Mailing List Archive

Hi there,

On Sat, 10 Sep 2022, colin course via clamav-users wrote:

> could you take a quick look at my freshclam config please ...

The configuration for freshclam determines things like when and how
the signature database for ClamAV on your computer will be updated.

If you want us to guess how ClamAV is likely to behave when it looks
for threats on your system, then it would probably be more useful to
post the configuration for the clamd scanning daemon together with a
bit of information about the system. The configuration is usually in
the file called 'clamd.conf' but some Linux distributions mess around
with the way things are configured so you might need to look for other
files. Some of the most important things we need to know about the
system are how much memory it has installed; what operating system it
is running; what other things are running on the system (especially if
they might use a lot of memory); what you've done wth it; and anything
you can tell us which makes you think that it's been compromised. Try
to be very precise. For reasons which completely elude me, sometimes
in your posts you have deliberately tried to be obscure. Do please be
aware that the time I have remaining to me in my life is far too short
to bother with riddles. If you want *me* to guess at things you'll be
disappointed. Rather than struggle with riddles I'll just ignore them.

> i have a virus as i tried to exsplain to Ged been with me since 22nd
> of November like an old aquaintence it is now.

In January I told you that, because your computer had less than half a
gigabyte of memory available, it would not be able to run ClamAV with
the full set of 'official' signature files:

https://lists.clamav.net/pipermail/clamav-users/2022-January/012257.html

I also suggested that the safest way to remove the virus from the
computer (if one was there) is to wipe the entire system and install
from scratch:

https://lists.clamav.net/pipermail/clamav-users/2022-January/012247.html

What have you actually done?

> One thing it will not let me do is set file permisions in directories

I have already explained that before you mess with file permissions
you need to know what you're doing:

https://lists.clamav.net/pipermail/clamav-users/2022-January/012253.html

> i have tried to scan single files with clamtk but its just taking to much juice
> i hear clamd is a gentler scanner ,which i do have installed on my system

Unless I've missed something, ClamTK is just a graphical interface to
the ClamAV scanner:

https://en.wikipedia.org/wiki/ClamTk

If anything it is likely to be less gentle than ClamAV used by itself,
at least if you're careful in the way that you use ClamAV commands.

ClamTK will in any case probably use more memory than ClamAV by itself
(because that's the way things usually are with graphical interfaces)
and at least the last time we discussed this your system was much too
short of memory to load the full 'official' ClamAV signature database.

My crystal ball has been distinctly foggy since I fell off my bike so
please, take it from the top and tell us what we need to know so that
we can help you.

If you really do have a virus on your computer it's best if you don't
keep it connected to the Internet. It's irresponsible. If it really
is a virus then it's much more likely to be a problem if it's able to
contact (a) the malicious folks who put it on your computer, who will
use it for crime and (b) more victims - by which I mean everyone else.

Incidentally I see you're using Yandex mail. You might try using your
favourite search engine to search for

Yandex malware

You might just have found something which has taken over your browser,
but that's really a guess. If you have, then I'm afraid the ClamAV is
not designed to help you get rid of it. My main advice is unchanged
from what it was in January but you *might* get away with removing all
traces of your browser and installing one from scratch.

--

73,
Ged.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

You are full of Ged i wish someone else had answerd rather than you just my luck ,
You are so up yourself that if you went any further you would diseapear which probally would be a good thing
colin

> Hi there,
>
> On Sat, 10 Sep 2022, colin course via clamav-users wrote:
>
>> could you take a quick look at my freshclam config please ...
>
> The configuration for freshclam determines things like when and how
> the signature database for ClamAV on your computer will be updated.
>
> If you want us to guess how ClamAV is likely to behave when it looks
> for threats on your system, then it would probably be more useful to
> post the configuration for the clamd scanning daemon together with a
> bit of information about the system. The configuration is usually in
> the file called 'clamd.conf' but some Linux distributions mess around
> with the way things are configured so you might need to look for other
> files. Some of the most important things we need to know about the
> system are how much memory it has installed; what operating system it
> is running; what other things are running on the system (especially if
> they might use a lot of memory); what you've done wth it; and anything
> you can tell us which makes you think that it's been compromised. Try
> to be very precise. For reasons which completely elude me, sometimes
> in your posts you have deliberately tried to be obscure. Do please be
> aware that the time I have remaining to me in my life is far too short
> to bother with riddles. If you want *me* to guess at things you'll be
> disappointed. Rather than struggle with riddles I'll just ignore them.
>
>> i have a virus as i tried to exsplain to Ged been with me since 22nd
>> of November like an old aquaintence it is now.
>
> In January I told you that, because your computer had less than half a
> gigabyte of memory available, it would not be able to run ClamAV with
> the full set of 'official' signature files:
>
> https://lists.clamav.net/pipermail/clamav-users/2022-January/012257.html
>
> I also suggested that the safest way to remove the virus from the
> computer (if one was there) is to wipe the entire system and install
> from scratch:
>
> https://lists.clamav.net/pipermail/clamav-users/2022-January/012247.html
>
> What have you actually done?
>
>> One thing it will not let me do is set file permisions in directories
>
> I have already explained that before you mess with file permissions
> you need to know what you're doing:
>
> https://lists.clamav.net/pipermail/clamav-users/2022-January/012253.html
>
>> i have tried to scan single files with clamtk but its just taking to much juice
>> i hear clamd is a gentler scanner ,which i do have installed on my system
>
> Unless I've missed something, ClamTK is just a graphical interface to
> the ClamAV scanner:
>
> https://en.wikipedia.org/wiki/ClamTk
>
> If anything it is likely to be less gentle than ClamAV used by itself,
> at least if you're careful in the way that you use ClamAV commands.
>
> ClamTK will in any case probably use more memory than ClamAV by itself
> (because that's the way things usually are with graphical interfaces)
> and at least the last time we discussed this your system was much too
> short of memory to load the full 'official' ClamAV signature database.
>
> My crystal ball has been distinctly foggy since I fell off my bike so
> please, take it from the top and tell us what we need to know so that
> we can help you.
>
> If you really do have a virus on your computer it's best if you don't
> keep it connected to the Internet. It's irresponsible. If it really
> is a virus then it's much more likely to be a problem if it's able to
> contact (a) the malicious folks who put it on your computer, who will
> use it for crime and (b) more victims - by which I mean everyone else.
>
> Incidentally I see you're using Yandex mail. You might try using your
> favourite search engine to search for
>
> Yandex malware
>
> You might just have found something which has taken over your browser,
> but that's really a guess. If you have, then I'm afraid the ClamAV is
> not designed to help you get rid of it. My main advice is unchanged
> from what it was in January but you *might* get away with removing all
> traces of your browser and installing one from scratch.
>
> --
>
> 73,
> Ged.
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Hi there,

On Sat, 10 Sep 2022, colin course via clamav-users wrote:

> You are full of Ged i wish someone else had answerd rather than you just my luck ,
> You are so up yourself that if you went any further you would diseapear which probally would be a good thing

As a general rule, Colin, handing out personal insults to people who
deal with this stuff all day every day of their working lives and are
genuinely trying to help you isn't the best way to achieve the desired
results. I understand your frustration but there's really no point in
trying to take it out on others. It will just alienate them, and then
you'll be completely on your own, no nearer your goal.

Obviously I've upset you so I won't respond to any more of your mail.

If you can try to answer some of my questions I'm sure someone else on
the list will respond. Do try not to shoot the messenger, though, if
he tells you that your computer isn't powerful enough to run ClamAV.

--

73,
Ged.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Ok Ged but dont try to sound like the injurd party its not going to wash
you talked down to me from day one
when i fixed someones clamav system on hear did i get a well done from Ged naaaa i got more abuse
and i was just finishing up with the person and keeping it polite
was not even addressing you .that did not stop you from pileing on more abuse though did it
and i am not a girl there for i do not get upset , if i get enything i get
angry and i am not
I might need a spelling lesson or two but you really need to know how
to coverse with people
without commig over all superior whats Ged stand for God Egoplex Disspostion ?
anyway your lattest effort was much better and i will try again in the fruture
up to you wether you reply to a furture cry for help or not , for now i will struggle on with it

colin
Oh and i have one gig of ram i know its still not a lot




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

On Sat, 10 Sep 2022, colin course via clamav-users wrote:

> Date: Sat, 10 Sep 2022 18:36:58 +0100
> From: colin course via clamav-users <clamav-users@lists.clamav.net>
> To: G.W. Haywood via clamav-users <clamav-users@lists.clamav.net>
> Cc: colin course <course2017@yandex.com>,
> G.W. Haywood <clamav@jubileegroup.co.uk>
> Subject: Re: [clamav-users] hello help with config please
>
> Ok Ged but dont try to sound like the injurd party its not going to
> wash you talked down to me from day one when i fixed someones clamav
> system on hear did i get a well done from Ged naaaa i got more abuse
> and i was just finishing up with the person and keeping it polite was
> not even addressing you .that did not stop you from pileing on more
> abuse though did it and i am not a girl there for i do not get upset ,
> if i get enything i get angry and i am not I might need a spelling
> lesson or two but you really need to know how to coverse with people
> without commig over all superior whats Ged stand for God Egoplex
> Disspostion ? anyway your lattest effort was much better and i will
> try again in the fruture
>
> up to you wether you reply to a furture cry for help or not , for now i
> will struggle on with it
>
> colin
> Oh and i have one gig of ram i know its still not a lot

One gig is for a standard clamd setup not enough. Here's the nunbers
from a live clamd rig :

[hubble:stock]:(~)$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2572 512 ? Ss Sep09 0:00 init [3]
root 2 0.0 0.0 0 0 ? S Sep09 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Sep09 0:00 [migration/0]
root 4 0.0 0.0 0 0 ? S Sep09 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S Sep09 0:00 [migration/1]
root 6 0.0 0.0 0 0 ? S Sep09 0:00 [ksoftirqd/1]
root 7 0.0 0.0 0 0 ? S Sep09 0:00 [events/0]
root 8 0.0 0.0 0 0 ? S Sep09 0:00 [events/1]
root 9 0.0 0.0 0 0 ? S Sep09 0:00 [khelper]
---//---
named 3686 0.0 0.4 98900 39284 ? Ssl Sep09 0:23 named -u named
root 3725 0.0 0.0 14776 1116 ? Ss Sep09 0:00 /usr/sbin/sshd
root 3750 0.0 0.0 7508 820 ? Ss Sep09 0:00 xinetd -stayali
root 3765 0.0 15.9 1411156 1267056 ? Ssl Sep09 1:16 clamd
root 3792 0.0 0.0 9500 756 ? Ss Sep09 0:00 /usr/sbin/dovec
dovecot 3799 0.0 0.0 7348 792 ? S Sep09 0:00 dovecot/anvil
root 3800 0.0 0.0 7476 876 ? S Sep09 0:00 dovecot/log
root 3802 0.0 0.0 9448 2988 ? S Sep09 0:00 dovecot/config
---//---
stock 12762 0.0 0.0 8676 2144 pts/1 Ss 20:36 0:00 -bash
stock 12796 0.0 0.0 5288 852 pts/1 R+ 20:36 0:00 ps aux
[hubble:stock]:(~)$

VSZ virtual memory size of the process in KiB
(1024-byte units). Device mappings are currently excluded;
this is subject to change. (alias vsize).
RSS resident set size, the non-swapped physical memory that a
task has used (in kiloBytes). (alias rssize, rsz).

For clamd :

VSZ = 1411156 kbytes , which is 1378 MBytes or 1.346 Gb
RSS = 1267056 kbytes , which is 1237 MBytes or 1.208 Gb

[hubble:stock]:(~)$ cd /var/lib/clamav/
[hubble:stock]:(/var/lib/clamav)$ ll
total 350684
-rw-r--r-- 1 clamav clamav 293670 Jul 28 01:13 bytecode.cvd
-rw-r--r-- 1 clamav clamav 188315136 Sep 10 11:07 daily.cld
-rw-r--r-- 1 clamav clamav 69 Jul 28 01:12 freshclam.dat
-rw-r--r-- 1 clamav clamav 170479789 Jul 28 01:13 main.cvd
[hubble:stock]:(/var/lib/clamav)$ ll -h
total 343M
-rw-r--r-- 1 clamav clamav 287K Jul 28 01:13 bytecode.cvd
-rw-r--r-- 1 clamav clamav 180M Sep 10 11:07 daily.cld
-rw-r--r-- 1 clamav clamav 69 Jul 28 01:12 freshclam.dat
-rw-r--r-- 1 clamav clamav 163M Jul 28 01:13 main.cvd
[hubble:stock]:(/var/lib/clamav)$
[hubble:stock]:(/var/lib/clamav)$ clamdscan --version
ClamAV 0.103.7/26654/Sat Sep 10 09:55:46 2022
[hubble:stock]:(/var/lib/clamav)$


--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Your wish for another response is herein granted.

There has been nobody else in this forum more helpful to more people than "GED" over the last several years now. And you would certainly be well served to pay close attention to each and every comment you receive from him.

I didn't see anything in his latest response to you that was in any way deserving of your insulting reply nor did I spot anything different from what I would suggest to you at this point.

Sent from my iPad

-Al-

On Sep 10, 2022, at 08:55, colin course via clamav-users <clamav-users@lists.clamav.net> wrote:
> You are full of Ged i wish someone else had answerd rather than you just my luck ,
> You are so up yourself that if you went any further you would diseapear which probally would be a good thing
> colin
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat