Mailing List Archive

How to get rid of or Fix clamonacc error
Hi List,
I keep seeing this in my log files:
"clamonacc[1200]: ERROR: Clamonacc: at least one of OnAccessExcludeUID,
OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ...
it is recommended you exclude the clamd instance UID or uname to
prevent infinite event scanning loops"
I used CLamTK to configure clamAV and I can't seem to find in the man
pages etc. where to correct the issue or what they are even talking
about?
Which btw about how long should it take to scan a TB HardDrive
(roughly)?
Thanks!

--
Tim McConnell <tmcconnell168@gmail.com>
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Hi Tim,

have you seen this: https://www.mankier.com/8/clamonacc?
Maybe you can uninstall the clamonacc daemon (sudo apt-get uninstall clamonacc?) if you don't need the features of ClamAV Scan OnAccess.

A big HDD takes really long time for scanning.
In my case with a really huge list of exceptions (YOU MUST SET EXCEPTIONS!) the scan never finished at any time.
It runs here over 12 hours and as explained before with no automatic stop (manually stopped and go to bed).

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Donnerstag, März 16, 2023 um 19:55 (at 07:55 PM) +0100
Betreff / Subject: [clamav-users] How to get rid of or Fix clamonacc error
> Hi List,
> I keep seeing this in my log files:
> "clamonacc[1200]: ERROR: Clamonacc: at least one of OnAccessExcludeUID,
> OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ...
> it is recommended you exclude the clamd instance UID or uname to
> prevent infinite event scanning loops"
> I used CLamTK to configure clamAV and I can't seem to find in the man
> pages etc. where to correct the issue or what they are even talking
> about?
> Which btw about how long should it take to scan a TB HardDrive
> (roughly)?
> Thanks!
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Hi Marc,
So apparently it was a bug(?) in ClamTK. The errors have gone away (for
now). The big problem is I want Clam to do what Clamonacc does so
removing it shouldn't be an option? I want it to run at certain times
to check for malicious files, etc. I'll re-enable the schedule via Clam
TK and see if it still hogs the CPU. 
If it does I may have to find another AV solution.

--
Tim McConnell <tmcconnell168@gmail.com>


On Sun, 2023-03-19 at 18:10 +0000, newcomer01 via clamav-users wrote:
> Hi Tim,
>
> have you seen this: https://www.mankier.com/8/clamonacc?
> Maybe you can uninstall the clamonacc daemon (sudo apt-get uninstall
> clamonacc?) if you don't need the features of ClamAV Scan OnAccess.
>
> A big HDD takes really long time for scanning.
> In my case with a really huge list of exceptions (YOU MUST SET
> EXCEPTIONS!) the scan never finished at any time.
> It runs here over 12 hours and as explained before with no automatic
> stop (manually stopped and go to bed).
>
> kind greetings
> Marc
>
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
> Gesendet / Sent: Donnerstag, März 16, 2023 um 19:55 (at 07:55 PM)
> +0100
> Betreff / Subject: [clamav-users] How to get rid of or Fix clamonacc
> error
> > Hi List,
> > I keep seeing this in my log files:
> > "clamonacc[1200]: ERROR: Clamonacc: at least one of
> > OnAccessExcludeUID,
> > OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified
> > ...
> > it is recommended you exclude the clamd instance UID or uname to
> > prevent infinite event scanning loops"
> > I used CLamTK to configure clamAV and I can't seem to find in the
> > man
> > pages etc. where to correct the issue or what they are even talking
> > about?
> > Which btw about how long should it take to scan a TB HardDrive
> > (roughly)?
> > Thanks!
> >
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Hi Marc,
> So apparently it was a bug(?) in ClamTK. The errors have gone away (for
> now). The big problem is I want Clam to do what Clamonacc does so
> removing it shouldn't be an option? I want it to run at certain times
> to check for malicious files, etc. I'll re-enable the schedule via Clam
> TK and see if it still hogs the CPU.
> If it does I may have to find another AV solution.
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
[. My previous reply did not reach the list, for reasons I do understand. ]

On Tue, 21 Mar 2023, Tim McConnell wrote:

> Hi Andrew,
> So maybe I'm mis understanding something. I'm expecting the scan to run
> once daily at 01:00. Is that not what clamonacc does? I keep getting
> told to remove it but Debian installed it as a dependency so what's
> going to break if I do?

It looks as though the clamav-daemon package contains two daemons,
clamonacc and clamd. You *probably* do want clamd: it runs permanently,
taking up about 1.2 gigabytes of memory and provides a malware
scanning service that saves about 15 seconds start up time on every scan.
Not significant when you run a full disk scan, but if you do a single scan
file from time to time it does make a difference.

There is a third ClamAV daemon - clamav-freshclam which keeps the
virus database up to date; you certainly want that one too.

> As for the question: "Do you have a plan for what you will do when it
> finds a potentially malicious file ?"
> Yes I will analyze it and if it is a malicious file I will remove it
> after sending it to ClamAV (in case it's new)after Googling how to
> safely remove it.

Good. There are options to automatically delete or quarantine suspect
files; either can stop you system from working or destroy data.

> I'm still baffled by the Whitelist not working in ClamTK but I think if
> I create a cronjob manually to run instead of the scheduled task from
> ClamTK I can get those DIRs to be ignored and hopefully speed up the
> scan?

I have never used ClamTK.
Running clamscan or clamdscan, from cron, on selected directory trees
makes sense, but do be careful to make sure false positives do no harm,
and remember that false negatives do happen frequently, so a clean scan
result proves little.


> Thanks,
>
> --
> Tim McConnell <tmcconnell168@gmail.com>
>
>
> On Sun, 2023-03-19 at 21:40 +0000, Andrew C Aitchison wrote:
>> On Sun, 19 Mar 2023, Tim McConnell via clamav-users wrote:
>>
>>> Hi Marc,
>>> So apparently it was a bug(?) in ClamTK. The errors have gone away
>>> (for
>>> now).
>>
>>> The big problem is I want Clam to do what Clamonacc does so
>>> removing it shouldn't be an option?
>>> I want it to run at certain times to check for malicious files,
>>> etc.
>>
>> That is not what clamonacc does. clamonacc scans each file as it is
>> accesses by some other process (reaf, write or both). The name means
>> CLAM scan ON ACCess.
>>
>> Do you have a plan for what you will do when it finds a potentially
>> malicious file ? It is very important that you think catefully about
>> that.
>>
>>> I'll re-enable the schedule via ClamTK and see if it still hogs the
>>> CPU.
>>> If it does I may have to find another AV solution.
>>
>> How long does it taketo scan a terabtye disk ?
>> If it is full of little files (smaller than MaxScanSize and
>> MaxFileSize)
>> it will have to read the whole disk at the very least.
>>
>

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
On 3/22/23 6:22 AM, Andrew C Aitchison via clamav-users wrote:
> be careful to make sure false positives do no harm,

I've had so many positives that I couldn't examine them all. Does this
happen to others? What do you do for that?

> and remember that false negatives do happen frequently

How do we become aware of false negatives?


_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
> by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
> some companies (e.g eset) had linux version but now they stopped the development.

If you need something for a business, Cisco Secure Endpoint has clients for Linux, Mac, and Windows. It is a cloud-based security suite so you basically login to console.amp.cisco.com and can monitor all of your connected clients for suspicious behavior. The Linux and Mac clients use clamav for offline scans, but mostly use other methods for malware detection.

Here's a link if you're interested: https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html

TBH I think that the Secure Endpoint website is kind of garbage as it has a lot of jargon that won't make sense to your average person looking for an AV solution. But it is basically a type of AV solution built to protect enterprise network computers.

The "live demo" will show you want the admin dashboard looks like. It's pretty cool, but maybe a bit overwhelming.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.

________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
Sent: Sunday, March 19, 2023 12:12 PM
To: Tim McConnell via clamav-users <clamav-users@lists.clamav.net>
Cc: newcomer01 <newcomer01@posteo.de>
Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error

Hi again,

clamonacc you didn't really need.
Here i do not have this, i scan normally every 2 hours my e-mails and only on sunday my computer.
we are on linux., linux isn't so much effected for virsuses or something.
by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
some companies (e.g eset) had linux version but now they stopped the development.

kind greetings
Marc

Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Sonntag, M?rz 19, 2023 um 19:31 (at 07:31 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Hi Marc,
> So apparently it was a bug(?) in ClamTK. The errors have gone away (for
> now). The big problem is I want Clam to do what Clamonacc does so
> removing it shouldn't be an option? I want it to run at certain times
> to check for malicious files, etc. I'll re-enable the schedule via Clam
> TK and see if it still hogs the CPU.
> If it does I may have to find another AV solution.
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Thanks Micah,
This is for Home use so that might be like hunting flies with a Nuclear
Warhead.
For what it's worth, I did get the scan to complete in 15 hours. Okay
well it is a big drive. Now I have a real question: 
Using ClamTK to schedule a scan, How do I exclude a Directory? I've
tried Whitelisting but it doesn't skip the scan for those DIRs. 
The Cron Job email shows the command it's running as: 
/usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses --exclude-
dir=\/home\/tmick\/Documents\/ACI\ Learning --exclude-
dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning --exclude-
dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k --exclude-
dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs --exclude-
dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-
dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -
r /home/tmick --log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log"
2>/dev/null # clamtk-scan
--
Tim McConnell <tmcconnell168@gmail.com>

So how would I get the directories I want ignored, ignored?
Thanks! 


On Wed, 2023-03-22 at 17:08 +0000, Micah Snyder (micasnyd) via clamav-
users wrote:
> >  by the way: if you find another anti-virus for linux without using
> > the terminal (with GUI), let me know, have searched really long
> > time and found nothing (freeware or commerical).
> > some companies (e.g eset) had linux version but now they stopped
> > the development.
>
> If you need something for a business, Cisco Secure Endpoint has
> clients for Linux, Mac, and Windows. It is a cloud-based security
> suite so you basically login to console.amp.cisco.com and can monitor
> all of your connected clients for suspicious behavior.  The Linux and
> Mac clients use clamav for offline scans, but mostly use other
> methods for malware detection.  
>
> Here's a link if you're
> interested: https://www.cisco.com/site/us/en/products/security/endpoi
> nt-security/secure-endpoint/index.html
>
> TBH I think that the Secure Endpoint website is kind of garbage as it
> has a lot of jargon that won't make sense to your average person
> looking for an AV solution.  But it is basically a type of AV
> solution built to protect enterprise network computers.
>
> The "live demo" will show you want the admin dashboard looks like. 
> It's pretty cool, but maybe a bit overwhelming. 
>
> Regards,
> Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
> From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf
> of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
> Sent: Sunday, March 19, 2023 12:12 PM
> To: Tim McConnell via clamav-users <clamav-users@lists.clamav.net>
> Cc: newcomer01 <newcomer01@posteo.de>
> Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>  
> Hi again,
>
> clamonacc you didn't really need.
> Here i do not have this, i scan normally every 2 hours my e-mails and
> only on sunday my computer.
> we are on linux., linux isn't so much effected for virsuses or
> something.
> by the way: if you find another anti-virus for linux without using
> the terminal (with GUI), let me know, have searched really long time
> and found nothing (freeware or commerical).
> some companies (e.g eset) had linux version but now they stopped the
> development.
>
> kind greetings
> Marc
>
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
> Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > Hi Marc,
> > So apparently it was a bug(?) in ClamTK. The errors have gone away
> > (for
> > now). The big problem is I want Clam to do what Clamonacc does so
> > removing it shouldn't be an option? I want it to run at certain
> > times
> > to check for malicious files, etc. I'll re-enable the schedule via
> > Clam
> > TK and see if it still hogs the CPU.
> > If it does I may have to find another AV solution.
> >   
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Hi Tim,

äähhmmm why you escape the slash? This is not needed.
Try to set follow:

--include="^/home/Folder/Folder/Folder/..." ends up with slash!

Its better to include as to exclude much more then include.
All Path's starts with --include="^/home/..." will be scanned and all others not.
Please do not mix --include and --exclude, with this i had lot of trouble in the past.
I would also prefer to search with --recursive="yes", this means go in depth as possible for the given Path.


kind greetings
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Thanks Micah,
> This is for Home use so that might be like hunting flies with a Nuclear Warhead.
> For what it's worth, I did get the scan to complete in 15 hours. Okay well it is a big drive. Now I have a real question:
> Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried Whitelisting but it doesn't skip the scan for those DIRs.
> The Cron Job email shows the command it's running as:
> */usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses --exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning --exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning --exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k --exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs --exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick --log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
> --
> Tim McConnell <tmcconnell168@gmail.com>
>
> So how would I get the directories I want ignored, ignored?
> Thanks!
>
>
> On Wed, 2023-03-22 at 17:08 +0000, Micah Snyder (micasnyd) via clamav-users wrote:
>>>  by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
>>> some companies (e.g eset) had linux version but now they stopped the development.
>>
>> If you need something for a business, Cisco Secure Endpoint has clients for Linux, Mac, and Windows. It is a cloud-based security suite so you basically login to console.amp.cisco.com and can monitor all of your connected clients for suspicious behavior.  The Linux and Mac clients use clamav for offline scans, but mostly use other methods for malware detection.
>>
>> Here's a link if you're interested: https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html
>>
>> TBH I think that the Secure Endpoint website is kind of garbage as it has a lot of jargon that won't make sense to your average person looking for an AV solution.  But it is basically a type of AV solution built to protect enterprise network computers.
>>
>> The "live demo" will show you want the admin dashboard looks like.  It's pretty cool, but maybe a bit overwhelming.
>>
>> Regards,
>> Micah
>>
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>> From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
>> Sent: Sunday, March 19, 2023 12:12 PM
>> To: Tim McConnell via clamav-users <clamav-users@lists.clamav.net>
>> Cc: newcomer01 <newcomer01@posteo.de>
>> Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>> Hi again,
>>
>> clamonacc you didn't really need.
>> Here i do not have this, i scan normally every 2 hours my e-mails and only on sunday my computer.
>> we are on linux., linux isn't so much effected for virsuses or something.
>> by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
>> some companies (e.g eset) had linux version but now they stopped the development.
>>
>> kind greetings
>> Marc
>>
>> Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
>> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
>> CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
>> Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
>> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>>> Hi Marc,
>>> So apparently it was a bug(?) in ClamTK. The errors have gone away (for
>>> now). The big problem is I want Clam to do what Clamonacc does so
>>> removing it shouldn't be an option? I want it to run at certain times
>>> to check for malicious files, etc. I'll re-enable the schedule via Clam
>>> TK and see if it still hogs the CPU.
>>> If it does I may have to find another AV solution.
>>
>> _______________________________________________
>>
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>> _______________________________________________
>>
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Additional: if you really want only to exclude didn't use the "-dir" parameters, with this I had lot of trouble in the past.

Use instead --exclude="^/home/Folder/Folder/..." and yes, you always need the complete path!


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Thanks Micah,
> This is for Home use so that might be like hunting flies with a Nuclear Warhead.
> For what it's worth, I did get the scan to complete in 15 hours. Okay well it is a big drive. Now I have a real question:
> Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried Whitelisting but it doesn't skip the scan for those DIRs.
> The Cron Job email shows the command it's running as:
> */usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses --exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning --exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning --exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k --exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs --exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick --log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
> --
> Tim McConnell <tmcconnell168@gmail.com>
>
> So how would I get the directories I want ignored, ignored?
> Thanks!
>
>
> On Wed, 2023-03-22 at 17:08 +0000, Micah Snyder (micasnyd) via clamav-users wrote:
>>>  by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
>>> some companies (e.g eset) had linux version but now they stopped the development.
>>
>> If you need something for a business, Cisco Secure Endpoint has clients for Linux, Mac, and Windows. It is a cloud-based security suite so you basically login to console.amp.cisco.com and can monitor all of your connected clients for suspicious behavior.  The Linux and Mac clients use clamav for offline scans, but mostly use other methods for malware detection.
>>
>> Here's a link if you're interested: https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html
>>
>> TBH I think that the Secure Endpoint website is kind of garbage as it has a lot of jargon that won't make sense to your average person looking for an AV solution.  But it is basically a type of AV solution built to protect enterprise network computers.
>>
>> The "live demo" will show you want the admin dashboard looks like.  It's pretty cool, but maybe a bit overwhelming.
>>
>> Regards,
>> Micah
>>
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>> From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
>> Sent: Sunday, March 19, 2023 12:12 PM
>> To: Tim McConnell via clamav-users <clamav-users@lists.clamav.net>
>> Cc: newcomer01 <newcomer01@posteo.de>
>> Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>> Hi again,
>>
>> clamonacc you didn't really need.
>> Here i do not have this, i scan normally every 2 hours my e-mails and only on sunday my computer.
>> we are on linux., linux isn't so much effected for virsuses or something.
>> by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
>> some companies (e.g eset) had linux version but now they stopped the development.
>>
>> kind greetings
>> Marc
>>
>> Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
>> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
>> CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
>> Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
>> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>>> Hi Marc,
>>> So apparently it was a bug(?) in ClamTK. The errors have gone away (for
>>> now). The big problem is I want Clam to do what Clamonacc does so
>>> removing it shouldn't be an option? I want it to run at certain times
>>> to check for malicious files, etc. I'll re-enable the schedule via Clam
>>> TK and see if it still hogs the CPU.
>>> If it does I may have to find another AV solution.
>>
>> _______________________________________________
>>
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>> _______________________________________________
>>
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
and please refer the clamscan --help
--detect-pua needs "=yes/no"


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 19:01 (at 07:01 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Thanks Micah,
> This is for Home use so that might be like hunting flies with a Nuclear Warhead.
> For what it's worth, I did get the scan to complete in 15 hours. Okay well it is a big drive. Now I have a real question:
> Using ClamTK to schedule a scan, How do I exclude a Directory? I've tried Whitelisting but it doesn't skip the scan for those DIRs.
> The Cron Job email shows the command it's running as:
> */usr/bin/clamscan --exclude-dir=/home/tmick/.clamtk/viruses --exclude-dir=\/home\/tmick\/Documents\/ACI\ Learning --exclude-dir=\/home\/tmick\/Nextcloud\/Documents\/ACI\ Learning --exclude-dir=\/home\/tmick\/Nextcloud --exclude-dir=smb4k --exclude-dir=/run/user/tmick/gvfs --exclude-dir=/home/tmick/.gvfs --exclude-dir=.thunderbird --exclude-dir=.mozilla-thunderbird --exclude-dir=.evolution --exclude-dir=Mail --exclude-dir=kmail -i --detect-pua -r /home/tmick --log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-scan*
> --
> Tim McConnell <tmcconnell168@gmail.com>
>
> So how would I get the directories I want ignored, ignored?
> Thanks!
>
>
> On Wed, 2023-03-22 at 17:08 +0000, Micah Snyder (micasnyd) via clamav-users wrote:
>>>  by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
>>> some companies (e.g eset) had linux version but now they stopped the development.
>>
>> If you need something for a business, Cisco Secure Endpoint has clients for Linux, Mac, and Windows. It is a cloud-based security suite so you basically login to console.amp.cisco.com and can monitor all of your connected clients for suspicious behavior.  The Linux and Mac clients use clamav for offline scans, but mostly use other methods for malware detection.
>>
>> Here's a link if you're interested: https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html
>>
>> TBH I think that the Secure Endpoint website is kind of garbage as it has a lot of jargon that won't make sense to your average person looking for an AV solution.  But it is basically a type of AV solution built to protect enterprise network computers.
>>
>> The "live demo" will show you want the admin dashboard looks like.  It's pretty cool, but maybe a bit overwhelming.
>>
>> Regards,
>> Micah
>>
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>> From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of newcomer01 via clamav-users <clamav-users@lists.clamav.net>
>> Sent: Sunday, March 19, 2023 12:12 PM
>> To: Tim McConnell via clamav-users <clamav-users@lists.clamav.net>
>> Cc: newcomer01 <newcomer01@posteo.de>
>> Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>> Hi again,
>>
>> clamonacc you didn't really need.
>> Here i do not have this, i scan normally every 2 hours my e-mails and only on sunday my computer.
>> we are on linux., linux isn't so much effected for virsuses or something.
>> by the way: if you find another anti-virus for linux without using the terminal (with GUI), let me know, have searched really long time and found nothing (freeware or commerical).
>> some companies (e.g eset) had linux version but now they stopped the development.
>>
>> kind greetings
>> Marc
>>
>> Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
>> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
>> CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
>> Gesendet / Sent: Sonntag, März 19, 2023 um 19:31 (at 07:31 PM) +0100
>> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
>>> Hi Marc,
>>> So apparently it was a bug(?) in ClamTK. The errors have gone away (for
>>> now). The big problem is I want Clam to do what Clamonacc does so
>>> removing it shouldn't be an option? I want it to run at certain times
>>> to check for malicious files, etc. I'll re-enable the schedule via Clam
>>> TK and see if it still hogs the CPU.
>>> If it does I may have to find another AV solution.
>>
>> _______________________________________________
>>
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>> _______________________________________________
>>
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
On Wed, 2023-03-22 at 18:15 +0000, newcomer01 via clamav-users wrote:
> äähhmmm why you escape the slash? This is not needed.
I didn't set that it was done by ClamTK (the GUI Interface) not me. so
from the pointers you gave (Marc) ClamTK has bugs? and I should just
schedule the cronjob manually?
I did appreciate the suggestions too Marc, I'm just trying to use Clam
via the GUI (ClamTK) and not having a lot of luck :-(
Thanks for the help so far!

--
Tim McConnell <tmcconnell168@gmail.com>
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Tim, it's not heavy write a own bash/sh script - to apply code to execute in cronjob isn't the best way.
Write a small script and this start with your cronjob - that's all.

If i can help, then i will do this.

I had at the beginning clamTK too, but the complete tool didn't work here (but for some other reasons I know now) so I removed and set up all manually, it's little work but you learn much of clamav and bash/sh scripting - you can trust in me, it's simpler than it's maybe sounds.

kind regards,
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 20:02 (at 08:02 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> On Wed, 2023-03-22 at 18:15 +0000, newcomer01 via clamav-users wrote:
>> äähhmmm why you escape the slash? This is not needed.
> I didn't set that it was done by ClamTK (the GUI Interface) not me. so
> from the pointers you gave (Marc) ClamTK has bugs? and I should just
> schedule the cronjob manually?
> I did appreciate the suggestions too Marc, I'm just trying to use Clam
> via the GUI (ClamTK) and not having a lot of luck :-(
> Thanks for the help so far!
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
So Marc, you're saying do something like this:

#/bin/bash
declare clammy.sh

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
"^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
"^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
"^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
"^.evolution" --exclude =Mail -i --detect-pua -r /home/tmick --
log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
scan

and just call the script from cron?
For example 0 1 *** clammy.sh
correct??

--
Tim McConnell +1 (205) 434-5534
tmcconnell168@gmail.com 
https://www.linkedin.com/in/timmcconnell/ 
https://calendly.com/tim_mcconnell/interview 



On Wed, 2023-03-22 at 20:29 +0000, newcomer01 via clamav-users wrote:
> Tim, it's not heavy write a own bash/sh script - to apply code to
> execute in cronjob isn't the best way.
> Write a small script and this start with your cronjob - that's all.
>
> If i can help, then i will do this.
>
> I had at the beginning clamTK too, but the complete tool didn't work
> here (but for some other reasons I know now) so I removed and set up
> all manually, it's little work but you learn much of clamav and
> bash/sh scripting - you can trust in me, it's simpler than it's maybe
> sounds.
>
> kind regards,
> Marc
>
>
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
> Gesendet / Sent: Mittwoch, März 22, 2023 um 20:02 (at 08:02 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > On Wed, 2023-03-22 at 18:15 +0000, newcomer01 via clamav-users
> > wrote:
> > > äähhmmm why you escape the slash? This is not needed.
> > I didn't set that it was done by ClamTK (the GUI Interface) not me.
> > so
> > from the pointers you gave (Marc) ClamTK has bugs? and I should
> > just
> > schedule the cronjob manually?
> > I did appreciate the suggestions too Marc, I'm just trying to use
> > Clam
> > via the GUI (ClamTK) and not having a lot of luck :-(
> > Thanks for the help so far!
> >
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
exact but please check your path's - some will so not work aner the asterik "*" i think will also not work ????
cron: 0 1 * * * clammy.sh - always space between the values


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> So Marc, you're saying do something like this:
>
> #/bin/bash
> declare clammy.sh
>
> /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
> ="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
> "^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
> ="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
> "^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
> "^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
> "^.evolution" --exclude =Mail -i --detect-pua -r /home/tmick --
> log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
> scan
>
> and just call the script from cron?
> For example 0 1 *** clammy.sh
> correct??
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
try this, but check my ** COMMENTS ** please

---

#!/bin/bash

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" ** HERE I DON'T KNOW WHAT YOU TRY TO MATCH ** \
--exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \
--exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \
--exclude="^/run/user/tmick/gvfs/" \ --exclude="^/home/tmick/.gvfs/" \
--exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH **
--exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE PATH **
--exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH **
--exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO **
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="PATH TO YOUR LIBS/" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log"
** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY (THIS I DO) **
#--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
#--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
#--remove="yes/no"

** ALWAYS AN EMPTY LINE AFTER EACH CODE ON LINUX - SOME FILES ARE SENSITIVE WITH THIS! **

---



Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> So Marc, you're saying do something like this:
>
> #/bin/bash
> declare clammy.sh
>
> /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
> ="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
> "^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
> ="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
> "^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
> "^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
> "^.evolution" --exclude =Mail -i --detect-pua -r /home/tmick --
> log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
> scan
>
> and just call the script from cron?
> For example 0 1 *** clammy.sh
> correct??
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
and please note: your own sh script needs chmod 0775 - it must be run as program for all users!
your log folder should have chmod 0775 and your log files inside chmod 0644 - bust this are suggestions only


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> So Marc, you're saying do something like this:
>
> #/bin/bash
> declare clammy.sh
>
> /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --exclude
> ="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
> "^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
> ="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
> "^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude =
> "^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
> "^.evolution" --exclude =Mail -i --detect-pua -r /home/tmick --
> log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null # clamtk-
> scan
>
> and just call the script from cron?
> For example 0 1 *** clammy.sh
> correct??
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Okay Marc,
I came up with this:
#/bin/bash
declare clammy.sh

PATH=/bin:/usr/bin:/sbin:/usr/sbin

/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
--exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
--exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
exclude everything in ACI_Learning dir
--exclude="^/home/tmick/Nextcloud/" # Try to exclude everything under
Nextcloud dir
--exclude="^/run/user/tmick/gvfs/" \
--exclude="^/home/tmick/.gvfs/" \
--exclude="^/home/tmick/.evolution" \
--detect-pua="yes" \
--recursive="yes" \
--quiet \
--infected \
--database="/etc/clamav/freshclam.conf" \
--log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log until
I'm sure this works :-)

--
Tim McConnell <tmcconnell168@gmail.com>


On Thu, 2023-03-23 at 02:01 +0000, newcomer01 via clamav-users wrote:
> try this, but check my ** COMMENTS ** please
>
> ---
>
> #!/bin/bash
>
> PATH=/bin:/usr/bin:/sbin:/usr/sbin
>
> /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
> --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
> --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" ** HERE I
> DON'T KNOW WHAT YOU TRY TO MATCH ** \
> --exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \
> --exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \
> --exclude="^/run/user/tmick/gvfs/" \ --exclude="^/home/tmick/.gvfs/"
> \
> --exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH **
> --exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE PATH
> **
> --exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH **
> --exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO **
> --detect-pua="yes" \
> --recursive="yes" \
> --quiet \
> --infected \
> --database="PATH TO YOUR LIBS/" \
> --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log"
> ** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY (THIS
> I DO) **
> #--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
> #--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
> #--remove="yes/no"
>
> ** ALWAYS AN EMPTY LINE AFTER EACH CODE ON LINUX - SOME FILES ARE
> SENSITIVE WITH THIS! **
>
> ---
>
>
>
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
> Gesendet / Sent: Mittwoch, März 22, 2023 um 23:04 (at 11:04 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > So Marc, you're saying do something like this:
> >
> > #/bin/bash
> > declare clammy.sh
> >
> > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses" --
> > exclude
> > ="^/home/tmick/Documents/ACI_Learning/CEH/" --exclude =
> > "^/home/tmick/Nextcloud/Documents/ACI_Learning/*" --exclude
> > ="^/home/tmick/Nextcloud/*" --exclude = "smb4k" --exclude =
> > "^/run/user/tmick/gvfs" --exclude = "^/home/tmick/.gvfs" --exclude
> > =
> > "^.thunderbird" --exclude = "^.mozilla-thunderbird" --exclude =
> > "^.evolution" --exclude =Mail -i  --detect-pua -r /home/tmick --
> > log="$HOME/.clamtk/history/$(date +%b-%d-%Y).log" 2>/dev/null #
> > clamtk-
> > scan
> >
> > and just call the script from cron?
> > For example 0 1 *** clammy.sh
> > correct??
> >
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
--database="/etc/clamav/freshclam.conf" \ here you should have to path to your .cvd, .dat, so on files
and not the dir to you conf file - clamscan did not support to read the con.file while scanning
see clamscan --help

i think, this here will also not work, you create dynamically by date your log files, this is okay but the option --log="" did'nt create this file if it not exists.
Maybe you should have a rule that creates this log file, if it not exists -> read doku for touch

this here i would change additionally:
/usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \

/usr/bin/clamscan \
--exclude ="^/home/tmick/.clamtk/viruses/" \


but now it looks good for me, this should work now - good job.


kind greetings
Marc


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Donnerstag, März 23, 2023 um 23:32 (at 11:32 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Okay Marc,
> I came up with this:
> #/bin/bash
> declare clammy.sh
>
> PATH=/bin:/usr/bin:/sbin:/usr/sbin
>
> /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
> --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
> --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
> exclude everything in ACI_Learning dir
> --exclude="^/home/tmick/Nextcloud/" # Try to exclude everything under
> Nextcloud dir
> --exclude="^/run/user/tmick/gvfs/" \
> --exclude="^/home/tmick/.gvfs/" \
> --exclude="^/home/tmick/.evolution" \
> --detect-pua="yes" \
> --recursive="yes" \
> --quiet \
> --infected \
> --database="/etc/clamav/freshclam.conf" \
> --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log until
> I'm sure this works :-)
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Hi Marc & Andrew,
Okay now I'm really confused :-(
If I add what Andrew suggests it complains about "/usr/bin/clamscan:
unrecognized option" and points to the exclude thing. The $EXCLUDE=
getting removed fixes that and then gives this output:
$ ./clammy.sh
Loading: 58s, ETA: 0s [========================>] 8.66M/8.66M
sigs
Compiling: 11s, ETA: 0s [========================>] 41/41
tasks

/home/tmick/package-lock.json: OK
/home/tmick/.profile: OK
/home/tmick/.signature: OK
/home/tmick/.aspell.en.prepl: OK
/home/tmick/.gitconfig: OK
/home/tmick/.bash_logout: OK
/home/tmick/.debian11.draft.txt: OK
/home/tmick/.mailcap: OK
/home/tmick/.lesshst: OK
/home/tmick/.steampath: Symbolic link
/home/tmick/test.db: Empty file
/home/tmick/.reportbugrc: OK
/home/tmick/.lightyears.cfg: OK
/home/tmick/.aspell.en.pws: OK
/home/tmick/.Xauthority: OK
/home/tmick/.face: OK
/home/tmick/package.json: OK
/home/tmick/.bash_history: OK
/home/tmick/.boxes-unknown.draft.txt: OK
/home/tmick/.pdsettings: OK
/home/tmick/mysqlaccess.log: Empty file
/home/tmick/journalctl-error.txt: Access denied
/home/tmick/clammy.sh: OK
/home/tmick/.selected_editor: OK
/home/tmick/.xsession-errors.old: OK
/home/tmick/.python_history: OK
/home/tmick/.sudo_as_admin_successful: Empty file
/home/tmick/.xsession-errors: OK
/home/tmick/.dmrc: OK
/home/tmick/firstDB.cfuJ: OK
/home/tmick/.bashrc: OK
/home/tmick/.gnomenightly.draft.txt: OK
/home/tmick/.isag.cfg: OK
/home/tmick/.steampid: Symbolic link
/home/tmick/.wget-hsts: OK
/home/tmick/.mysql_history: OK
/home/tmick/mysql.db: Empty file

----------- SCAN SUMMARY -----------
Known viruses: 8659055
Engine version: 1.0.1
Scanned directories: 1
Scanned files: 30
Infected files: 0
Total errors: 1
Data scanned: 14.33 MB
Data read: 29.42 MB (ratio 0.49:1)
Time: 78.193 sec (1 m 18 s)
Start Date: 2023:03:24 11:52:59
End Date: 2023:03:24 11:54:17
./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No such
file or directory (which is correct, I haven't gotten that far yet.)
./clammy.sh: line 10: --detect-pua: command not found (HUNH? The man
pages says it's a command?) 

And the History in ClamTK shows: 
-----------------------------------------------------------------------
--------

WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access file
WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't access
file
WARNING: ^/home/tmick/Nextcloud/*: Can't access file
WARNING: /run/user/tmick/gvfs: Can't access file
WARNING: ^.evolution: Can't access file
and the directories I'm trying to exclude are still scanned?
I'm using Debian Bookworm and the man pages (Debian README.zip also)
state there are changes from the "upstream version".
But the script does run.
Thanks for the advice given so far.


--
Tim McConnell <tmcconnell168@gmail.com>


On Fri, 2023-03-24 at 07:38 +0000, Andrew C Aitchison wrote:
> On Thu, 23 Mar 2023, Tim McConnell via clamav-users wrote:
>
> > Okay Marc,
> > I came up with this:
> > #/bin/bash
> > declare clammy.sh
> >
> > PATH=/bin:/usr/bin:/sbin:/usr/sbin
> >
> > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
> > --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
> > --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/" # Try to
> > exclude everything in ACI_Learning dir
> > --exclude="^/home/tmick/Nextcloud/" # Try to exclude everything
> > under Nextcloud dir
> > --exclude="^/run/user/tmick/gvfs/" \
> > --exclude="^/home/tmick/.gvfs/" \
> > --exclude="^/home/tmick/.evolution" \
> > --detect-pua="yes" \
> > --recursive="yes" \
> > --quiet \
> > --infected \
> > --database="/etc/clamav/freshclam.conf" \
> > --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log
> > until I'm sure this works :-)
>
> You need \ at the end of *every* line of the command, which means you
> cannot have comments if you do it that way.
>
> #/bin/bash
> declare clammy.sh
>
> PATH=/bin:/usr/bin:/sbin:/usr/sbin
>
> EXCLUDE="--exclude ='^/home/tmick/.clamtk/viruses/'"
> EXCLUDE="$EXCLUDE --
> exclude='^/home/tmick/Documents/ACI_Learning/CEH/'"
> EXCLUDE="$EXCLUDE --
> exclude='^/home/tmick/Nextcloud/Documents/ACI_Learning/'" # Try to
> exclude everything in ACI_Learning dir
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/Nextcloud/'" # Try to
> exclude everything under Nextcloud dir
> EXCLUDE="$EXCLUDE --exclude='^/run/user/tmick/gvfs/'"
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/.gvfs/'"
> EXCLUDE="$EXCLUDE --exclude='^/home/tmick/.evolution"
>
> /usr/bin/clamscan $EXCLUDE \
>   --detect-pua="yes" \
>   --recursive="yes" \
>   --quiet \
>   --infected \
>   --database="/etc/clamav/freshclam.conf" \
>   --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log" #Just log
> until I'm sure this works :-)
>
> I have changed the quotes so that $EXCLUDE is inside "" rather than
> ''.
> Without that it would not be expanded.
>
> I do not see mention of which directory to start scanning from.
>
> > Tim McConnell <tmcconnell168@gmail.com>
> >
> >
> > On Thu, 2023-03-23 at 02:01 +0000, newcomer01 via clamav-users
> > wrote:
> > > try this, but check my ** COMMENTS ** please
> > >
> > > ---
> > >
> > > #!/bin/bash
> > >
> > > PATH=/bin:/usr/bin:/sbin:/usr/sbin
> > >
> > > /usr/bin/clamscan --exclude ="^/home/tmick/.clamtk/viruses/" \
> > > --exclude="^/home/tmick/Documents/ACI_Learning/CEH/" \
> > > --exclude="^/home/tmick/Nextcloud/Documents/ACI_Learning/*" **
> > > HERE I
> > > DON'T KNOW WHAT YOU TRY TO MATCH ** \
> > > --exclude="^/home/tmick/Nextcloud/*" ** SAME HERE ** \
> > > --exclude="smb4k" ** WILL NOT WORK - COMPLETE PATH ** \
> > > --exclude="^/run/user/tmick/gvfs/" \ --
> > > exclude="^/home/tmick/.gvfs/"
> > > \
> > > --exclude="^.thunderbird" \ ** WILL NOT WORK - COMPLETE PATH **
> > > --exclude="^.mozilla-thunderbird" \** WILL NOT WORK - COMPLETE
> > > PATH
> > > **
> > > --exclude="^.evolution" \ ** WILL NOT WORK - COMPLETE PATH **
> > > --exclude=Mail -i /home/tmick \ ** DON'T KNOW WHAT THIS DO **
> > > --detect-pua="yes" \
> > > --recursive="yes" \
> > > --quiet \
> > > --infected \
> > > --database="PATH TO YOUR LIBS/" \
> > > --log="$HOME/.clamtk/history/$(date '+%b-%d-%Y').log"
> > > ** DECIDE WHAT SHOULD HAPPEN WITH POSSIBLE FOUNDS - OR LOG ONLY
> > > (THIS
> > > I DO) **
> > > #--move="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
> > > #--copy="/etc/clamav/PATH TO YOUR QUARANTINE FOLDER"
> > > #--remove="yes/no"
>
> --move and --remove=yes are *definitely* dangerous
> and could destroy your data or machine.
>
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
as i explained before, please check all given paths.
it must start with "^/DIR/DIR/DIR/ [ ... so on]/"
please don't name folders or files only, always to whole path to dir/file!
i am not sure if the asterisk "*" work ...
by the way: you search with -recursive="yes" right?
then you don't need the "*" clamscan will scan in depth => this means -recursive="yes" ????
do you use -detect-pua="yes" or -detect-upa without "yes"?

seems that you have run clamscan not as sudo, you don't have the permission to scan some path, that's the log says


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
Gesendet / Sent: Freitag, März 24, 2023 um 18:25 (at 06:25 PM) +0100
Betreff / Subject: Re: [clamav-users] How to get rid of or Fix clamonacc error
> Hi Marc & Andrew,
> Okay now I'm really confused :-(
> If I add what Andrew suggests it complains about "/usr/bin/clamscan:
> unrecognized option" and points to the exclude thing. The $EXCLUDE=
> getting removed fixes that and then gives this output:
> $ ./clammy.sh
> Loading: 58s, ETA: 0s [========================>] 8.66M/8.66M
> sigs
> Compiling: 11s, ETA: 0s [========================>] 41/41
> tasks
>
> /home/tmick/package-lock.json: OK
> /home/tmick/.profile: OK
> /home/tmick/.signature: OK
> /home/tmick/.aspell.en.prepl: OK
> /home/tmick/.gitconfig: OK
> /home/tmick/.bash_logout: OK
> /home/tmick/.debian11.draft.txt: OK
> /home/tmick/.mailcap: OK
> /home/tmick/.lesshst: OK
> /home/tmick/.steampath: Symbolic link
> /home/tmick/test.db: Empty file
> /home/tmick/.reportbugrc: OK
> /home/tmick/.lightyears.cfg: OK
> /home/tmick/.aspell.en.pws: OK
> /home/tmick/.Xauthority: OK
> /home/tmick/.face: OK
> /home/tmick/package.json: OK
> /home/tmick/.bash_history: OK
> /home/tmick/.boxes-unknown.draft.txt: OK
> /home/tmick/.pdsettings: OK
> /home/tmick/mysqlaccess.log: Empty file
> /home/tmick/journalctl-error.txt: Access denied
> /home/tmick/clammy.sh: OK
> /home/tmick/.selected_editor: OK
> /home/tmick/.xsession-errors.old: OK
> /home/tmick/.python_history: OK
> /home/tmick/.sudo_as_admin_successful: Empty file
> /home/tmick/.xsession-errors: OK
> /home/tmick/.dmrc: OK
> /home/tmick/firstDB.cfuJ: OK
> /home/tmick/.bashrc: OK
> /home/tmick/.gnomenightly.draft.txt: OK
> /home/tmick/.isag.cfg: OK
> /home/tmick/.steampid: Symbolic link
> /home/tmick/.wget-hsts: OK
> /home/tmick/.mysql_history: OK
> /home/tmick/mysql.db: Empty file
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 8659055
> Engine version: 1.0.1
> Scanned directories: 1
> Scanned files: 30
> Infected files: 0
> Total errors: 1
> Data scanned: 14.33 MB
> Data read: 29.42 MB (ratio 0.49:1)
> Time: 78.193 sec (1 m 18 s)
> Start Date: 2023:03:24 11:52:59
> End Date: 2023:03:24 11:54:17
> ./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No such
> file or directory (which is correct, I haven't gotten that far yet.)
> ./clammy.sh: line 10: --detect-pua: command not found (HUNH? The man
> pages says it's a command?)
>
> And the History in ClamTK shows:
> -----------------------------------------------------------------------
> --------
>
> WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
> WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access file
> WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't access
> file
> WARNING: ^/home/tmick/Nextcloud/*: Can't access file
> WARNING: /run/user/tmick/gvfs: Can't access file
> WARNING: ^.evolution: Can't access file
> and the directories I'm trying to exclude are still scanned?
> I'm using Debian Bookworm and the man pages (Debian README.zip also)
> state there are changes from the "upstream version".
> But the script does run.
> Thanks for the advice given so far.
>
>

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: How to get rid of or Fix clamonacc error [ In reply to ]
Hi Marc,
Well I got it to work except the logging (or at least it runs with no
errors) I tried the asterisk "*" and no, it doesn't work but adding a
space and \ gets it to be accepted. I do have yes to both --recursive
and --detect-pua set to yes. I just need to figure out the logging
thing and I'm good. 
I've attached a .txt version of the current script, Andrew helped with
suggestions as well. 


--
Tim McConnell <tmcconnell168@gmail.com>


On Fri, 2023-03-24 at 19:21 +0000, newcomer01 via clamav-users wrote:
> as i explained before, please check all given paths.
> it must start with "^/DIR/DIR/DIR/ [ ... so on]/"
> please don't name folders or files only, always to whole path to
> dir/file!
> i am not sure if the asterisk "*" work ...
> by the way: you search with -recursive="yes" right?
> then you don't need the "*" clamscan will scan in depth => this means
> -recursive="yes" ????
> do you use -detect-pua="yes" or -detect-upa without "yes"?
>
> seems that you have run clamscan not as sudo, you don't have the
> permission to scan some path, that's the log says
>
>
> Von / From: Clamav User Mailinglist
> <mailto:clamav-users@lists.clamav.net>
> An / To: Newcomer01 <mailto:newcomer01@posteo.de>
> CC / CC: Tim Mcconnell <mailto:tmcconnell168@gmail.com>
> Gesendet / Sent: Freitag, März 24, 2023 um 18:25 (at 06:25 PM) +0100
> Betreff / Subject: Re: [clamav-users] How to get rid of or Fix
> clamonacc error
> > Hi Marc & Andrew,
> > Okay now I'm really confused :-(
> > If I add what Andrew suggests it complains about
> > "/usr/bin/clamscan:
> > unrecognized option" and points to the exclude thing. The $EXCLUDE=
> > getting removed fixes that and then gives this output:
> > $ ./clammy.sh
> > Loading:    58s, ETA:   0s [========================>]   
> > 8.66M/8.66M
> > sigs
> > Compiling:  11s, ETA:   0s [========================>]       41/41
> > tasks
> >
> > /home/tmick/package-lock.json: OK
> > /home/tmick/.profile: OK
> > /home/tmick/.signature: OK
> > /home/tmick/.aspell.en.prepl: OK
> > /home/tmick/.gitconfig: OK
> > /home/tmick/.bash_logout: OK
> > /home/tmick/.debian11.draft.txt: OK
> > /home/tmick/.mailcap: OK
> > /home/tmick/.lesshst: OK
> > /home/tmick/.steampath: Symbolic link
> > /home/tmick/test.db: Empty file
> > /home/tmick/.reportbugrc: OK
> > /home/tmick/.lightyears.cfg: OK
> > /home/tmick/.aspell.en.pws: OK
> > /home/tmick/.Xauthority: OK
> > /home/tmick/.face: OK
> > /home/tmick/package.json: OK
> > /home/tmick/.bash_history: OK
> > /home/tmick/.boxes-unknown.draft.txt: OK
> > /home/tmick/.pdsettings: OK
> > /home/tmick/mysqlaccess.log: Empty file
> > /home/tmick/journalctl-error.txt: Access denied
> > /home/tmick/clammy.sh: OK
> > /home/tmick/.selected_editor: OK
> > /home/tmick/.xsession-errors.old: OK
> > /home/tmick/.python_history: OK
> > /home/tmick/.sudo_as_admin_successful: Empty file
> > /home/tmick/.xsession-errors: OK
> > /home/tmick/.dmrc: OK
> > /home/tmick/firstDB.cfuJ: OK
> > /home/tmick/.bashrc: OK
> > /home/tmick/.gnomenightly.draft.txt: OK
> > /home/tmick/.isag.cfg: OK
> > /home/tmick/.steampid: Symbolic link
> > /home/tmick/.wget-hsts: OK
> > /home/tmick/.mysql_history: OK
> > /home/tmick/mysql.db: Empty file
> >
> > ----------- SCAN SUMMARY -----------
> > Known viruses: 8659055
> > Engine version: 1.0.1
> > Scanned directories: 1
> > Scanned files: 30
> > Infected files: 0
> > Total errors: 1
> > Data scanned: 14.33 MB
> > Data read: 29.42 MB (ratio 0.49:1)
> > Time: 78.193 sec (1 m 18 s)
> > Start Date: 2023:03:24 11:52:59
> > End Date:   2023:03:24 11:54:17
> > ./clammy.sh: line 8: --exclude = /home/tmick/.clamtk/viruses/: No
> > such
> > file or directory (which is correct, I haven't gotten that far
> > yet.)
> > ./clammy.sh: line 10: --detect-pua: command not found (HUNH? The
> > man
> > pages says it's a command?)
> >
> > And the History in ClamTK shows:
> > -------------------------------------------------------------------
> > ----
> > --------
> >
> > WARNING: ^/home/tmick/.clamtk/viruses: Can't access file
> > WARNING: ^/home/tmick/Documents/ACI_Learning/CEH/: Can't access
> > file
> > WARNING: ^/home/tmick/Nextcloud/Documents/ACI_Learning/*: Can't
> > access
> > file
> > WARNING: ^/home/tmick/Nextcloud/*: Can't access file
> > WARNING: /run/user/tmick/gvfs: Can't access file
> > WARNING: ^.evolution: Can't access file
> > and the directories I'm trying to exclude are still scanned?
> > I'm using Debian Bookworm and the man pages (Debian README.zip
> > also)
> > state there are changes from the "upstream version".
> >   But the script does run.
> > Thanks for the advice given so far.
> >
> >
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat