Hi there, On Tue, 18 Jan 2022, colin course via clamav-users wrote:
... i do not like the look of what that cron file is saying looks bad ... cron tab
The 'cron' system is usually part of the core of more or less any Linux installation. There are alternatives to it but they function in the same general way, running jobs to a schedule called a crontab. Use the 'man' command to see the manual page about crontab. Type: man crontab at a shell prompt (sometimes people call it a 'terminal' window, it's a different thing that effectively does a similar job). There's what we call a 'man page' for more or less every command on the system and a whole lot more than that for some commands, and also a lot of pages for things which aren't commands but for example configuration files. It should be safe to explore the 'man' pages, you can type man cron for the man page about 'cron', and you can even type man man for the man page about 'man'. :)
1 2 7 12 * * * /usr/bin/clamscan \ --exclude-dir=/home/zone8/.clamtk/viruses \ --exclude-dir=smb4k \ --exclude-dir=/run/user/zone8/gvfs \ --exclude-dir=/home/zone8/.gvfs \ --exclude-dir=.thunderbird \ --exclude-dir=.mozilla-thunderbird \ --exclude-dir=.evolution \ --exclude-dir=Mail \ --exclude-dir=kmail \ -i --detect-pua -r /home/zone8 \ --log="$HOME/.clamtk/history/$(date +\%b-\%d-\%Y).log" \ 2>/dev/null # clamtk-scan
I've reformatted your mail to show what I think it's telling me. The way I've done it might help you make sense of it. I hope so. You'll probably need to look at the ClamAV documentation to work it all out but it should be fairly straightforward. The numbers '1' and '2' at the beginnings of the first two lines could be misleading, but I think that they're just sequential line numbers (the first line being empty) and so I think they're not important. You won't see them if you just type 'crontab -l' at a shell prompt to see your crontab. A convention we use to break long lines for example in emails is to put a backslash character at the end of a line which means that the next line is to be treated as a continuation of the previous line. Confusing it further is the convention that when I quote your mail, each line of the quote is preceded by the characters '> ' but I think you'll get the idea. Although I have to say I wouldn't do anything like that, I don't know why you don't like the look of the crontab entry. It's just a single job which if I read your mail right is started daily at seven minutes past noon and uses clamscan to scan your home directory, with a bunch of directories excluded from the scan. I don't know much about your system so can't really pass judgement on the command, but it's normal to see that kind of scheduled job in a crontab. It could easily be the sort of thing that was added to your crontab by an anti-virus tool which you've installed but it doesn't look like anything malicious. I would say there seems to be no built-in protection against overload, so if the job doesn't finish by seven minutes past noon the next day then cron will try to run another one. Things might then go downhill from there. Without more information there's no way to know how long a scan will take, so I don't know if that's a problem, but some scans can take many hours. My feeling is that generally the longer a scan takes, the less useful it is likely to be. At this point I can't say for sure if your statement that you've been chasing viruses is to be taken at face value or not. You might just have been chasing your own tail. I must admit that I have had some difficulty understanding your posts completely. Do you know anything at all about the viruses that you claim to have been chasing? -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
