Hi there,
On Wed, 16 Nov 2022, Nikola Nikolić via clamav-users wrote:
sre, 16. nov 2022. G.W. Haywood via clamav-users је написао/ла:
On Wed, 16 Nov 2022, Nikola Nikolić via clamav-users wrote:
I’m trying to setup OnAccessScanning on my VM but I’m running in a
lot of problems.
Every time I do “sudo clamonacc” I get next:
ERROR: ClamClient: Could not connect to clamd, Couldn't connect to server
ERROR: Clamonacc: daemon is local, but a connection could not be established
Before we deep-dive into your configuration and scripting, can you
confirm that the clamd daemon is actually running?
How can i provide that informatio, if you can lead me with instructions.
You'll probably need to do some more reading. Quite a lot, I'm afraid.
There are very many ways to do what I asked. Below are three. It's a
cut-n-paste from a 'bash' shell session on my clamd server. In case
your mail reader has done something helpful with it, there are three
commands (on the lines which begin with a '$' symbol), and six lines
of command output making nine lines in total between the ASCII art
'cut' marks. The output from the second and third commands is shown
in nice neat columns:
8<----------------------------------------------------------------------
$ pidof clamd
745
$ ps aux | grep clam
clamav 723 0.0 0.1 63316 6844 ? Ss Nov04 0:44
/usr/local/bin/freshclam -d --config-file=/etc/mail/clamav/freshclam.conf
clamav 745 0.2 32.9 1636312 1293948 ? Dsl Nov04 35:54
/usr/local/sbin/clamd --config-file=/etc/mail/clamav/clamd_tcp3.conf
root 1265 0.0 0.0 7344 552 pts/2 S+ 11:38 0:00 grep clam
$ top -b -n 1 | grep clam
723 clamav 20 0 63316 6844 6112 S 0.0 0.2 0:44.72 freshclam
745 clamav 20 0 1636312 1.2g 5720 S 0.0 32.9 35:53.17 clamd
8<----------------------------------------------------------------------
You can see that the clamd process ID on this machine is 745 and the
process is using 1.2Gbytes of memory. That's probably a bit more than
most clamd daemons will be using (the official signatures will use in
the region of a gigabyte, but I use many unofficial signatures). The
same memory consumption is also reasonable for any 'clamscan' process,
but you probably won't want to run both clamd and clamscan at the same
time. There's a tool called 'clamdscan' which does most of the work
that clamscan does. Instead of doing the scan itself it uses clamd to
do the bulk of the work. For a system running a single clamd daemon,
you should budget at least four gigabytes of memory. You can get away
with less, but to do that safely you'll need to be a lot more familiar
with your systems than you are at the moment.
Just to be clear, when the 'clamonacc' tool decides that something
needs to be scanned, it uses the 'clamd' daemon to do the actual
scanning. The clamd daemon takes a while to start because it has to
read, check and compile something approaching ten million signatures,
and then it runs indefinitely on the system just waiting for another
process to connect to it to tell it what to do. Because the clamd
process is already running, the process which tells it what to do
doesn't have to wait a long time for clamd to start up. That would
impose an unacceptable preformance penalty. Again just to be clear,
I'm not saying that the performance penalty that you will pay in any
case with "scan on access" will be acceptable to you. Only you can
know that, in the light of your experiences when you try it.
The output from the commands I showed above is terse, but there's a
lot of information in the output and you'll become familiar will it
all eventually. With some practice, quite soon you'll absorb it at a
glance; what takes minutes (even hours) now will soon sometimes take
only seconds.
There's online documentation for ClamAV at
https://docs.clamav.net/
but that requires Internet access of course. On most Linux systems
you can learn a lot, quickly, just by using the 'man' command. The
name is short for 'manual' and what you get when for example you type
man top
is the "man page" for the 'top' command. The 'grep' command is one
you'll want to learn about early in your linux career:
man grep
Apart obviously from getting the tools and documentation onto your
machine in the first place, after installation all use of the 'man'
command is entirely local to your machine and no Internet access is
needed to read the documentation. There are 'man' pages for all the
ClamAV tools. Although they're a work in progress and the odd error
or omission still surfaces, generally they're pretty good. If you
don't have the 'man' command or the "man pages" you should be able to
install them easily using the package management tools which come with
whatever distribution of Linux you have. It would help if you could
tell us things like that. Usually the 'man' pages come with the
package of tools when you install the tools, but occasionally (perhaps
when the documentation is very substantial) there's a separate package
just for the docs.
Most people find 'man' a little terse when they first start to use it,
and so it is. But generally speaking, if you're reasonably proficient
with the rest of the system, for any tool it should contain pretty
much all you need to know to use the tool effectively. Unfortunately
with a Linux system becoming "reasonably proficient" if starting from
scratch will take anywhere between months and years, depending on the
effort you put into it.
Can I suggest that you spend some quality time with a Linux primer?
I don't know how up-to-date the TLDP is nowadays but many things are
unlikely to change:
https://tldp.org/LDP/sag/html/system-monitoring.html
There are many, many tutorial sites around the Internet. Most leave a
lot to be desired but equally most will get you going with the basics.
This isn't the right list for this kind of thing, you should look for
alternatives for general system administration, but if you keep the
questions specific to ClamAV we'll usually be able to help. My own
preference for this kind of learning is printed books - I freely admit
that I'm a dinosaur and I'll happily read a printed manual while I'm
waiting for the kettle to boil over the camp fire...
HTH
--
73,
Ged.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
