- Command-Line Interface Versus Graphic User Interface
- GUI Scan of Individual Files/Directories
- ClamAV Configuration
GUI Scan of Individual Files/Directories
clamaktion is a little utility that allows users of KDE 3.1 and newer to run clamscan via Konqueror. Just right-click on highlighted files.
To install, download it to any convenient directory from http://web.tiscali.it/rospolosco/clamaktion/.
$ tar xzvf clamaktion $ cd clamaktion-utility* open the script with a text editor$ nano clamaktion
For Debian, you’ll have to change
I changed the call to the executable from
# OPTIONS="--deb --infected --log=$LOGFILE –move=$QUARANTINE_DIR"
OPTIONS="--deb --infected --log=$LOGFILE
I deleted the move command because I expect to be using this to open a single file or directory at a time. I’d also rather move files manually than chance moving something I actually wanted in its place in the directory tree and accidentally breaking an application in the event of a false-positive.
I then changed the line
You can then close the editor and install the program:
To use ClamAV, right-click a file or directory in Konqueror, open the Action menu, select Scan with Clam AntiVirus (see Figure 4). A terminal window will open and tell you if you have an infected file.
Figure 4 Scan with Clam AntiVirus.
Real-Time Scan Files on Access
This requires the installation of the Dazuko kernel module, which probably means you’d better know exactly what you are doing here.
Here's what the program documentation says:
This module is not required to run clamd—furthermore, you shouldn't run Dazuko on production systems.
Running in automatic delete is risky. The fact that there’s stuff you want filtered out of an incoming mailstream does not mean you want to zap the mailboxes containing it or, if you’re using a virtualization environment, that you actually want to erase your guest’s virtual disk. The malware scan picks up on messages containing phishing spams (which are harmless if you don’t click on them). If you sent a spam complaint, the same malware alerts will show up in your outgoing mailboxes, too. In mail, you should concentrate on making sure embedded and attached malware get hammered into oblivion.
I wouldn’t be too concerned about seeing something like:
/home/alizard/win/windows/temp/eud5203.txt: HTML.Phishing.Bank-1 FOUND
Unless you bought something or left your user info as a result of this e-mail attachment, it is not going to execute—especially on a Linux box.
Another thing not to worry too much about: Oversized.zip. Files larger than a certain size or with zip compression methods ClamAV doesn’t understand will get that "virus" name. A certain zip malware class screws up people’s drives with ridiculous compression rations to fill the whole filesystem with garbage. For instance, a 1KB zip decompresses to a 1GB uncompressed file via 1,000,000/1 compression ratio.
I’d check the uncompressed file by the command line:
username@machinename ~/virus$ unzip -lv your* Archive: your_text.zip Length Method Size Ratio Date Time CRC-32 Name -------- ------ ------- ----- ---- ---- ------ ---- 73541 Stored 73541 0% 04-18-05 13:59 5d32585f mail.document.Datex-packed.exe -------- ------- --- ------- 73541 73541 0% 1 file
From your desktop, open Konqueror, find the file of interest, highlight the file, right-click Actions, select Preview in Archiver and see the same information.
If the file has an identifiable virus, contact the vendor immediately and let them know where you got it. If it’s a Windows file your scanner can’t read and/or it’s a zip that your unzip program can’t list, and if you have a Windows box or Windows VM, use a Windows virus scanner.
However, if you install primarily applications from your distro’s repositories, complete with digital signatures, you probably will never see a problem with installed software coming from malware-infected files.
As for resource loading when operating, I’ve found that if running in background, it slows down file I/O, but it’s only noticeable when you are accessing files.