but i have seen it being user
121 before
i am having to change permissions to stop virus running all over me
and i have recently seen that now my root is open
which is same meaning as second part of that word anyways
and i know thats not good thing specialy when browsing the internet
its got a shortcut to root anyways cwf folder i think
goes straght to root from processes also found a thread in process that is
called presure monitor that dont sound good especially that cpu is being bumped had this thing for about 5months now started off on a windows os
got rid of it once that was untill i installed gparted now its back
wont let me go anywhere near vid content maxes out my cpu so it does

regards colin

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Hello again,

On Mon, 17 Jan 2022, colin course via clamav-users wrote:

> one more thing ged
> who is this user 121 ?is that normal to see on process properties
> and its only on clam
> it was root and thats when the scan worked but i have seen it being user
> 121 before

In a Linux system, each user has both a numeric ID and a name. The
numeric IDs are picked by the system when it creates new user names
and they will differ from one system to another because the users are
created for example when you install software and you usually won't do
exatly the same things in exactly the same order on different systems.

This can cause an issue when you transfer files from one system to
another, e.g. with an archiving utility like 'tar'. The number itself
isn't really of concern, and although there is some meaning in it (low
numbers tend to be 'system' users but you can control that) you really
don't need to worry about it if you're working on a single system.

> i am having to change permissions to stop virus running all over me

That's never going to work.

If your system has already been compromised then you are wasting your
time trying to install ClamAV - or anything else - on it.

Replace all the mass storage devices, and start again from scratch
with a known good installation medium from a known good source. If
you do not want any data from the existing system then instead of
replacing the mass storage devices you *might* safely be able to wipe
and reformat them but you need to know what you are doing to do that
and I am fairly sure that you are not at present capable of doing it.
Some malware may even be able recover from a reformat but admittedly
that's rare.

After that and before you do anything else with the system make sure
that *everything* on it is up to date on security patches provided by
the distribution. Then keep it that way daily by seting up automatic
system updates. There will be a way to do that using your system's
package manager and a package or packages provided by the 'distro'.

Treat the compromised storage devices as dangerous to a computer's
health until you learn how to handle them safely, which is going to
take you a while - possibly years. If there may be data which you
need on the devices you might want to consider using a data recovery
service to get it back but at present you are probably not capable of
safely copying data from a compromised device to a clean device. You
could compromise the clean device if you did that.

Do not visit nor believe random Internet sources nor mail messages
which claim to have found or be able to fix fix problems with your
computer. In fact as a general rule of thumb do not believe what
you read in mail nor on Internet sources unless you have very good
reason to do so. I am very happy for you to suspect that I might
not be telling you the truth - you have to make your own decisions
when you're out in the forest on your own and it's the same on the
Internet at the moment. There is no Internet Police Force, and no
Internet Search and Rescue, and no Internet Fire Brigade, and there
is no Internet Ambulance Service. Eventually perhaps there will be,
but then there will probably also be Internet Licenses and Taxation,
so enjoy the Wild West it while it's free for all (a free for all:).

You have most probably visited a compromised Website, or opened a
malicious email inadvisedly using a graphical mail client. It's best
if you train yourself not to visit random Websites and learn to be
*very* choosy about which email message you read. If it's any guide
at all, more than 95% of the emails which are offered to my servers
are either criminal or junk. I have personally put decades into work
which prevents anyone here from ever seeing them. I'm not finished.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
OK Ged you have given me my answer
and there would be little point in me asking you to repeat it that i would presume would only anioy you
i have a numerical id for myself it is 1000 in the processes
I found a dogey file the other day just by eye and sent it to the trash
only it did not arrive at destination but looking at my system seems to of
got rid of quite a few binary files i also have got the infomation i could not
produce for you the other day
its in the cron file and on my process on clam av as is it back to root
clam also running but 21 cpu% so its tyring to do something
but i do not like the look of what that cron file is saying looks bad
hopefully i am about to give you that and a clan scan read out of it working

i also like the look of that clam test file but bionc does not seem to want
to list it as an option gone are the days when you could just use
many different respositys picking and choosing
but the same could be said for browsers get three pages if you lukey now
and if there is more just repeating itself no more 123000 results
they are restricting it as they go but they had to offer it sugar coated at
first other wise no one would have brought it or wish to use it

Now thats said hear is just one more thing if a man stand at the cliffs edge
and does not relize that the footing is unsure and could very likely end up
plunging into the sea would it not be remiss of another man to warn that
the ground was unstable
this virus and i am not talking about computers the big C word has not been isolated 100% fact not comming from fake checkers where that name would be more apt

Thank you again for all your help if you still want to go on with me
i would be appreciative but quite understand if you dont as you have alreadey given me your answer hear are the two readouts for what they are worth


cron tab

1
2 7 12 * * * /usr/bin/clamscan --exclude-dir=/home/zone8/.clamtk/viruses --exclude-dir=smb4k --exclude-dir=/run/user/zone8/gvfs --exclude-dir=/home/zone8/.gvfs --exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/zone8 --log="$HOME/.clamtk/history/$(date +\%b-\%d-\%Y).log" 2>/dev/null # clamtk-scan

Dam that scan it gone back to user 121 again form root and this time it
was not me who touched the permissions

kind regards colin

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Hi there,

On Tue, 18 Jan 2022, colin course via clamav-users wrote:

> ... i do not like the look of what that cron file is saying looks bad
> ...
> cron tab

The 'cron' system is usually part of the core of more or less any
Linux installation. There are alternatives to it but they function
in the same general way, running jobs to a schedule called a crontab.

Use the 'man' command to see the manual page about crontab. Type:

man crontab

at a shell prompt (sometimes people call it a 'terminal' window, it's
a different thing that effectively does a similar job). There's what
we call a 'man page' for more or less every command on the system and
a whole lot more than that for some commands, and also a lot of pages
for things which aren't commands but for example configuration files.

It should be safe to explore the 'man' pages, you can type

man cron

for the man page about 'cron', and you can even type

man man

for the man page about 'man'. :)

> 1
> 2 7 12 * * * /usr/bin/clamscan \
> --exclude-dir=/home/zone8/.clamtk/viruses \
> --exclude-dir=smb4k \
> --exclude-dir=/run/user/zone8/gvfs \
> --exclude-dir=/home/zone8/.gvfs \
> --exclude-dir=.thunderbird \
> --exclude-dir=.mozilla-thunderbird \
> --exclude-dir=.evolution \
> --exclude-dir=Mail \
> --exclude-dir=kmail \
> -i --detect-pua -r /home/zone8 \
> --log="$HOME/.clamtk/history/$(date +\%b-\%d-\%Y).log" \
> 2>/dev/null # clamtk-scan

I've reformatted your mail to show what I think it's telling me. The
way I've done it might help you make sense of it. I hope so. You'll
probably need to look at the ClamAV documentation to work it all out
but it should be fairly straightforward. The numbers '1' and '2' at
the beginnings of the first two lines could be misleading, but I think
that they're just sequential line numbers (the first line being empty)
and so I think they're not important. You won't see them if you just
type 'crontab -l' at a shell prompt to see your crontab. A convention
we use to break long lines for example in emails is to put a backslash
character at the end of a line which means that the next line is to be
treated as a continuation of the previous line. Confusing it further
is the convention that when I quote your mail, each line of the quote
is preceded by the characters '> ' but I think you'll get the idea.

Although I have to say I wouldn't do anything like that, I don't know
why you don't like the look of the crontab entry. It's just a single
job which if I read your mail right is started daily at seven minutes
past noon and uses clamscan to scan your home directory, with a bunch
of directories excluded from the scan. I don't know much about your
system so can't really pass judgement on the command, but it's normal
to see that kind of scheduled job in a crontab. It could easily be
the sort of thing that was added to your crontab by an anti-virus tool
which you've installed but it doesn't look like anything malicious. I
would say there seems to be no built-in protection against overload,
so if the job doesn't finish by seven minutes past noon the next day
then cron will try to run another one. Things might then go downhill
from there. Without more information there's no way to know how long
a scan will take, so I don't know if that's a problem, but some scans
can take many hours. My feeling is that generally the longer a scan
takes, the less useful it is likely to be.

At this point I can't say for sure if your statement that you've been
chasing viruses is to be taken at face value or not. You might just
have been chasing your own tail. I must admit that I have had some
difficulty understanding your posts completely. Do you know anything
at all about the viruses that you claim to have been chasing?

--

73,
Ged.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
hi ged thanks for all the man stuff will look into :)

i dont like the cron job because it saying as far as i can tell
its excluding those directories not scanning them .
even if it did it would find zilch as there are no virus signatures on my laptop
virus explanation
started with a windows os there used to be a yellow banner across the top
of the browser saying "there is a page slowing down your browser click hear
now i come to think of it ,it was proberly the cpu being bumped up

would you call a virus that can morph in to three different flies a virus ?
i thought i was getting rid of the binary files but they were changing into
some other file
choices ara a folder ,a binary file or a text abc file

some are only obviouse because the are binary on a linux supposedly system and are tied in to the operating system took the tick out of the box for an excec file
and systems monitor stopped working i have got it back now but i thought i
was going to havet to go back to timeshift
i am quite intutive chap and think sometimes out of the box



there are nurmouse strange ocurrances i have wittnesed one that comes
to mind is a tab flashing up and was gone in the blink of an eye

saying we can stop this operation or it might have said we cant stop
this operation

did you work out the souce ? i hope that was understandable at least
if i throw this down the rubbish C???? 64 or a 32 B?? swap the two parts and put them together

i would say if a rat is in a darkend corner in the room no one would know of presence when it might pounce or move to another part of the room
but if you shine a light on that rat in the corner
evrebody could then see it and say there is a rat in the corner of the room
beware and dont go near it
and the rat would leave as evrebody would know where it is and its wicked purpose could not be carried out
though it has bitten far to many already

regards colin





_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Hi there,

On Wed, 19 Jan 2022, colin course via clamav-users wrote:

> i dont like the cron job because it saying as far as i can tell
> its excluding those directories not scanning them .

It's only excluding some directories, but if you wish you can just
remove those exclusions. However it is only scanning one directory,
and you don't seem to be complaining about that. To use ClamAV to
best effect you need to have a fair idea of what you want to do and
why you want to do it. You also need to have a pretty good plan to
put into action for the time when something nasty is actually found
(even if it wasn't ClamAV that found it :).

> even if it did it would find zilch as there are no virus signatures on my laptop

Straying back onto the topic now. :) That's the part that we can most
easily do something about. It will be baby steps, starting with the
collecting of information. If you're up for it, start by telling me
about the laptop. Exactly what is it, and how much memory and storage
(hard disc, or whatever it uses instead of a hard disc) does it have?
Exactly what is the operating system and exactly how was it installed?

You say you've installed ClamAV and ClamTK too. Same questions as OS.

Please be detailed and precise in your answers, or I'll just ask the
same questions over and over again until you buckle. I should say I'm
unfamiliar with ClamTK but I gather that it's more or less just a GUI
interface to ClamAV. As far as possible I avoid GUI interfaces. I'd
suggest you don't try to do anything at all with ClamTK until we've
established that you have ClamAV properly installed with an up-to-date
signature database, but at this point that's probably getting ahead of
ourselves - let's work on the basic ClamAV installation first. It may
take some time.

> virus explanation
> started with a windows os there used to be a yellow banner across the top
> of the browser saying "there is a page slowing down your browser ...

Browsers often say that. Usually it's simply because the person who
wrote the code for a Web page or site was incompetent. Sometimes it's
because they're trying to use your computer (through your browser) for
some purpose of their own but there's no reason to jump to conclusions
without more information.

> would you call a virus that can morph in to three different flies a virus ?

I really don't know what to make of that question. It doesn't give me
anything like enough to go on. It's a bit like saying "would a cake
that can morph into three different pies still be called a cake?". If
you can give me some specifics I can try to give a better answer.

> i thought i was getting rid of the binary files but they were changing into
> some other file
> choices ara a folder ,a binary file or a text abc file

Do not delete binary files (nor mess with permissions) until you
understand what you're doing. By the sound of it you're a very long
way from understanding how a Unix system works. If you mess with it
without understanding it then you'll be a bigger threat to the system
than the threats that you're imagining that you're protecting it from.

> some are only obviouse because the are binary on a linux supposedly
> system and are tied in to the operating system took the tick out of
> the box for an excec file and systems monitor stopped working

Nothing is obvious at this point. I don't know what you mean by being
obvious because it's "binary on a linux supposedly system". It sounds
to me like you mean there shouldn't be binaries on a Linux system, and
if that is what you mean then (a) it's nonsense and (b) you would give
the impression that you've jumped to more conclusions.

> there are nurmouse strange ocurrances i have wittnesed one that comes
> to mind is a tab flashing up and was gone in the blink of an eye

You don't have to worry about things like that. Most of the malicious
software in existence goes to quite a lot of trouble to make itself at
least very stealthy, if not undetectable. If you need to worry about
anything, then it's about things that you can't see at all. That may
be one reason for using a virus scanner - although in my view perhaps
not a particularly good one.

> did you work out the souce ? i hope that was understandable at least
> if i throw this down the rubbish C???? 64 or a 32 B?? swap the two parts and put them together

Sorry, you completely lost me.

> ... a rat ... in the corner of the room ... its wicked purpose ...

Only people are wicked. One of my dogs is sometimes a bit naughty,
but it doesn't make her any less lovable. Maybe more. The rat is
just trying to survive, and pass on its genes.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Thank you get for still helping me
i will get back to you with specifics of lappy at a later date
i know it is low on memorey but disk storage is about 40 to 50%
so far i think you help me deudce that the currant instlation clam .3
is no longer used for virus signatures and i would need ,4

this i will keep repeating till i am blue in the face as the word important can not be stressed enough
i hope that rat does not multiply as we have enough trouble with the ones we have already

the word i am giveing you is the souce for information you need to l@@k
B?? C???? join them together PLLLEEEEAAASSSE
search that word on your faviout search engine and do not listen to
the propagnda about it certain rats are leading people down the parth and
over the edge of a cliff

for now i will leave you with my clamav config file and get back to you
with the other information you have asked for
oh and by the by can i pick your brain about thease two my search turned
up zero on search engine
GS Shadow file and the other was a Molacat process ?
and are you saying that you can have binary files on a linux system in the
operating system ?

Clam Conf


Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
SafeBrowsing false
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net


regards colin

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
hears the first bit ged i think i given you the clam data but you must of
missed it
as for the more important issue and it is
i have looked at it enough to know i am not wrong the universal truth is
insane i give you this date you search it for me they are not shy

201 newyork 18th of october 2019
just one of the many coincedences

hear is laptop gen

latitued D510

linux mint 19 tara 32bit
kernel linux 4 .15.90 20 generic i686
mate 1 20 1

now your going to laugh or cry

memory 483 .4 mib
processor intel cerlron process 1.60hz

avalible disk space 45.5 gib

my 64 bit is broken as the cornector came off the board always was running cpu so it made sort of tharshing sound was not pleasent
so this virus has already done for one laptop
gave it to a repair man and he said could not do nothing with it and gave it
back to me in a worse state then it was now it needs a soldering iron

kind regards colin


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
its still scaning ged
so thats something at least but i dont know what

----------- SCAN SUMMARY -----------
Known viruses: 92
Engine version: 0.103.2
Scanned directories: 269
Scanned files: 64021
Infected files: 0
Total errors: 1
Data scanned: 2045.69 MB
Data read: 2451.55 MB (ratio 0.83:1)
Time: 1747.559 sec (29 m 7 s)
Start Date: 2022:01:19 12:07:08
End Date: 2022:01:19 12:36:16

regards colin
i would like it to scan all directories but it would have to have virus sigs
to make that usefull
and you are bang on tk is a graphic interface


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Hi Colin,

On Fri, 21 Jan 2022, colin course via clamav-users wrote:

> ...
> memory 483 .4 mib
> ...

Your typing leaves a lot to be desired but I guess you've done your
best to give me the information that I asked for. If we're meant to
read that as four hundred and eighty-three point 4 Mebibytes then it
probably means you will not be able to run ClamAV on your laptop.

The published database uses about twice as much memory as that. The
operating system *can* use disc as a sort of poor-man's memory *but*
it's at least a thousand times slower to use, and if it works at all
that would probably make scanning so slow as to be unusable.

Since you're running Linux, and most of the published signatures are
intended to detect threats to Windows and other Microsoft products, it
might be possible to use a slimmed-down database which excludes those
signatures which aren't a direct threat to your system *but* it's not
something that I'd recommend, I don't know of such a database, and in
any case I wonder if you have the skills to use something other than
the vanilla database from the ClamAV team.

In short I think if you want to run ClamAV the best thing you can do is
start by getting a computer with enough memory. My recommendation would
be one with at least 4 GBytes. The processor speed is not as important,
but the slower it is the proportionally longer the scans will take.

Sorry to be the bringer of bad news.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Side comment about the below though:


Sent from my ? iPhone

> On Jan 21, 2022, at 18:16, G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Since you're running Linux, and most of the published signatures are
> intended to detect threats to Windows and other Microsoft products

Only because of the predominance of the threat. Elf binary signatures are written constantly, as well as for OS X binaries.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: help with my system please hybrid os does not update signatures [ In reply to ]
Thanks joal for info
i have seen elf files lying about when browsing my system
clam is offerd as utility by linux repostries only the one though bionic
as they do not seem to give you much of a choice thease days
i have also noticed on my system grub file at least one of them a
Hybrid Image file what ever that is
i see grub covers files over with music files for the ones they do not use
when handing over to intrid
or thats what i am guessing

kind regards colin
hope you are takeing note of the more important subject if you are following this thread evrebody needs to know about it
thank you Joel
if you throw someting up it must come down the universal law of gravitey
there is only one universal truth though many may not be awhere of it
but as evrey day passes more and more are becoming awhere
though the red pill has a very unpleasent tast

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

1 2  View All