Instructions (proper ones) for installing and running CLAMAV

Questions about applications and software
Forum rules
Before you post please read how to get help
Lady Fitzgerald
Level 4
Level 4
Posts: 384
Joined: Tue Jan 07, 2020 3:12 pm
Location: AZ, SSA (Squabbling States of America)

Re: Instructions (proper ones) for installing and running CLAMAV

Post by Lady Fitzgerald »

trytip wrote:
Sat Apr 04, 2020 12:41 pm
man clamscan sounds like a "special" irritation you get down there :cry:
no one is shaming anyone using antivirus for linux but guess what, i don't even have antivirus for windows10 so why should i bother using it in linux. i bought a new ryzen5 lenovo flex14 win10 and the first thing i did is uninstall antivirus mcafee i think it was and disabled real time protection in windows defender

now i don't say you should do what i do, but in my case i know where my "pen is" been <<< if you know what i mean
:lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol: :lol: You naughty boy!
Jeannie

Linux Mint Cinnamon 19.3
Lenovo B50 15" notebook

ZakGordon
Level 5
Level 5
Posts: 767
Joined: Thu Feb 12, 2015 11:07 am

Re: Instructions (proper ones) for installing and running CLAMAV

Post by ZakGordon »

JerryF wrote:
Sun Apr 05, 2020 3:17 pm
To put this directly: if you're using a tool to get around registering Windows, of course it's probably malware.

With regard to the other two occasions, you would have had to run the malware in Windows that was obtain in Linux.

This is what everyone has always been drilling in to all users, no matter the OS. You must know what you're downloading and is it trustworthy?
Yes exactly. After decades working in Windows systems i obviously fully know the dangers of malware (and how vulnerable Windows is in general to that form of attack). The specific software i had been looking to use i knew was a risk, and there was a specific reason i was prepared to take the risk.

1. The software had a reputation (for a good while) for being a good tool to get around tricky Windows registrations issues. I had heard about it for many years, and seen it being recommended by various IT people around the place (online and at work etc), but had never needed a situation to use it myself.

2. With Windows 7 support ended, i had a concern about my new Ryzen build (and last Windows OS install i would be considering going forward). Would MS honour my license key from my old install on my previous computer (i was using that Windows 7 retail disk to build the ISO i would use to install the Windows 7 component of the dual-boot system) or would there perhaps be a problem with getting that key to take on the new hardware? This is where consideration to use the 'tool' came from.

So as i always do, any file i download on Linux that is to be used on a Windows PC, i run it first through ClamAV. In this case it detected the file as containing malware. I confirmed that by then running it on my first test install of windows, and sure enough it was malware with various behaviors associated with that. Reformat the SSD and re-install Windows 7 knowing that tool is now longer a tool to consider using. I then went the route of using my original Windows 7 key, and that went through all fine with no other steps needed other than the online connection to verify the Windows installation. That was a big relief.

The other couple of occasions ClamAV has picked up stuff was from the same process. I mod games often, i download tools and files to help in that process, i never visit shady places (of the usual type you can think off) to download things from those kind of places. All my downloads would be what should be considered safe (the Windows activation tool was an exception for a specific scenario), but on a couple of occasions ClamAV gave some alerts that after further checks (via tools in windows and online malware search scanners etc) ended up not being false-positives, it was malware. So i never ran or installed them on Windows and deleted them with tools i have for that process.

-------------------

The point i'm trying to make here is IF you use Linux (any flavour) alongside Windows systems, you can use your Linux system as a sort of 'canary in a mine' situation where it can be the perfect safe environment to download files that might otherwise attack a Windows system. You can then scan files you want to use on Windows PC's to get a 'heads up' on if the files are safe or not. All the while not risking either your Linux system (as it is secure by default) or Windows system.

Sure stuff can get through, ClamAV (or any single AV) is not 100% fool proof, but i just wanted to be clear in the way i use it, it in effect saved my Windows system 3 times (so far), well 2 as i deliberately let the Windows Activation tool create it's havoc knowing i would wipe the hard-drive and start over.

I understand linux users general dislike of AV. I understand that AV itself can be part of the problem (historically we have seen cases of AV providers creating malware to 'shill' their products etc). I understand that an AV can be weaponised and used against the users computer. I understand AV products take up resources that could be used elsewhere. etc.

But life is a balance of choices, and from my personal experience so far, in how i use and manage my systems of mixed Linux and Microsoft OS, just due to the malware target area of running windows, i need to protect against malware designed for that OS. And there is a lot of it around, like lots and lots. I feel if you have lived mostly (or exclusively) in an Linux environment perhaps you do not fully grasp the scale of the problem for Windows users? And that is entirely the fault of the creators of Windows, and the popularity of Windows (forced and manipulated as that is) in combination.

I could not use Windows, and that is a good option for those that can do that, the best option by a long mile. But it is not sadly one i can yet take, so while i still 'need' Windows OS systems for some things (but never online), i still need to be mindful and careful around the issue of malware. It's just part of the territory of being a Windows user, and Linux (i have found) helps protect those Windows systems better than if i did not have Linux systems to use (they are the systems that connect online).

This was a big post. I just wanted to make clear the usage scenario's and why I am a content Linux user using ClamAV, as this is certainly a minority opinion. I feel it is justified given the details.
Laptop overheating? Check link here:itsfoss guide . A move from Cinnamon to XFCE can give a -5 to -10 degrees C change on overheating hardware.

Build a modern dual-boot Ryzen Win7/Linux Mint PC:Tutorial

User avatar
tovian
Level 5
Level 5
Posts: 587
Joined: Sun Nov 22, 2015 1:17 pm
Location: Heart of Dixie

Re: Instructions (proper ones) for installing and running CLAMAV

Post by tovian »

JerryF wrote:if you're using a tool to get around registering Windows, of course it's probably malware
...
You must know what you're downloading and is it trustworthy?
+1... (Best and most accurate comment(s) I've read in a while)

If one doesn't have a clue what one is doing, and/or if one intentionally ignores expert advice and does stupid/dangerous things, then one will probably end up in a situation that wasn't expected and isn't wanted. If one is so intent on doing things his/her way when the experts say "don't" - then why waste (anyone's) time doing research into the possible consequences?
“I think that this situation absolutely requires a really futile and stupid gesture be done on somebody's part"
"We're just the guys to do it”

Animal House

User avatar
JerryF
Level 12
Level 12
Posts: 4387
Joined: Mon Jun 08, 2015 1:23 pm
Location: Rhode Island, USA

Re: Instructions (proper ones) for installing and running CLAMAV

Post by JerryF »

ZakGordon wrote:
Mon Apr 06, 2020 7:09 am
...
I could not use Windows, and that is a good option for those that can do that, the best option by a long mile. But it is not sadly one i can yet take, so while i still 'need' Windows OS systems for some things (but never online), i still need to be mindful and careful around the issue of malware. It's just part of the territory of being a Windows user, and Linux (i have found) helps protect those Windows systems better than if i did not have Linux systems to use (they are the systems that connect online).
...
I certainly don't begrudge you using ClamAV. I've found it interesting on how often it automatically checks for virus definitions.

I too am in the same boat. I still use Windows (10) because I need it, so I dual boot.

Unfortunately, I'm at an end on getting definitions using the command line.
*** IF your problem has been solved, please edit your ORIGINAL post and add [SOLVED] to the beginning of the Subject Line. It helps other members when browsing posts. ***

ZakGordon
Level 5
Level 5
Posts: 767
Joined: Thu Feb 12, 2015 11:07 am

Re: Instructions (proper ones) for installing and running CLAMAV

Post by ZakGordon »

JerryF wrote:
Mon Apr 06, 2020 10:24 am
I've found it interesting on how often it automatically checks for virus definitions.
I nearly always turn of auto-updates (for everything). I manually check just before i need to scan a file, so i don't notice odd behaviour here.
Laptop overheating? Check link here:itsfoss guide . A move from Cinnamon to XFCE can give a -5 to -10 degrees C change on overheating hardware.

Build a modern dual-boot Ryzen Win7/Linux Mint PC:Tutorial

Post Reply

Return to “Software & Applications”