Posted inInformation Technology

Manjaro and ClamAV

seasoned_geek by seasoned_geek

Yes, it is true that the vast majority of Linux users don’t run ClamAV or any kind of virus protection. The list of known viruses for Linux is quite small so they feel no need. The reality is, they exist. With more and more companies using Linux for systems that matter, we all need to help them out by running ClamAV. No company wants to be the next T-Mobile with two massive data breaches inside of two years. Even worse would be finding out you are one of their customers who now has three mortgages you didn’t know about on homes you’ve never seen.

Yes, I’ve written about clamav before on this blog. Nothing that connects to the Internet can ever truly be “secure.” I can’t tell you how many times I’ve had some Agile hacker look me in the eye and tell me with a straight face their system was secure because it used SSL. We now have SSL2 because SSL was not secure, gasp! In time we will find SSL2 is also not secure, gasp!

Installing ClamAV on Manjaro

Manjaro is taking over the Linux desktop world. They have made incredible strides in making an Arch based distro user friendly. Yes, there are still some expert-friendly aspects, but they have been whittled down and there are ample instructions on-line for those few remaining dark corners.

sudo pacman -S clamav clamtk

Theoretically you can install ClamAV via the GUI, but you need to use the command line for part of this so just do it all here.

You can’t blame Manjaro for this next part, it is all on the ClamAV project. For some reason, despite requiring this, they don’t put the running of freshclam as a post install step in the installation procedure.

sudo freshclam

That last part is because I and everyone who installs this skips a critical step that the installation package should handle. We will get to that step. Open ClamTk and do a quickie scan of your home directory without changing any settings.

Fixing the Install

Maybe it is because I do Debian and RPM packaging for clients? Maybe it is because I hate sloppy Agile thinking? Installers that only do half a job really honk me off!

sudo systemctl status clamav-daemon.service

You who created this package know you need the daemon to access system files yet you don’t enable and start it. You know that freshclam has to be run before anyone can use your package yet you don’t run it.

sudo systemctl enable clamav-daemon.service
sudo systemctl start clamav-daemon.service

Update Your Settings

Run ClamTk from the gui menu and click on the Settings icon.

By default only the last entry “Check for updates” is checked. You definitely want to scan recursively. Personally I always turn these four on. I mean, if you know the primary virus scanner for the platform doesn’t check files starting with a “.” isn’t that a good place to hide your virus? All you need to do is make certain your virus is in a file larger than 20 MB and it won’t be found either. Such a deal!

Be very careful with the other two. I never did find out if this virus flag was real or not.

Schedule Your Scan

Click on the “Schedule” icon and schedule a scan of your home directory.

The UI hasn’t caught up to the functionality. When I wrote about this years ago the signature update really had its own schedule. Now, according to what I find, the update is the first part of the scheduled scan job. One has to remember there are customers with satellite Internet connections where you have “bonus time” for data with your extremely limited data plans. It’s usually in the wee hours of the morning.

For people in that unfortunate situation, there is a work around.

On the main screen there is an Updates section with Update Assistant icon. Click it.

You can tell the program you want to do the download yourself. The scan will still run every day, but you will only get new virus signatures when you physically download them. Not as horrible as it first sounds. If you are unfortunate enough to have only a 5GB-10GB per month satellite (or 4G) plan, you can’t be doing that much online anyway. True, it only takes one click on a link in an email or opening one attachment, but you probably think just how much data every action costs you. I know I did when I had one of those services. I turned off all forms of automatic updates on my computers. Manually did it the last day of my plan if and only if I had enough data left.

Your Final Action

You children are too impatient. Perhaps you don’t have other computers to use while this runs? Perhaps you can’t leave yourself a yellow sticky so you do it before you stop using the computer at night?

Click the “Scan a directory” icon.

Go to the root of your computer.

Start the scan.

The “scheduled” scan only scans your home directory and any devices you mounted under it. You are not doing a complete system scan with that. You should run a full system scan at least once per year, if not every 6 months.

Roland Hughes started his IT career in the early 1980s. He quickly became a consultant and president of Logikal Solutions, a software consulting firm specializing in OpenVMS application and C++/Qt touchscreen/embedded Linux development. Early in his career he became involved in what is now called cross platform development. Given the dearth of useful books on the subject he ventured into the world of professional author in 1995 writing the first of the "Zinc It!" book series for John Gordon Burke Publisher, Inc.

A decade later he released a massive (nearly 800 pages) tome "The Minimum You Need to Know to Be an OpenVMS Application Developer" which tried to encapsulate the essential skills gained over what was nearly a 20 year career at that point. From there "The Minimum You Need to Know" book series was born.

Three years later he wrote his first novel "Infinite Exposure" which got much notice from people involved in the banking and financial security worlds. Some of the attacks predicted in that book have since come to pass. While it was not originally intended to be a trilogy, it became the first book of "The Earth That Was" trilogy:
Infinite Exposure
Lesedi - The Greatest Lie Ever Told
John Smith - Last Known Survivor of the Microsoft Wars

When he is not consulting Roland Hughes posts about technology and sometimes politics on his blog. He also has regularly scheduled Sunday posts appearing on the Interesting Authors blog.