I’ve recently discovered ClamScan. Great to see Nethserver has a way to help scan for viruses! Very much apprecite @stephdl making this available for us to use.
I’d like to scan my mail accounts and my shared folders on Nethserver to help keep our office safe. The documentation on Nethserver Wiki seemed light on details but I was able to install ClamScan this weekend and run a scan.
Question #1:
I was met with quite a few infected files where most are in my mail directories! I’d like to get assistance with identifying which email is the culprit. The Quarantine section of ClamScan shows the following trojan - Doc.Trojan.Agent-6922897-0 in this location:
I can make out the email account and I’m assuming cur means root folder for this folder. But what email has the trojan? How do I decipher this message?
Question #2:
I see from another post:
It was mentioned that I should exclude /var/lib/clamav-unofficial-sigs from scan in GUI. Is this still necessary to exclude that directory? I do see this folder show up in my Quarantine as well.
Question #3:
Can I exclude file extensions? I have some large database files created daily and I don’t want to scan these. I also have database log files I would like to exclude. Can exclusions of file type be added to ClamScan?
Question #4:
Perhaps I should have led with this question…
What is the setup of ClamScan? I’ve installed Antivirus and ClamScan. I have enabled ClamScan and left all defaults. I ran a Scan Now and waited for more than 7 hours for the scan to finish. Is everythig configurable through ClamSan or do I need to edit any conf files through the Terminal to get ClamScan up and running properly?
Question #5:
Is there an option somewhere in ClamScan to have an email sent to me when the scan has completed?
.cur are readed messages at the given folder .Jack 1604880968.M215369P30446.swasdomain.domain.local,S=83744,W=84909:2,S is the Message. You can open it with an editor at the terminal to find out which message it is.
I would do so, some scanners find other signatures as virus, so clamav could define it as a virus.
I think you have to write the exclusion to /etc/clamd.d/scan.conf, but I#m not sure if this right.
exclude=.(jpg|jpeg|png|gif)$
I think at the terminal you have more options. Have a look at the above mentioned file.
I think you have to write an own script for this. Perhaps @stephdl can give a hint.
No report of my scan was sent to my email. I could not find any email sent to me from my Nethserver after running my ClamScan scans. Is there a place within ClamScan to turn on/off emailing reports? Or within Cockpit to turn off sending these reports? I do receive emails from Nethserver for new updates in Software Center and I have installed Crontab Manager and created scripts to cleanup my shared folder recycle bins and I receive emails from those jobs that run weekly.
My mistake…I had used “cat” to view the email message from the ClamScan logs but that showed me the very bottom of the email message which was gobbley-gook to me. I then tried “nano” and that showed me the top of the message first where I was ablt to determine the sender and Subject (and read the email). This has allowed me to find the offending email on our server and delete it. Thx!
I will also look through the /etc/clamd.d/scan.conf file to see what else I can do within ClamScan for settings.
I ran a scheduled scan this evening and a report is sent to my admin email of the ClamScan report. .The scan I ran over the weekend was a Run Now scan where no report was sent. But scheduled scans do send a report.
Thanks @stephdl for making this app available for our use. I really think this should be added to the software center of Nethserver.