At some point we Linux users have to install anti-virus and malware software, if for no other reason than to protect the token few completely useless Windows boxes left in the world. A few enterprising rectal sphincters have also been writing email viruses for cross platform email clients and their various address book solutions. There’s even a token few Linux specific viruses.
On a few machines I installed clamav from the distro repos. Two machines had KDE Neon 64-bit and one had LinuxLite 4.0 64-bit. For the most part, here is how it went.
sudo apt-get install clamav clamtk cabextract libclamav7 clamav-docs roland@roland-I5-HP-Compaq-8300-Elite-SFF-PC:~$ sudo freshclam ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). $ sudo /etc/init.d/clamav-freshclam stop [ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service. roland@roland-I5-HP-Compaq-8300-Elite-SFF-PC:~$ sudo freshclam ClamAV update process started at Tue Jul 10 10:20:25 2018 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.99.4 Recommended version: 0.100.1 DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav Downloading main.cvd [100%] main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Downloading daily.cvd [100%] daily.cvd updated (version: 24740, sigs: 2009217, f-level: 63, builder: neo) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 324, sigs: 89, f-level: 63, builder: neo) Database updated (6575555 signatures) from db.local.clamav.net (IP: 104.16.186.138) ERROR: NotifyClamd: Can't find or parse configuration file /etc/clamav/clamd.conf
I reported a bug about the packaging bug and near instantly saw the KDE bug tracker “support” person flag the bug as “resolved” telling me to “report it to your distro” as it is not part of KDE. I immediately logged back in and re-opened the bug informing the closer the distro this happened on was KDE Neon. LinuxLite did not have the problem.
Once freshclam was done I had to restart then scan.
$ sudo /etc/init.d/clamav-freshclam stop sudo clamscan -r --bell -i / ----------- SCAN SUMMARY ----------- Known viruses: 6569351 Engine version: 0.99.4 Scanned directories: 97411 Scanned files: 668074 Infected files: 0 Total errors: 23200 Data scanned: 29795.93 MB Data read: 86620.29 MB (ratio 0.34:1) Time: 5953.934 sec (99 m 13 s)
You can do a man clamscan if you want to learn all of the options.
-r recurse subdirectories
-i inform
–bell ring terminal bell during inform
/ start at root
Some really brave people will run
sudo clamscan -r --remove /
But I wasn’t quite that brave. I wanted to see any potentially infected files. If they were some old email backup or something they were going to be nuked by hand. Thankfully, zero infected files were found. One of the packages we installed was clamtk. This is something of a GUI. It’s not a complete GUI, but, if you remember to drop to command line once per month/quarter to scan your entire storage tree, the scheduler features in here will be just fine.
First you want to tweak a few settings.
Lastly, you want to schedule both updates and a backup. Don’t click the + until you have filled both in. The UI is a bit misleading. I like to schedule updates for 2AM and the scan for 3AM.
The one thing missing here is the ability to schedule a full system scan. You can only schedule a scan of your home dir with this little tool.
On one machine I kept running into problems. In that machine’s defense, there has been a lot of development tools installed and removed. I asked for help on linuxquestions and have not gotten a response yet. I did everything the same and got a good clean scan from the command line, but, clamtk wouldn’t run. When I tried to launch it from the command line:
Unable to locate theme engine in module_path: "adwaita", at /usr/share/perl5/ClamTk/GUI.pm line 30
A bit of hunting had me do this.
sudo apt install gnome-themes-standard
Which got me six inches farther.
Icon 'gtk-find' not present in theme at /usr/share/perl5/ClamTk/GUI.pm
It appears FreeBSD has this problem a lot. I have not yet found anyone who could tell me which Ubuntu package provides the gtk-find icon. While I’m waiting on that answer I said to myself, cool, I’ll look at some of the other “free” packages. I went to this click-bait site. Make no mistake about it, the place is a click-bait site. I thought both Sopho and cav-linux looked interesting. After clicking the Sopho link at the click-bait site I couldn’t find the download. Had to use the “chat” function. They quickly gave me a link. Had to fill in personal information. In very fine print below the submit button you will find
By submitting this form, you consent to be contacted about Sophos products and services from members of the Sophos group of companies and selected companies who partner with us to provide our products and services. Sophos is committed to
Then, after clicking download, despite the fact I live in America I am greeted with an “export” agreement. Now they want what feels like more personal information than I had to provide to get a passport. I bailed.
Avoid Sopho at all costs!
Comodo was even worse. The link sends you to the enterprise page and they will not provide you a link to download the free personal version. They send you to a link for what they claim is their “geek buddy” service. If you go there it basically wants to install something on your computer before you can continue…much like a virus.
I did some more Web searches and eventually found a direct link to the page. I downloaded the .deb then tried to install.
roland@roland-I5-HP-Compaq-8300-Elite-SFF-PC:~/Downloads$ sudo apt-get -f install ./cav-linux_x64.deb Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'cav-linux' instead of './cav-linux_x64.deb' Starting pkgProblemResolver with broken count: 1 Starting 2 pkgProblemResolver with broken count: 1 Investigating (0) cav-linux [ amd64 ] < none -> 1.1.268025-1 > ( alien ) Broken cav-linux:amd64 Depends on libssl0.9.8 [ amd64 ] < none -> > ( none ) (>= 0.9.8m-1) Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: cav-linux : Depends: libssl0.9.8 (>= 0.9.8m-1) but it is not installable E: Unable to correct problems, you have held broken packages.
What really irks me is the dependency. Either libssl isn’t backwardly compatible or the dependency check took a shit.
Even with a text comparison 1.0.0 > 0.9.8
Avoid Comodo at all costs!
I now see why clamav is the only thing most distros allow in their repos.
