Mailing List Archive

[clamav-users] using clamonacc daemon to track accessed files from linux
Hi, everyone
sorry for my novice question
what is best practice to do to track files that is accessed from my home
directory? without causing memory issues or cause computer hangs?
I am running a ubuntu 20.04.1 and I am using clamav 0.103.0
I just want to see what files is accessed by using clamonacc daemon
besides is there a pdf documentation for clamav because I searched the
website but i did not find it
Thank very much for your help and support
Br
AK
Re: [clamav-users] using clamonacc daemon to track accessed files from linux [ In reply to ]
Hi there,

On Mon, 1 Feb 2021, Bmr Xy via clamav-users wrote:

> sorry for my novice question

It's what we're here for, don't worry about it.

> what is best practice to do to track files that is accessed from my
> home directory? without causing memory issues or cause computer
> hangs? I am running a ubuntu 20.04.1 and I am using clamav 0.103.0
> I just want to see what files is accessed by using clamonacc daemon

If I were going there, I wouldn't start from here. (Old joke. :)

There are Linux tools which let you implement file access monitoring
of the kind you describe. The clamonacc daemon itself uses them, so
perhaps you should be looking to those tools and not to ClamAV.

See for example 'inotify', 'fanotify' and possibly 'dnotify'.

> besides is there a pdf documentation for clamav because I searched the
> website but i did not find it

I don't know of anything in PDF, the closest would be the 'man' pages,
which are plain text but you could turn them into PDF if you wanted to
with any of a number of utilities.

You could scrape the online manual pages, and make a PDF document from
that but it would soon be out of date. Why do you want PDF especially?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] using clamonacc daemon to track accessed files from linux [ In reply to ]
I don't have much to add to what Ged wrote regarding best practices for monitoring home directory file accesses.

The ClamAV documentation can be found online at https://www.clamav.net/documents/clam-antivirus-user-manual
If you need offline documentation, there is a local-html version inside the source tar file https://www.clamav.net/downloads/production/clamav-0.103.0.tar.gz in the docs\html directory.

Regards,
Micah


> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of
> G.W. Haywood via clamav-users
> Sent: Monday, February 1, 2021 6:13 AM
> To: Bmr Xy via clamav-users <clamav-users@lists.clamav.net>
> Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
> Subject: Re: [clamav-users] using clamonacc daemon to track accessed files
> from linux
>
> Hi there,
>
> On Mon, 1 Feb 2021, Bmr Xy via clamav-users wrote:
>
> > sorry for my novice question
>
> It's what we're here for, don't worry about it.
>
> > what is best practice to do to track files that is accessed from my
> > home directory? without causing memory issues or cause computer
> > hangs? I am running a ubuntu 20.04.1 and I am using clamav 0.103.0 I
> > just want to see what files is accessed by using clamonacc daemon
>
> If I were going there, I wouldn't start from here. (Old joke. :)
>
> There are Linux tools which let you implement file access monitoring of the
> kind you describe. The clamonacc daemon itself uses them, so perhaps you
> should be looking to those tools and not to ClamAV.
>
> See for example 'inotify', 'fanotify' and possibly 'dnotify'.
>
> > besides is there a pdf documentation for clamav because I searched the
> > website but i did not find it
>
> I don't know of anything in PDF, the closest would be the 'man' pages, which
> are plain text but you could turn them into PDF if you wanted to with any of a
> number of utilities.
>
> You could scrape the online manual pages, and make a PDF document from
> that but it would soon be out of date. Why do you want PDF especially?
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] using clamonacc daemon to track accessed files from linux [ In reply to ]
>* You could scrape the online manual pages, and make a PDF document from
*>* that but it would soon be out of date. Why do you want PDF especially?*


*Just to make it easier to read instead of going too many html docs
become two or three docs *


*pdf docs at maximum ,*


*beside also correct me if I am wrong there is a list of commands that
relate to *


*clamd daemon that list them and little bit explanation about each command but *


*does not specify how to use them whether from the command line or the
configuration *


















*for example in the manual doc mention the following:"Clamd recognizes
the following commands: PING Check the server's state. It
should reply with "PONG". VERSION Print program and
database versions. RELOAD Reload the virus databases.
SHUTDOWN Perform a clean exit. SCAN file/directory
Scan a file or a directory (recursively) with archive
support enabled (if not disabled in clamd.conf). A full path is
required."*


*for example how do I make a clean shutdown for the daemon without
killing the process *



*and without using any systemctl commands it is not mentioned as far
as I noticed*


*Br *


*AK*
Re: [clamav-users] using clamonacc daemon to track accessed files from linux [ In reply to ]
On Tue, Feb 2, 2021 at 7:23 AM Bmr Xy <xybmr7302@gmail.com> wrote:
>
> > You could scrape the online manual pages, and make a PDF document from
> > that but it would soon be out of date. Why do you want PDF especially?
>
> Just to make it easier to read instead of going too many html docs become two or three docs
>
> pdf docs at maximum ,
>
> beside also correct me if I am wrong there is a list of commands that relate to
>
> clamd daemon that list them and little bit explanation about each command but
>
> does not specify how to use them whether from the command line or the configuration
>
> for example in the manual doc mention the following:
>
> "Clamd recognizes the following commands:
>
> PING Check the server's state. It should reply with "PONG".
>
> VERSION
> Print program and database versions.
>
> RELOAD Reload the virus databases.
>
> SHUTDOWN
> Perform a clean exit.
>
> SCAN file/directory
> Scan a file or a directory (recursively) with archive support enabled (if not disabled in clamd.conf). A full path is required."
>
> for example how do I make a clean shutdown for the daemon without killing the process
>
> and without using any systemctl commands it is not mentioned as far as I noticed
>
> Br
>
> AK

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] using clamonacc daemon to track accessed files from linux [ In reply to ]
Hi there,

On Tue, 2 Feb 2021, Bmr Xy via clamav-users wrote:

> * ... many html docs become two or three docs ... *

No need for PDF in that case, just use any text editor.

> ... also correct me if I am wrong there is a list of commands that
> relate to clamd daemon that list them and little bit explanation
> about each command but does not specify how to use them whether from
> the command line or the configuration ...

It does specify. Neither. From "DESCRIPTION" in the 'man' page:

[quote]
The daemon listens for incoming connections on Unix and/or TCP socket ...
[/quote]

That means what it says. The daemon doesn't listen for commands on
its STDIN. In fact if you start it from the keyboard it generally
disconnects its input and output from the console and only listens on
a socket - which you must configure in clamd.conf.

> ... PING ...
> ... VERSION ...
> ... RELOAD ...
> ... SHUTDOWN ...
> ... SCAN ...

Here's a sample of me attempting to connect to my clamd server, via
the socket on which it is listening, by use of a console utility which
is called 'telnet'. Telnet is a general-purpose tool for connecting
to sockets and using them to send/receive information via the console:

8<----------------------------------------------------------------------
$ telnet localhost 3313
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
$
8<----------------------------------------------------------------------

As you see, the daemon on this machine refuses connections from the
local interface (::1 or 127.0.0.1) port 3313. The daemon is listening
on port 3313 (not to the default port), but not to the local host. So
here's another attempt, this time from a mail server to which it gives
the clamd scanning service:

8<----------------------------------------------------------------------
mail6:# telnet 192.168.0.257 3313
Trying 192.168.0.257...
Connected to 192.168.0.257.
Escape character is '^]'.
PING
PONG
Connection closed by foreign host.
mail6:#
8<----------------------------------------------------------------------

In that example I typed the command line ("telnet 192.168.0.257 3313"),
the clamd daemon responed with three lines of information, and then I
typed "PING" (followed of course by "ENTER" or "Carriage Return").

The daemon replied "PONG" and closed the connection.

This is a kind of inter-process communication, which you will need to
understand rather well before you can use it effectively with clamd.
Read some tutorials about daemons and IPC in general if you want to
know more about this.

> ... how do I make a clean shutdown for the daemon without killing
> the process ...

Shutting down the daemon kills the daemon process by definition.
That's what the command is for. You wouldn't normally expect to use
it very often, although you might use the RELOAD command more and if
for example you write something like a milter you might use the SCAN
command routinely. The 'clamdscan' command-line utility uses these
kinds of communications to give to clamd the information it needs to
do the scans for you at the command line. The 'clamscan' utility is
completely different, and it does not use the clamd daemon even if one
is running on the machine.

> *and without using any systemctl commands it is not mentioned as far
> as I noticed*

ClamAV runs on many different systems, some of which do not offer the
'systemctl' command. As it is very specific to the systems which use
it, it would not be appropriate to document its use in the core ClamAV
documentation. For one thing that would make the maintenance of the
ClamAV documentation a bigger nightmare than it is already.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml