Mailing List Archive

On 1/25/20 5:34 PM, Eduardo Lúcio Amorim Costa via clamav-users wrote:
> I have been researching ClamAV to understand what the "clamd@scan"
> service does by default in case of finding threats. So far I have not
> been able to get a satisfactory and clear answer (forums,
> documentations, etc)...
>
> *QUESTION:* What does the "clamav@scan" service do by default if it
> finds threats?

The clamd@scan service runs clamd with the configuration file
/etc/clamd.d/scan.conf. See that file for details.

> *FURTHER QUESTION:* I would like ClamAV to have the "classic" behavior
> of an antivirus engine, that is, remove threats automatically. If he
> doesn't do this by default what should I do to make him do it?

Consult "man clamd.conf" and the comments in /etc/clamd.d/scan.conf for
your options.


--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 https://www.nwra.com/

Hi there,

On Sat, 25 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote:

> *QUESTION:* What does the "clamav@scan" service do by default if it finds
> threats?

I do not know exactly which package you are using. The behaviour of
the service provided by a package will depend on how it was configured
by the package provider. Assuming the package maintainer has not lost
his sanity, the service will be configured simply to report findings
(for example by logging a message to a system log and, if you use a
command-line tool, printing a message on the tty/terminal/whatever).

Read the documentation on the ClamAV Website for more information:

http://www.clamav.net/documents/clam-antivirus-user-manual

Copies and parodies of ClamAV documentation elsewhere on the Internet
can be out of date, misleading, sometimes incorrect, and occasionally
downright dangerous.

> *FURTHER QUESTION:* I would like ClamAV to have the "classic" behavior of
> an antivirus engine, that is, remove threats automatically. If he doesn't
> do this by default what should I do to make him do it?

Read the part which says

"Be careful!"

If you have not yet found that part, keep reading until you do.

> *NOTES:*
> *I* - The operating system of choice was CentOS 7 and the process used is
> described in this tutorial
> https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/

Generally speaking I recommend that you avoid tutorials like this
because they tend to make decisions for you without the benefit of
information about your situation which only you can have. I recommend
that you do NOT attempt to automate threat removal on any Linux system
without very careful consideration. Careless use of ClamAV on a Linux
system will do more harm than good. In particular, this tutorial will
have you scan locations in the filesystem which can not safely be
scanned with ClamAV, nor with any anti-virus tool. Keep in mind that,
even in a minimal installation, ClamAV scans for much more than just
viruses and malware and that the false positive rate is never zero. I
feel that you do not at present understand the issues well enough to
consider them sufficiently carefully.

I have been using ClamAV for many years, on hundreds of Linux systems.
Perhaps this is mainly because of good hygiene but I have not yet seen
ClamAV find a Linux virus, nor Linux malware, nor Linux rootkit on any
Linux system. I should be pleased if anyone who has will report, here
on this list, what they have found, when they found it, and how they
think it got there. Any Linux system which has been compromised is a
danger, and my advice would be to rebuild it from scratch.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Gentlemen,

I found your answers very useful, so I took the liberty of publishing them
on the thread I opened about the problem on the internet (
https://unix.stackexchange.com/a/564223/61742 ).

If you do not want this content to continue to be published, please let me
know so I can delete it.

Thanks! =D

Em dom., 26 de jan. de 2020 às 08:12, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> escreveu:

> Hi there,
>
> On Sat, 25 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote:
>
> > *QUESTION:* What does the "clamav@scan" service do by default if it
> finds
> > threats?
>
> I do not know exactly which package you are using. The behaviour of
> the service provided by a package will depend on how it was configured
> by the package provider. Assuming the package maintainer has not lost
> his sanity, the service will be configured simply to report findings
> (for example by logging a message to a system log and, if you use a
> command-line tool, printing a message on the tty/terminal/whatever).
>
> Read the documentation on the ClamAV Website for more information:
>
> http://www.clamav.net/documents/clam-antivirus-user-manual
>
> Copies and parodies of ClamAV documentation elsewhere on the Internet
> can be out of date, misleading, sometimes incorrect, and occasionally
> downright dangerous.
>
> > *FURTHER QUESTION:* I would like ClamAV to have the "classic" behavior of
> > an antivirus engine, that is, remove threats automatically. If he doesn't
> > do this by default what should I do to make him do it?
>
> Read the part which says
>
> "Be careful!"
>
> If you have not yet found that part, keep reading until you do.
>
> > *NOTES:*
> > *I* - The operating system of choice was CentOS 7 and the process used is
> > described in this tutorial
> >
> https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/
>
> Generally speaking I recommend that you avoid tutorials like this
> because they tend to make decisions for you without the benefit of
> information about your situation which only you can have. I recommend
> that you do NOT attempt to automate threat removal on any Linux system
> without very careful consideration. Careless use of ClamAV on a Linux
> system will do more harm than good. In particular, this tutorial will
> have you scan locations in the filesystem which can not safely be
> scanned with ClamAV, nor with any anti-virus tool. Keep in mind that,
> even in a minimal installation, ClamAV scans for much more than just
> viruses and malware and that the false positive rate is never zero. I
> feel that you do not at present understand the issues well enough to
> consider them sufficiently carefully.
>
> I have been using ClamAV for many years, on hundreds of Linux systems.
> Perhaps this is mainly because of good hygiene but I have not yet seen
> ClamAV find a Linux virus, nor Linux malware, nor Linux rootkit on any
> Linux system. I should be pleased if anyone who has will report, here
> on this list, what they have found, when they found it, and how they
> think it got there. Any Linux system which has been compromised is a
> danger, and my advice would be to rebuild it from scratch.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
*Eduardo Lúcio*
LightBase Consultoria em Software Público
eduardo.lucio@LightBase.com.br
*+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
*Software livre! Abrace essa idéia!*
*"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*


*Abraham Lincoln*

People,

Taking into account this statement by G.W. Haywood...

"Assuming the package maintainer has not lost his sanity, the service will
be configured simply to report findings (for example by logging a message
to a system log and, if you use a command-line tool, printing a message on
the tty/terminal/whatever)."

... and I have one last question (it may sound stupid =D )...

Is it correct to assume that the "clamd@scan" service, once started, can
find threats that already exist on my server? I explain better! Suppose
that on my file system I already had a malicious file - identifiable as a
threat by ClamAV's heuristics - before my ClamAV installation waiting to be
executed by someone unsuspecting. Is it correct to assume that the
"clamd@scan" service in its normal operation will eventually find that
threat and notify me (log, mail, etc...)?

Thanks! =D

Em dom., 26 de jan. de 2020 às 17:27, Eduardo Lúcio Amorim Costa <
eduardolucioac@gmail.com> escreveu:

> Gentlemen,
>
> I found your answers very useful, so I took the liberty of publishing them
> on the thread I opened about the problem on the internet (
> https://unix.stackexchange.com/a/564223/61742 ).
>
> If you do not want this content to continue to be published, please let me
> know so I can delete it.
>
> Thanks! =D
>
> Em dom., 26 de jan. de 2020 às 08:12, G.W. Haywood via clamav-users <
> clamav-users@lists.clamav.net> escreveu:
>
>> Hi there,
>>
>> On Sat, 25 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote:
>>
>> > *QUESTION:* What does the "clamav@scan" service do by default if it
>> finds
>> > threats?
>>
>> I do not know exactly which package you are using. The behaviour of
>> the service provided by a package will depend on how it was configured
>> by the package provider. Assuming the package maintainer has not lost
>> his sanity, the service will be configured simply to report findings
>> (for example by logging a message to a system log and, if you use a
>> command-line tool, printing a message on the tty/terminal/whatever).
>>
>> Read the documentation on the ClamAV Website for more information:
>>
>> http://www.clamav.net/documents/clam-antivirus-user-manual
>>
>> Copies and parodies of ClamAV documentation elsewhere on the Internet
>> can be out of date, misleading, sometimes incorrect, and occasionally
>> downright dangerous.
>>
>> > *FURTHER QUESTION:* I would like ClamAV to have the "classic" behavior
>> of
>> > an antivirus engine, that is, remove threats automatically. If he
>> doesn't
>> > do this by default what should I do to make him do it?
>>
>> Read the part which says
>>
>> "Be careful!"
>>
>> If you have not yet found that part, keep reading until you do.
>>
>> > *NOTES:*
>> > *I* - The operating system of choice was CentOS 7 and the process used
>> is
>> > described in this tutorial
>> >
>> https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/
>>
>> Generally speaking I recommend that you avoid tutorials like this
>> because they tend to make decisions for you without the benefit of
>> information about your situation which only you can have. I recommend
>> that you do NOT attempt to automate threat removal on any Linux system
>> without very careful consideration. Careless use of ClamAV on a Linux
>> system will do more harm than good. In particular, this tutorial will
>> have you scan locations in the filesystem which can not safely be
>> scanned with ClamAV, nor with any anti-virus tool. Keep in mind that,
>> even in a minimal installation, ClamAV scans for much more than just
>> viruses and malware and that the false positive rate is never zero. I
>> feel that you do not at present understand the issues well enough to
>> consider them sufficiently carefully.
>>
>> I have been using ClamAV for many years, on hundreds of Linux systems.
>> Perhaps this is mainly because of good hygiene but I have not yet seen
>> ClamAV find a Linux virus, nor Linux malware, nor Linux rootkit on any
>> Linux system. I should be pleased if anyone who has will report, here
>> on this list, what they have found, when they found it, and how they
>> think it got there. Any Linux system which has been compromised is a
>> danger, and my advice would be to rebuild it from scratch.
>>
>> --
>>
>> 73,
>> Ged.
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> --
> *Eduardo Lúcio*
> LightBase Consultoria em Software Público
> eduardo.lucio@LightBase.com.br
> *+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
> *Software livre! Abrace essa idéia!*
> *"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*
>
>
> *Abraham Lincoln*
>


--
*Eduardo Lúcio*
LightBase Consultoria em Software Público
eduardo.lucio@LightBase.com.br
*+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
*Software livre! Abrace essa idéia!*
*"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*


*Abraham Lincoln*

On 1/26/20 3:33 PM, Eduardo Lúcio Amorim Costa wrote:
> People,
>
> Taking into account this statement by G.W. Haywood...
>
> "Assuming the package maintainer has not lost his sanity, the service
> will be configured simply to report findings (for example by logging a
> message to a system log and, if you use a command-line tool, printing a
> message on the tty/terminal/whatever)."
>
> ... and I have one last question (it may sound stupid =D )...
>
> Is it correct to assume that the "clamd@scan" service, once started, can
> find threats that already exist on my server? I explain better! Suppose
> that on my file system I already had a malicious file - identifiable as
> a threat by ClamAV's heuristics - before my ClamAV installation waiting
> to be executed by someone unsuspecting. Is it correct to assume that the
> "clamd@scan" service in its normal operation will eventually find that
> threat and notify me (log, mail, etc...)?

No, clamd will only process files passed to it from some other program
like clamdscan or clamav-milter. I think you really need to read more
of the documentation to understand what clamd and friends do.

>
> Thanks! =D
>
> Em dom., 26 de jan. de 2020 às 17:27, Eduardo Lúcio Amorim Costa
> <eduardolucioac@gmail.com <mailto:eduardolucioac@gmail.com>> escreveu:
>
> Gentlemen,
>
> I found your answers very useful, so I took the liberty of
> publishing them on the thread I opened about the problem on the
> internet ( https://unix.stackexchange.com/a/564223/61742 ).
>
> If you do not want this content to continue to be published, please
> let me know so I can delete it.
>
> Thanks! =D
>
> Em dom., 26 de jan. de 2020 às 08:12, G.W. Haywood via clamav-users
> <clamav-users@lists.clamav.net
> <mailto:clamav-users@lists.clamav.net>> escreveu:
>
> Hi there,
>
> On Sat, 25 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users
> wrote:
>
> > *QUESTION:* What does the "clamav@scan" service do by default
> if it finds
> > threats?
>
> I do not know exactly which package you are using.  The behaviour of
> the service provided by a package will depend on how it was
> configured
> by the package provider.  Assuming the package maintainer has
> not lost
> his sanity, the service will be configured simply to report findings
> (for example by logging a message to a system log and, if you use a
> command-line tool, printing a message on the tty/terminal/whatever).
>
> Read the documentation on the ClamAV Website for more information:
>
> http://www.clamav.net/documents/clam-antivirus-user-manual
>
> Copies and parodies of ClamAV documentation elsewhere on the
> Internet
> can be out of date, misleading, sometimes incorrect, and
> occasionally
> downright dangerous.
>
> > *FURTHER QUESTION:* I would like ClamAV to have the "classic"
> behavior of
> > an antivirus engine, that is, remove threats automatically.
> If he doesn't
> > do this by default what should I do to make him do it?
>
> Read the part which says
>
> "Be careful!"
>
> If you have not yet found that part, keep reading until you do.
>
> > *NOTES:*
> > *I* - The operating system of choice was CentOS 7 and the
> process used is
> > described in this tutorial
> >
> https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/
>
> Generally speaking I recommend that you avoid tutorials like this
> because they tend to make decisions for you without the benefit of
> information about your situation which only you can have.  I
> recommend
> that you do NOT attempt to automate threat removal on any Linux
> system
> without very careful consideration.  Careless use of ClamAV on a
> Linux
> system will do more harm than good.  In particular, this
> tutorial will
> have you scan locations in the filesystem which can not safely be
> scanned with ClamAV, nor with any anti-virus tool.  Keep in mind
> that,
> even in a minimal installation, ClamAV scans for much more than just
> viruses and malware and that the false positive rate is never
> zero.  I
> feel that you do not at present understand the issues well enough to
> consider them sufficiently carefully.
>
> I have been using ClamAV for many years, on hundreds of Linux
> systems.
> Perhaps this is mainly because of good hygiene but I have not
> yet seen
> ClamAV find a Linux virus, nor Linux malware, nor Linux rootkit
> on any
> Linux system.  I should be pleased if anyone who has will
> report, here
> on this list, what they have found, when they found it, and how they
> think it got there.  Any Linux system which has been compromised
> is a
> danger, and my advice would be to rebuild it from scratch.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> --
> *Eduardo Lúcio*
> LightBase Consultoria em Software Público
> eduardo.lucio@LightBase.com.br <mailto:eduardo.lucio@LightBase.com.br>
> *+55-61-3347-1949 - http://brlight.org <http://brlight.org/> -
> Brasil-DF*
> **
> /*Software livre! Abrace essa idéia!*/**
> */"Aqueles que negam liberdade aos outros não a merecem para si
> mesmos."/*
> */Abraham Lincoln
>
> /*
>
>
>
> --
> *Eduardo Lúcio*
> LightBase Consultoria em Software Público
> eduardo.lucio@LightBase.com.br <mailto:eduardo.lucio@LightBase.com.br>
> *+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
> **
> /*Software livre! Abrace essa idéia!*/**
> */"Aqueles que negam liberdade aos outros não a merecem para si mesmos."/*
> */Abraham Lincoln
>
> /*


--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 https://www.nwra.com/

Hi there,

On Sun, 26 Jan 2020, Eduardo L?cio Amorim Costa via clamav-users wrote:

> Is it correct to assume that the "clamd@scan" service, once started, can
> find threats that already exist on my server? ...

Your question says: "can find" - Strictly speaking, yes this is correct.
But the question and my answer need some qualification.

> ... Is it correct to assume that the "clamd@scan" service in its
> normal operation will eventually find that threat and notify me
> (log, mail, etc...)?

"will eventually find" - No, this is certainly not correct. You need

(1) Something which will show it to clamd. This is 'running a scan',
there is more than one way to do it.

Consider also the probability that ClamAV will find a threat even if
you know it is there somewhere. This is not magic. In the end it all
boils down to a comparison operation. So you also need

(2) Something which causes clamd to detect the threat _if_ it sees it.

This is either a signature in a database, or some ClamAV code.

My estimate is that on a good day you have about a one in three chance
that ClamAV will find a random threat. There are not-so-good days, we
call them "zero days", on which you have no chance at all; and unless
something is done to cause ClamAV to recognize that threat (either by
a change to a database, or to the code) ClamAV will never detect it -
no matter how many times it sees it.

Please spend some quality time with the documentation.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Thank you friends!

I confess that I am a little disappointed... If "clamd@scan" does not
regularly scan my disk, what is its use then?

I confess that I was a little "lost" with ClamAV documentation... In fact,
the only things I need are that ClamAV scan my server's disk for threats
and also stop them before it happens. I thought this was simpler doing it
with ClamAV...

Thank you very much anyway!

Sorry for my bad English! =D

Thanks! =D

Em seg., 27 de jan. de 2020 às 08:01, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> escreveu:

> Hi there,
>
> On Sun, 26 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote:
>
> > Is it correct to assume that the "clamd@scan" service, once started, can
> > find threats that already exist on my server? ...
>
> Your question says: "can find" - Strictly speaking, yes this is correct.
> But the question and my answer need some qualification.
>
> > ... Is it correct to assume that the "clamd@scan" service in its
> > normal operation will eventually find that threat and notify me
> > (log, mail, etc...)?
>
> "will eventually find" - No, this is certainly not correct. You need
>
> (1) Something which will show it to clamd. This is 'running a scan',
> there is more than one way to do it.
>
> Consider also the probability that ClamAV will find a threat even if
> you know it is there somewhere. This is not magic. In the end it all
> boils down to a comparison operation. So you also need
>
> (2) Something which causes clamd to detect the threat _if_ it sees it.
>
> This is either a signature in a database, or some ClamAV code.
>
> My estimate is that on a good day you have about a one in three chance
> that ClamAV will find a random threat. There are not-so-good days, we
> call them "zero days", on which you have no chance at all; and unless
> something is done to cause ClamAV to recognize that threat (either by
> a change to a database, or to the code) ClamAV will never detect it -
> no matter how many times it sees it.
>
> Please spend some quality time with the documentation.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
*Eduardo Lúcio*
LightBase Consultoria em Software Público
eduardo.lucio@LightBase.com.br
*+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
*Software livre! Abrace essa idéia!*
*"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*


*Abraham Lincoln*

Howdy

So... clamd@scan is a system service which is used on RedHat derived systems via variants of the EPEL packed version of ClamAV.

By itself it does nothing. You need to tell it what to do by use of the clamdscan binary, which passes file contents/file names/file descriptors (depending on configuration) to the listening clamd service.

It's possible to create multiple clamd services by creating different config files in /etc/clamd.d/, which are then referenced by different clamd@ service names - so for example clamd@scan, clamd@mail etc.

If you want to do a daily scan, the basic command would be:

clamdscan /

...but you need to configure clamd in /etc/clamd.d/scan.conf to do this.

More details for EPEL based ClamAV packages are here:

https://src.fedoraproject.org/rpms/clamav
https://src.fedoraproject.org/rpms/clamav/blob/master/f/clamd-README

Graeme




From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Eduardo Lúcio Amorim Costa via clamav-users <clamav-users@lists.clamav.net>
Reply to: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Monday, 27 January 2020 at 14:19
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Eduardo Lúcio Amorim Costa <eduardolucioac@gmail.com>, "G.W. Haywood" <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] ClamAV - What does the “clamd@scan” service do by default?

Thank you friends!

I confess that I am a little disappointed... If "clamd@scan" does not regularly scan my disk, what is its use then?

I confess that I was a little "lost" with ClamAV documentation... In fact, the only things I need are that ClamAV scan my server's disk for threats and also stop them before it happens. I thought this was simpler doing it with ClamAV...

Thank you very much anyway!

Sorry for my bad English! =D

Thanks! =D

Hi there,

On Mon, 27 Jan 2020, Graeme Fowler via clamav-users wrote:

> If you want to do a daily scan, the basic command would be:
>
> clamdscan /
>
> ...but you need to configure clamd in /etc/clamd.d/scan.conf to do this.

And at the risk of sounding like a broken record, the command

clamdscan /

is probably more dangerous than the things you're worried about.

There are parts of a Linux filesystem which you must not scan,
because in Linux (and Unix systems generally) much of the guts
of the system is exposed as what appears to be files in the
filesystem, all of which appear somewhere below '/'. Raw disc
devices, USB hardware, sound devices, input and display devices
for example can be found under /dev.

You don't really want to scan your microphone, do you?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Don't know about scanning a microphone, but ClamAV would have endless
fun scanning a disk:

# l /dev/sdf
brw-rw---- 1 root disk 8, 80 Dec 7 22:32 /dev/sdf

# hexdump -C /dev/sdf | head
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001b0 00 00 00 00 00 00 00 00 e3 73 1a 28 00 00 00 00 |.........s.(....|
000001c0 02 00 ee ff ff ff 01 00 00 00 ae 88 e0 e8 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 |EFI PART....\...|
00000210 0b f9 e1 c5 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000220 ae 88 e0 e8 00 00 00 00 22 00 00 00 00 00 00 00 |........".......|

Or a mouse:

# l /dev/input/mouse0
crw-r----- 1 root root 13, 32 Nov 3 14:46 /dev/input/mouse0

# hexdump -C /dev/input/mouse0
00000000 08 0e 04 08 10 04 08 13 06 08 12 03 08 12 02 08 |................|
00000010 13 04 08 12 03 08 0f 02 08 0a 02 08 07 03 08 03 |................|
00000020 02 08 01 00 08 01 00 08 02 01 08 02 01 08 02 00 |................|
00000030 28 02 ff 28 02 ff 28 01 ff 28 02 fd 28 01 fb 28 |(..(..(..(..(..(|
00000040 00 fa 28 01 f7 28 00 f6 28 00 f5 28 00 f4 38 ff |..(..(..(..(..8.|
00000050 f3 38 fe f2 38 ff f0 38 fe f3 38 ff f4 38 ff f5 |.8..8..8..8..8..|
00000060 28 00 f6 38 ff f8 28 00 fb 38 ff fd 08 00 01 08 |(..8..(..8......|
00000070 00 01 08 00 01 08 00 02 18 ff 03 08 00 03 18 ff |................|
[ad infinitum]



On Mon, 27 Jan 2020 15:06:46 +0000 (GMT)
"G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Mon, 27 Jan 2020, Graeme Fowler via clamav-users wrote:
>
> > If you want to do a daily scan, the basic command would be:
> >
> > clamdscan /
> >
> > ...but you need to configure clamd in /etc/clamd.d/scan.conf to do
> > this.
>
> And at the risk of sounding like a broken record, the command
>
> clamdscan /
>
> is probably more dangerous than the things you're worried about.
>
> There are parts of a Linux filesystem which you must not scan,
> because in Linux (and Unix systems generally) much of the guts
> of the system is exposed as what appears to be files in the
> filesystem, all of which appear somewhere below '/'. Raw disc
> devices, USB hardware, sound devices, input and display devices
> for example can be found under /dev.
>
> You don't really want to scan your microphone, do you?

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Very funny! I'm almost hysterical!

I suggest you take a look at other products like
https://www.sophos.com/en-us/products/free-tools.aspx . Maybe you will even
learn how to make a real product or maybe even learn how to make money.

Maybe you should get busy with something productive or learn one or two
things about how to be someone in the world of free software.

Thanks!

Em seg., 27 de jan. de 2020 às 14:47, Paul Kosinski via clamav-users <
clamav-users@lists.clamav.net> escreveu:

> Don't know about scanning a microphone, but ClamAV would have endless
> fun scanning a disk:
>
> # l /dev/sdf
> brw-rw---- 1 root disk 8, 80 Dec 7 22:32 /dev/sdf
>
> # hexdump -C /dev/sdf | head
> 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> |................|
> *
> 000001b0 00 00 00 00 00 00 00 00 e3 73 1a 28 00 00 00 00
> |.........s.(....|
> 000001c0 02 00 ee ff ff ff 01 00 00 00 ae 88 e0 e8 00 00
> |................|
> 000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> |................|
> *
> 000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa
> |..............U.|
> 00000200 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 |EFI
> PART....\...|
> 00000210 0b f9 e1 c5 00 00 00 00 01 00 00 00 00 00 00 00
> |................|
> 00000220 ae 88 e0 e8 00 00 00 00 22 00 00 00 00 00 00 00
> |........".......|
>
> Or a mouse:
>
> # l /dev/input/mouse0
> crw-r----- 1 root root 13, 32 Nov 3 14:46 /dev/input/mouse0
>
> # hexdump -C /dev/input/mouse0
> 00000000 08 0e 04 08 10 04 08 13 06 08 12 03 08 12 02 08
> |................|
> 00000010 13 04 08 12 03 08 0f 02 08 0a 02 08 07 03 08 03
> |................|
> 00000020 02 08 01 00 08 01 00 08 02 01 08 02 01 08 02 00
> |................|
> 00000030 28 02 ff 28 02 ff 28 01 ff 28 02 fd 28 01 fb 28
> |(..(..(..(..(..(|
> 00000040 00 fa 28 01 f7 28 00 f6 28 00 f5 28 00 f4 38 ff
> |..(..(..(..(..8.|
> 00000050 f3 38 fe f2 38 ff f0 38 fe f3 38 ff f4 38 ff f5
> |.8..8..8..8..8..|
> 00000060 28 00 f6 38 ff f8 28 00 fb 38 ff fd 08 00 01 08
> |(..8..(..8......|
> 00000070 00 01 08 00 01 08 00 02 18 ff 03 08 00 03 18 ff
> |................|
> [ad infinitum]
>
>
>
> On Mon, 27 Jan 2020 15:06:46 +0000 (GMT)
> "G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net> wrote:
>
> > Hi there,
> >
> > On Mon, 27 Jan 2020, Graeme Fowler via clamav-users wrote:
> >
> > > If you want to do a daily scan, the basic command would be:
> > >
> > > clamdscan /
> > >
> > > ...but you need to configure clamd in /etc/clamd.d/scan.conf to do
> > > this.
> >
> > And at the risk of sounding like a broken record, the command
> >
> > clamdscan /
> >
> > is probably more dangerous than the things you're worried about.
> >
> > There are parts of a Linux filesystem which you must not scan,
> > because in Linux (and Unix systems generally) much of the guts
> > of the system is exposed as what appears to be files in the
> > filesystem, all of which appear somewhere below '/'. Raw disc
> > devices, USB hardware, sound devices, input and display devices
> > for example can be found under /dev.
> >
> > You don't really want to scan your microphone, do you?
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
*Eduardo Lúcio*
LightBase Consultoria em Software Público
eduardo.lucio@LightBase.com.br
*+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF*
*Software livre! Abrace essa idéia!*
*"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*


*Abraham Lincoln*