Hi there, On Sat, 25 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote:
*QUESTION:* What does the "clamav@scan" service do by default if it finds threats?
I do not know exactly which package you are using. The behaviour of the service provided by a package will depend on how it was configured by the package provider. Assuming the package maintainer has not lost his sanity, the service will be configured simply to report findings (for example by logging a message to a system log and, if you use a command-line tool, printing a message on the tty/terminal/whatever). Read the documentation on the ClamAV Website for more information: http://www.clamav.net/documents/clam-antivirus-user-manual Copies and parodies of ClamAV documentation elsewhere on the Internet can be out of date, misleading, sometimes incorrect, and occasionally downright dangerous.
*FURTHER QUESTION:* I would like ClamAV to have the "classic" behavior of an antivirus engine, that is, remove threats automatically. If he doesn't do this by default what should I do to make him do it?
Read the part which says "Be careful!" If you have not yet found that part, keep reading until you do.
*NOTES:* *I* - The operating system of choice was CentOS 7 and the process used is described in this tutorial https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/
Generally speaking I recommend that you avoid tutorials like this because they tend to make decisions for you without the benefit of information about your situation which only you can have. I recommend that you do NOT attempt to automate threat removal on any Linux system without very careful consideration. Careless use of ClamAV on a Linux system will do more harm than good. In particular, this tutorial will have you scan locations in the filesystem which can not safely be scanned with ClamAV, nor with any anti-virus tool. Keep in mind that, even in a minimal installation, ClamAV scans for much more than just viruses and malware and that the false positive rate is never zero. I feel that you do not at present understand the issues well enough to consider them sufficiently carefully. I have been using ClamAV for many years, on hundreds of Linux systems. Perhaps this is mainly because of good hygiene but I have not yet seen ClamAV find a Linux virus, nor Linux malware, nor Linux rootkit on any Linux system. I should be pleased if anyone who has will report, here on this list, what they have found, when they found it, and how they think it got there. Any Linux system which has been compromised is a danger, and my advice would be to rebuild it from scratch. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
