You are not logged in.

#1 2022-01-14 18:58:38

TaTuKoMa
Member
Registered: 2021-11-14
Posts: 16

ClamAV & daemon & unofficial-sigs & test download & OnAccessScan

Hello. I was install clamav and enable clamav-freshclam.service and clamav-daemon.service.
Make test download and scan how in describe in ClamAV - ArchWiki. $ curl https://secure.eicar.org/eicar.com.txt | clamscan -
Test passed successfully. But i cant find this file. Where he download it? If i specify name like 'malvare' i can find this file. But where others with original name?

clamav-daemon.service In wiki says he don't need if you want only manual scans. Also says OnAccessScan by default off and he is unstable.
It means if i will be somehow execute malvare file he will not stop it? So what he actualy doing? He don't prevent download this test file and nothing says about him when i download it without | clamscan -

unofficial-sigs I think it would not be bad to expand the virus database. But he's in the AUR. This package can even be infected? Or is it just like a text document with a list? Although the list may include some files that should protect me on my device?

And also why you don't use antimalware?

Last edited by TaTuKoMa (2022-01-14 18:59:27)

Offline

#2 2022-01-14 21:26:31

mpan
Member
Registered: 2012-08-01
Posts: 750
Website

Re: ClamAV & daemon & unofficial-sigs & test download & OnAccessScan

TaTuKoMa wrote:

Where he download it? If i specify name like 'malvare' i can find this file. But where others with original name?

Nowhere. You requested it to pipe the entire output to clamscan without ever writing it anywhere. curl sends the file directly to the standard input of clamscan, which reads it, scans and reports the result. Nothing is being stored.

TaTuKoMa wrote:

clamav-daemon.service In wiki says he don't need if you want only manual scans. Also says OnAccessScan by default off and he is unstable.
It means if i will be somehow execute malvare file he will not stop it? So what he actualy doing?

Scanning files. The clamd(8) manual explains what the daemon may do. OnAccessScan is just a single, somewhat experimental feature. You do not need to use it.

Note: I suspect English is not your native language and I do not blame you for that, but most of your message is impossible to understand. Above I answered only to the fragments that make sense. There is a section for other languages — perhaps you will get a better response there.

Last edited by mpan (2022-01-14 21:30:33)


Sometimes I seem a bit harsh — don’t get offended too easily! PGP: 7C848198AE93D3BB

Offline

Board footer

Powered by FluxBB