Mailing List Archive

Hi there,

On Fri, 1 May 2020, robert k Wild via clamav-users wrote:

> i have installed clamav using this link with squid so it can do realtime
> virus scanning on prople browsing the internet via this proxy
>
> https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/

The tutorial doesn't seem to mention scanning proxies at all, and the
word 'squid' doesn't even appear on that page. It makes claims about
what ClamAV can be used do which I think are not justified. I think
you might be a little out of your depth, but we can probably help more
if you tell us more about what you're trying to do.

You should be very choosy about tutorials like this that you find in
random places on the Internet. This tutorial gets you to install and
then run clamd, but doesn't use the daemon to do a scan! Perhaps the
author doesn't know that there's a 'clamdscan' utility. The tutorial
claims that ClamAV is used to secure filesystems. That's simply not
true, ClamAV was not designed for that purpose. The best that can be
said is that ClamAV can assist in detecting *some* potential threats.
It is a very long way from being the fire-and-forget magic bullet.

Perhaps the simplest way to secure a filesystem is to burn it onto a
read-only medium, but even that wouldn't be the end of the story. And
the next simplest way is probably beyond the skills of most full-time
system administrators (even those who are at present paid to do the
job by multinational corporations - witness the never-ending stream of
reports in the press about compromises); so you will be embarking on a
challenging journey if you want to take this very much further. There
is a lot of information in the documentation on the ClamAV Website and
it's all free to download. It's worth spending some quality time with
it, and if you don't understand any of it you can ask here.

> but obviously now my sdb is full and i have no space left

It doesn't seem obvious to me. What is your sdb? Is there any reason
why you can't just provide an sdb with sufficient capacity?

> i was wondering is there a way into deleting old virus
> definitions/databases as clamav must save them somewhere

Before you go breaking something you've hardly even got to know yet,
take a few steps back and let us know what you want to achieve. Don't
give us your proposals for the solutions without first explaining the
problems you want to solve in as much detail as you can.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

thanks Ged, i will look into this def

i found out what was eating all my space on sdb1, i ran the "du -sh"
command on all dirs, it was my squid logs, so i just did this and reloaded
squid

echo "" > /usr/local/squid/var/logs/access.log

echo "" > /usr/local/squid/var/logs/cache.log

/usr/local/squid/sbin/squid -k reconfigure

On Fri, 1 May 2020 at 14:14, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Fri, 1 May 2020, robert k Wild via clamav-users wrote:
>
> > i have installed clamav using this link with squid so it can do realtime
> > virus scanning on prople browsing the internet via this proxy
> >
> >
> https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/
>
> The tutorial doesn't seem to mention scanning proxies at all, and the
> word 'squid' doesn't even appear on that page. It makes claims about
> what ClamAV can be used do which I think are not justified. I think
> you might be a little out of your depth, but we can probably help more
> if you tell us more about what you're trying to do.
>
> You should be very choosy about tutorials like this that you find in
> random places on the Internet. This tutorial gets you to install and
> then run clamd, but doesn't use the daemon to do a scan! Perhaps the
> author doesn't know that there's a 'clamdscan' utility. The tutorial
> claims that ClamAV is used to secure filesystems. That's simply not
> true, ClamAV was not designed for that purpose. The best that can be
> said is that ClamAV can assist in detecting *some* potential threats.
> It is a very long way from being the fire-and-forget magic bullet.
>
> Perhaps the simplest way to secure a filesystem is to burn it onto a
> read-only medium, but even that wouldn't be the end of the story. And
> the next simplest way is probably beyond the skills of most full-time
> system administrators (even those who are at present paid to do the
> job by multinational corporations - witness the never-ending stream of
> reports in the press about compromises); so you will be embarking on a
> challenging journey if you want to take this very much further. There
> is a lot of information in the documentation on the ClamAV Website and
> it's all free to download. It's worth spending some quality time with
> it, and if you don't understand any of it you can ask here.
>
> > but obviously now my sdb is full and i have no space left
>
> It doesn't seem obvious to me. What is your sdb? Is there any reason
> why you can't just provide an sdb with sufficient capacity?
>
> > i was wondering is there a way into deleting old virus
> > definitions/databases as clamav must save them somewhere
>
> Before you go breaking something you've hardly even got to know yet,
> take a few steps back and let us know what you want to achieve. Don't
> give us your proposals for the solutions without first explaining the
> problems you want to solve in as much detail as you can.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
Regards,

Robert K Wild.