Hello
I am a newbie to both ClamAV and ClamAV Users forum.
I would like to set up and use ClamAV on a System76 Kudu laptop running
PopOS 22.04 based on Ubuntu. I have been using Linux for 8 years, but
unfortunately have yet to develop sufficient skill and confidence in
using the command line safely. Yet I must use it in order to be able to
use ClamAV now that ClamTK is not being maintained.
*A. Initially I would like to use ClamAV manually to*:-
1. Detect infected files anywhere is the OS including within email
profile folders or in a particular folder or external drive or a
particular file.
2. List the infected files in a format -- showing the directory
location where they were found -- for emailing (e.g. as a screenshot,
pdf, or ?) to someone else for help in deciding whether to quarantine
and whether to remove.
3. (Stop the process at this point and decide which ones to put in
quarantine.)
4. Move the files to be quarantined to a safe location (in whatever
way that happened in ClamTK for example) and to continue to be able to
view them in a list showing the location they came from in a format for
emailing to others as per step 2 above.
5. (Pause the process again while deciding which to delete.)
6. Delete/remove those files to be treated this way and leave the
remainder in the quarantine location for later decisions/actions.
*
B. To achieve the above*:
From my reading online ClamAV documentation and various tutorials, the
following is as far as I have got in determining how to set it up to do
this, together with the gaps in my understanding as far as I am aware.
If anyone is able/willing to help me by correcting what is wrong
(including spacing within a command), confirming what is correct for my
OS, and filling in the gaps, that would be a wonderful help.
My PopOS 22.04 is a fully updated recent fresh install. So to *install
ClamAV*, I propose to run this command in a terminal
$ sudo apt install clamav
to install the package and all its dependencies on an Ubuntu-based
system. Then run
$ sudo freshclam
to *update the virus database*.
Then, to *achieve number 1* in my list of uses of ClamAV above, I
propose to run the command:
$ sudo clamscan --recursive --infected /home/sarah
to scan and detect infections in the whole of the Home Directory
including all its subdirectories on my main internal drive. My extra
internal drive named SecondaryDrive is mounted in the Home Directory
even though it is a physically separate drive. I am imagining that if I
wished to only scan the extra drive I would run
$ sudo clamscan --recursive --infected /home/sarah/SecondaryDrive
but that otherwise it would be scanned as part of scanning the whole of
the Home Directory (is this correct? I am the only person using the
computer).
Then I am imagining that I would replace "SecondaryDrive" with
".thunderbird" for scanning and detecting in all subdirectories in just
that Thunderbird profile folder for example, on my main internal drive.
To scan and detect everything in a particular external drive I would
need to check the directory path to that inserted and mounted drive. At
the moment I am not plugging anything in to the USB ports until I have
ClamAV properly working in a way I can understand. (I have recent
experiences in the last 6 months or more of so many external drives
suddenly becoming corrupt -- using a previous installation of Pop 22.04
on a previous hard drive that has now been replaced.)
*To achieve numbers 2-6 on the list above*, I am realising I do not know
exactly how to use ClamAV. For example, where and in what format the
infected files are listed, what is a safe location for quarantining and
how to move files to that rather than remove them, how to use ClamAV to
remove some items but leave other still in quarantine. So there are big
gaps where I seem to have got lost in following tutorials and
documentation and how to adapt it to my situation.
So I am hoping this message may reach someone with the patience and
ability to cope with my very basic questions and lack of knowledge in
this area.
Thank you very much and best wishes to you all
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
