LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-26-2006, 03:23 PM   #1
ooViXoo
LQ Newbie
 
Registered: Apr 2006
Distribution: Debian
Posts: 16

Rep: Reputation: 0
Dumb Clam AV Question


I have successfully installed Fedora 5 on my rig. My next objective was to install a more recent video driver (nvidia), again successfully (w/out selinux on, the first attempt was a nightmare). Now I'm at the point of running a virus scan. I have installed Clam av, so far no install problems.

Now here is the dumb question, what is the command to run a full system scan in a terminal? I looked around but I never found it posted anywhere. I tried 'clamscan' but that took all of about .3 seconds to complete, I also cd'd to /, su'd in and typed clamscan and clamscan *.*, nothing but another .3 second scan.

Some help here would be great, thanks in advance!

 
Old 04-26-2006, 03:35 PM   #2
puntjuh
Member
 
Registered: Apr 2006
Location: holland
Distribution: Gentoo / debian / suse / mint
Posts: 558

Rep: Reputation: 42
the following command will scan you're full harddisk.

clamscan -r /
 
Old 04-26-2006, 03:37 PM   #3
beagle2
Member
 
Registered: Aug 2004
Location: Aberdeen Scotland
Distribution: elive,sidux,xp,pclinuxos super gamer, mandriva 2007
Posts: 417

Rep: Reputation: 30
Clamscan -i -r from / does the job for me - just do clamscan --help for more options. The -i option indicates only show infected files and the -r scans subdirectories recursively.
 
Old 04-26-2006, 03:59 PM   #4
ooViXoo
LQ Newbie
 
Registered: Apr 2006
Distribution: Debian
Posts: 16

Original Poster
Rep: Reputation: 0
Perfect, that worked like a charm! Thank you both!! I checked out the --help switch, but I didn't see a switch that will update the a/v database. Is there a specific switch for that, or is an automatic function (doubtful)? I looked around and I seen a command 'freshclam' but that seems to apply for removing and installing a fresh copy of clam av. Or am I wrong?
 
Old 04-26-2006, 04:52 PM   #5
beagle2
Member
 
Registered: Aug 2004
Location: Aberdeen Scotland
Distribution: elive,sidux,xp,pclinuxos super gamer, mandriva 2007
Posts: 417

Rep: Reputation: 30
Freshclam updates database - its generally set up on installation either to run as daemon on system startup, when internet connection initiated or whenever. See here http://www.clamav.net/faq.html#pagestart
 
Old 04-26-2006, 05:29 PM   #6
ooViXoo
LQ Newbie
 
Registered: Apr 2006
Distribution: Debian
Posts: 16

Original Poster
Rep: Reputation: 0
Ahh,I see. Very helpful instructions pages. It took me a second to figure out where the freshclam.conf was, because neither of the the 2 suggested directories contained it on my system. The 'whereis freshclam' command came in very handy! Thanks again for your help, 'specially for such a basic function question. (=
 
Old 04-26-2006, 05:36 PM   #7
beagle2
Member
 
Registered: Aug 2004
Location: Aberdeen Scotland
Distribution: elive,sidux,xp,pclinuxos super gamer, mandriva 2007
Posts: 417

Rep: Reputation: 30
No problem
 
Old 04-26-2006, 11:24 PM   #8
ooViXoo
LQ Newbie
 
Registered: Apr 2006
Distribution: Debian
Posts: 16

Original Poster
Rep: Reputation: 0
OK, I have another dumb question! How reliable is clam av, as far as not setting off 'false' alerts when it comes to viruses'? I'm curious because I've never used it, and people here have. On my old Windows system, I had used avast! which I found to be a very good a/v program, but occasionally triggered a false virus alert. (the last one found on 'The Ultimate Boot CD' .iso no less) Still better than mcafee or symantec's av's that don't find viruses until it's too late, or have been hand crafted by the corps. (That's another story)

The reason I even question it is because of this, the first system wide scan I had done actually picked up on a virus! Now were talking I have only had this o/s (FC5) on my rig for 1.5 days. I updated my video card drivers, set up the file sharing (samba), set up printer sharing, and installed clam. The system wide scan reported this message...

//usr/share/nexuiz/data/data20060208.pk3: Oversized.Zip FOUND

so I let clamav run its course and after its 72 minute scan I switched over to the directory and re-scanned the file and got this...

$ clamscan -r -i data20060208.pk3
data20060208.pk3: Oversized.Zip FOUND

----------- SCAN SUMMARY -----------
Known viruses: 53081
Engine version: 0.88.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 48.75 MB
Time: 11.044 sec (0 m 11 s)


Has anyone seen this? Can there really be an oversized .zip file? Does that mean theres a virus in it, again I'm a bit sceptical because of the short life of this o/s. Does clamav automatically put files into a quarantine, or at least a quarantine state once it's found?

Thanks again for your help!


Last edited by ooViXoo; 04-26-2006 at 11:26 PM.
 
Old 04-27-2006, 05:02 AM   #9
beagle2
Member
 
Registered: Aug 2004
Location: Aberdeen Scotland
Distribution: elive,sidux,xp,pclinuxos super gamer, mandriva 2007
Posts: 417

Rep: Reputation: 30
Item 36 in the faq deals with Oversized.Zip FOUND, item 38 deals with disinfecting and the clamscan --remove switch does what it says - use with care.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dumb question SuSE05 Linux - Software 2 04-20-2005 10:08 PM
dumb question Kjetil4455 Slackware 16 08-04-2003 08:52 PM
Probably a dumb question i8pp Linux - Newbie 6 06-25-2003 06:22 PM
dumb question! Athlon_Jedi Linux - Newbie 6 05-20-2003 01:51 PM
Dumb question Thetargos Linux - Software 3 05-06-2003 08:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration