Hello again, In what I have written below I have tried to be clear, but if my use of English is difficult for you to understand please say so and I will try harder. I am sorry if some of the things I have written seem too obvious, but I do not know what is obvious to you and what is not.
On Wed, 30 Sep 2020, Victor Miriti [ICT Security] wrote:
I would like to scan the files in my solaris 11 box.
If you have installed ClamAV properly I would expect that you now have available to you a command-line utility called 'clamscan'. At the simplest level you should, at a "shell" prompt, be able to give this command: $ clamscan /path/to/file and clamscan will scan the file. It might take a while - we can talk about that later. The '$' symbol on the line is a substitute for the prompt which your shell will give you before you type the command; you do not type it yourself. I do not know what shell you have installed so I can't tell you what it will look like on your screen. If you normally use a "graphical user interface" or 'GUI' to do most things on the box then you will need to 'open a terminal' or something like that to get a shell prompt so you can issue command-line commands. After you give a command you generally get some output on the screen. Again we can talk about that later but for now just expect to see some kind of response to the command followed by another prompt. You have to wait; you can't give another command until you get the next prompt. (Well you can't normally, there are ways, but we won't go into that.) The shell prompt normally changes from something with a '$' symbol in it to something with a '#' symbol when you change from a normal user to the 'root' user, which has elevated permissions. These permissions are generally dangerous, and the 'root' user should not be used unless there is a good reason for it. Installing system utilities will need elevated permissions for example. You should also have a utility called 'clamdscan'. Note that there is an extra letter 'd' in that command that was not in the first command. You can also give the command $ clamdscan /path/to/file and this time clamdscan will scan the file - in a way. In fact it merely passes the data to clamd and clamd does the actual scanning. So clamd needs to be running if you are to use clamdscan. It should give the result a lot quicker than 'clamscan' did. But it might not work, because you might have some configuration to do. It might be that clamd is not running and it might be that clamdscan doesn't know how to talk to it. That's where configuration probably starts but it is definitely not where it ends. What is the box used for? Is it normally connected to the Internet? How? Is there a firewall (or something similar) between it and the Internet? To what risks do you think the box is exposed? Which files do you want to scan, and why? What do you want the scan to look for? What will you do if ClamAV says it has found something?
I installed clamd
How did you install it? You can install from source, or from some 'package' which was produced by someone else. Please tell us which. Either way, please tell where you got it from. You can install for just yourself or for the entire system. Again, please tell us which. Normally you would install for the entire system but you need to have permission to do that. If you are at a bank I wonder if you have the necessary permissions. If you have installed ClamAV properly, there should be much more than just clamd installed. Amongst other things you should now have a set of what we call 'man' pages which form the bulk of the documentation which you may need for day-to-day use. If for example you type $ man clamd at a shell prompt you should see (displayed by your system-configured pager, which you will need to know how to use) the terse information typically provided by a 'man' page about clamd. It assumes that you are familiar with the way that a 'man' page is laid out, and that you already know quite a bit about the tool. It gives you the essential information that you need to be able to use it and very little more. You should also have a manual in HTML format, which is also available on the ClamAV Website, but I do not know where your local copy will be without more information from you and apparently in any case you have had some difficulty with it. If you tell us more about the difficulty we can try to help, but there is a lot for you to read and understand and we cannot do that for you. Do you know very roughly how a scan works? Do you know what clamd is and what it does? Are you familiar with the tools on your system which are used to start and stop system services, and to enquire about their status? Do you know if clamd is running on your system? If so, how? If it is not running, do you know why not? Do you know how to control (stop and start) clamd? Have you, or has your system, created a ClamAV database directory? Are there some signature files in it? Are they up to date? Do you know about freshclam? Do you know what it does? Do you know if freshclam is running? Again, how, and if not, why not? Read the following 'man' pages by typing these commands at a prompt: man clamscan man clamdscan man clamd man clamd.conf man freshclam man freshclam.conf After reading these, please let us know if anything is any clearer to you, and if you have any specific questions about what you have read. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
