Sarah,
On Sun, 21 Jul 2024 16:08:30 +1200 you wrote:
> ...
> $ sudo clamscan --recursive --infected /home/sarah
I would not recommend scanning the complete home directory on a regular
basis. You can do that once after you have everything set-up, but it
may take quite some time ...
Basically malware enters your personal computer using three ways:
- Foreign USB sticks or CDs.
- Downloading stuff from the internet (whether on purpose or inadver-
tently by being tricked into clicking on some link).
- Incoming mail.
So after mounting some USB stick or similar I would suggest to manually
run
$ clamscan --recursive --infected <USB-mount-point>
before touching any file there ("sudo" isn't necessary for files and di-
rectories you have access to anyway). To check downloaded files I have
configured "clamonacc" to permanently keep an eye on my "Downloads/"
folder. And you should have every incoming mail scanned automatically,
but I do not use Thunderbird and thus haven't the slightest idea how to
achieve this in your case.
Personally I have ClamAV configured not to quarantaine or delete infect-
ed files, just to inform me. I have to act, and whether I act on the
infected files in their original locations or in a quarantaine directory
does not really make much difference.
> ...
> I am realising I do not know
> exactly how to use ClamAV. For example, where and in what format the
> infected files are listed,
The "clamscan" programme just prints it on standard output. And with
respect to "clamonacc" run
$ man clamd.conf
and search for configuration option "VirusEvent".
Sincerely,
Rainer
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
