People, Taking into account this statement by G.W. Haywood...
"Assuming the package maintainer has not lost his sanity, the service will be configured simply to report findings (for example by logging a message to a system log and, if you use a command-line tool, printing a message on the tty/terminal/whatever)." ... and I have one last question (it may sound stupid =D )... Is it correct to assume that the "clamd@scan" service, once started, can find threats that already exist on my server? I explain better! Suppose that on my file system I already had a malicious file - identifiable as a threat by ClamAV's heuristics - before my ClamAV installation waiting to be executed by someone unsuspecting. Is it correct to assume that the "clamd@scan" service in its normal operation will eventually find that threat and notify me (log, mail, etc...)? Thanks! =D Em dom., 26 de jan. de 2020 às 17:27, Eduardo Lúcio Amorim Costa < eduardoluci...@gmail.com> escreveu: > Gentlemen, > > I found your answers very useful, so I took the liberty of publishing them > on the thread I opened about the problem on the internet ( > https://unix.stackexchange.com/a/564223/61742 ). > > If you do not want this content to continue to be published, please let me > know so I can delete it. > > Thanks! =D > > Em dom., 26 de jan. de 2020 às 08:12, G.W. Haywood via clamav-users < > clamav-users@lists.clamav.net> escreveu: > >> Hi there, >> >> On Sat, 25 Jan 2020, Eduardo Lúcio Amorim Costa via clamav-users wrote: >> >> > *QUESTION:* What does the "clamav@scan" service do by default if it >> finds >> > threats? >> >> I do not know exactly which package you are using. The behaviour of >> the service provided by a package will depend on how it was configured >> by the package provider. Assuming the package maintainer has not lost >> his sanity, the service will be configured simply to report findings >> (for example by logging a message to a system log and, if you use a >> command-line tool, printing a message on the tty/terminal/whatever). >> >> Read the documentation on the ClamAV Website for more information: >> >> http://www.clamav.net/documents/clam-antivirus-user-manual >> >> Copies and parodies of ClamAV documentation elsewhere on the Internet >> can be out of date, misleading, sometimes incorrect, and occasionally >> downright dangerous. >> >> > *FURTHER QUESTION:* I would like ClamAV to have the "classic" behavior >> of >> > an antivirus engine, that is, remove threats automatically. If he >> doesn't >> > do this by default what should I do to make him do it? >> >> Read the part which says >> >> "Be careful!" >> >> If you have not yet found that part, keep reading until you do. >> >> > *NOTES:* >> > *I* - The operating system of choice was CentOS 7 and the process used >> is >> > described in this tutorial >> > >> https://hostpresto.com/community/tutorials/how-to-install-clamav-on-centos-7/ >> >> Generally speaking I recommend that you avoid tutorials like this >> because they tend to make decisions for you without the benefit of >> information about your situation which only you can have. I recommend >> that you do NOT attempt to automate threat removal on any Linux system >> without very careful consideration. Careless use of ClamAV on a Linux >> system will do more harm than good. In particular, this tutorial will >> have you scan locations in the filesystem which can not safely be >> scanned with ClamAV, nor with any anti-virus tool. Keep in mind that, >> even in a minimal installation, ClamAV scans for much more than just >> viruses and malware and that the false positive rate is never zero. I >> feel that you do not at present understand the issues well enough to >> consider them sufficiently carefully. >> >> I have been using ClamAV for many years, on hundreds of Linux systems. >> Perhaps this is mainly because of good hygiene but I have not yet seen >> ClamAV find a Linux virus, nor Linux malware, nor Linux rootkit on any >> Linux system. I should be pleased if anyone who has will report, here >> on this list, what they have found, when they found it, and how they >> think it got there. Any Linux system which has been compromised is a >> danger, and my advice would be to rebuild it from scratch. >> >> -- >> >> 73, >> Ged. >> >> _______________________________________________ >> >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > > -- > *Eduardo Lúcio* > LightBase Consultoria em Software Público > eduardo.lu...@lightbase.com.br > *+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF* > *Software livre! Abrace essa idéia!* > *"Aqueles que negam liberdade aos outros não a merecem para si mesmos."* > > > *Abraham Lincoln* > -- *Eduardo Lúcio* LightBase Consultoria em Software Público eduardo.lu...@lightbase.com.br *+55-61-3347-1949 - http://brlight.org <http://brlight.org/> - Brasil-DF* *Software livre! Abrace essa idéia!* *"Aqueles que negam liberdade aos outros não a merecem para si mesmos."* *Abraham Lincoln*
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
