Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [clamav]

58 questions
9
votes
1 answer

Warnings/Errors when running clamav/clamscan, scanning 3TB hard-drive

What I'm trying to do: I'm trying to scan my File-Server for malware, and I'm using clamav/clamscan, where the man page say's it can scan files up to 4GB. This man page states: --max-filesize=#n Extract and scan at most #n kilobytes from each…
somethingSomething
  • 5,721
  • 18
  • 58
  • 98
7
votes
1 answer

How to exclude .jpg, .jpeg, .png, .gif from a ClamAV Scan (clamscan)

I'm running a clamscan command to scan my users home directories, I'd like to exclude images from the scan as these sites specifically have thousands of images.
Matthew Douglas
  • 71
  • 1
  • 2
4
votes
2 answers

Not able to update database in ClamAV with freshclam on CentOS7

I'm running a CentOS freash out of Azure, with ClamAV installed on it, by running the following commands: yum install -y epel-release yum install -y clamav When installed, I'm running the following command to update the various databases:…
emilrn
  • 103
  • 2
  • 9
4
votes
2 answers

Permission problems for postfix to connect to clamav-milter socket

I am running postfix postfix-3.3.1_1,1 and clamav-milter clamav-milter-0.100.1_1 on FreeBSD 11.2. Postfix and the milter are set to communicate via a socket. I am not able to get the milter and postfix work together, I must be overlooking something.…
Lexib0y
  • 41
  • 1
  • 8
3
votes
1 answer

Clamav - can you only load the linux-specific definitions from /var/lib/clamav/*.cld?

We're investigating applications that seem to use large amounts of memory, one of those being clamav. We noticed that there are lots of av definitions for windows, osx, xls, doc, rtf etc. in /var/lib/clamav/main.cld that we shouldn't need to load in…
Zack Schmidt
  • 41
  • 2
3
votes
1 answer

ClamAV discovered malware in a Flatpak app - how do I determine which app it is?

During a ClamAV scan, malware was found in the following Flatpak file: /home/daniel/.local/share/flatpak/repo/objects/34/32b76db9f3df9ffb126a55624df56417c367c47d95e3f619585af51e448144.file: BC.Gif.Exploit.Agent-1425366.Agent FOUND I'm not sure what…
Daniel
  • 143
  • 7
3
votes
1 answer

How to find out which particular e-mail in Thunderbird/Icedove that contains malware Doc.Dropper.Agent-1552723 pointed out by Clamscan?

Today I ran a clamscan -ri / and got some positives for some malware. Most are in the "spam" folder, so that's no problem. But one is among my saved e-mails: /home/user/.icedove/bfa059u1.default/ImapMail/imap.server.com/INBOX.sbd/saved:…
PetaspeedBeaver
  • 1,207
  • 3
  • 15
  • 32
3
votes
1 answer

How to use ClamAV to scan the memory

How can I only scan the computer RAM for viruses using the ClamAV command clamscan? I already tried, because I found it on ClamWin forum: clamscan --memory But it seems, that the Linux version does not have the argument --memory, because I can not…
BuZZ-dEE
  • 2,033
  • 2
  • 18
  • 21
3
votes
1 answer

removing clamav with purge leaves database

I uninstalled clamav with apt-get remove --purge clamav but still I have this 100MB folder: du -shc /var/lib/clamav Why is this not deleted on purge? And how can I find out if some other installed program still uses this folder?
rubo77
  • 27,777
  • 43
  • 130
  • 199
2
votes
0 answers

ClamAV's main.cld file is too large - can it be removed or compressed?

The main.cld file in /var/lib/clamav/ is over 400 MB in size and daily.cld is over 150 MB. Are these filesizes normal and can these files be made smaller somehow? For example, by deleting them and retrieving them again, via some update or by using…
mYnDstrEAm
  • 4,008
  • 13
  • 49
  • 108
2
votes
1 answer

clamd: ERROR: LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied

For the past 13 days or so (I have a daily job) it seems I'm no longer able to install ClamAV on a clean image of Centos 7. /var/log/messages Sep 16 14:54:52 ip-172-31-42-25 systemd: Starting clamd scanner (scan) daemon... Sep 16 14:54:52…
Pedro
  • 123
  • 1
  • 6
2
votes
1 answer

Using clamav efficiently when timeshift snapshots are present

I am searching for a simple way to perform a full system scan using clamav on a machine that also has Timeshift based snapshooting enabled. As suggested by this answer on the Ubuntu site, I was using a command like: clamscan -r --bell -i…
SPArcheon
  • 123
  • 5
2
votes
0 answers

ClamAV on CentOS 7 - scan.conf or clamd.conf

I've just tried to configure ClamAv on a CentOS 7 set-up. I managed to get it to work albeit with a rodeo-trick. I would like to know why there are two differently named configuration files within ClamAV on Linux: some set-ups mention…
Gustav
  • 41
  • 2
  • 7
2
votes
0 answers

Trigger event on host OS from inside a Docker container web app

I have a host OS (Ubuntu) with ClamAV installed. and I am running a Docker container on this OS. This container is running a node web app that is publicly facing. There is file upload functionality within this web app that uploads to a folder within…
Adrian Roworth
  • 121
  • 1
2
votes
1 answer

Clamav TCP 3310 setup Debian

I've run into this problem which is weird. I'm using Debian jessie and I have setup clamav to listen also on port 3310 with the TCPSocket 3310 option. After saving the changes to the config file I restart the daemon with service clamav-daemon…
Fabrizio Mazzoni
  • 167
  • 2
  • 7
1
2 3 4