HowTo install clamav with on-access scan.
The last stable version of Clamav, clamav-0.100.2, comes with a disactivated on-access scan capability.
The only on-access ability is to block the execution of a known virus and send a message to the clamav.log.
After an installation of clamav-daemon this can be done for example by inserting the following in the clamd.conf file:
--------------------------------------------------
User root
ScanOnAccess True
OnAccessIncludePath /"a_path_of_your_choise"
OnAccessPrevention true
--------------------------------------------------
The feature "VirusEvent" of clamd.conf that would permit to trigger an executable script that could delete a virus,
move it to a quarantine or send a message to the screen or to a log file, is not working.
The reason is found in the file "onaccess_fan.c" of the source (clamav-0.100.2.tar.gz).
(see https://bbs.archlinux.org/viewtopic.php?id=237489)
After extracting the source and opening "onaccess_fan.c" with an editor you can find at the line 81:
if (scan) {
if (onas_scan(fname, fmd->fd, &virname, tharg->engine, tharg->options, extinfo) == CL_VIRUS) {
/* TODO : FIXME? virusaction forks. This could be extraordinarily problematic, lead to deadlocks,
* or at the very least lead to extreme memory consumption. Leaving disabled for now.*/
//virusaction(fname, virname, tharg->opts);
res.response = FAN_DENY;
}
"virusaction" is commented out with two slashes // [ //virusaction(fname, virname, tharg->opts); ]
As the developer advises removing the two slashes can be problematic.
Taking a risk, I uncommented it and installed clamav on a Linux Lite 2.8 distribution based on Ubuntu 14.04 trusty, using a 3.19.0-80-generic kernel and it worked for me well as like with others (see link above).
It can now move viruses to a quarantine, delete them, send a message all ON-ACCESS.
Probably in the future the bug will be fixed but when and still for free? Who can be sure.
So for those interested and accept the risk, I offer a brief step by step installation guide, without taking any responsibility if any smoke arises from your machine.
1) Uninstall completely clamav and clamav-daemon if it was previously installed.
on my debian distribution:
dpkg purge clamav clamav-daemon (I prefer using the Synaptic Package Manager because it is more detailed)
2) Download the source.
https://www.clamav.net/downloads/product...0.2.tar.gz
3) Unpack it in a directory of your choise.
$ tar -xvf clamav-0.100.2.tar.gz
4) Download and install the following 3 packages if they are missing: check libxml2-dev libssl-dev (I did it through Synaptic)
5) Uncomment the "onaccess_fan.c" file.
- Enter the clamav-0.100.2 directory.
- Open the file clamd/onaccess_fan.c with an editor. (I use vim: $vim clamd/onaccess_fan.c)
- Remove the two slashes (//) in the line "//virusaction(fname, virname, tharg->opts);"
so it becomes: "virusaction(fname, virname, tharg->opts);"
- Save and exit the editor.
6) Install clamav from the source.
(see https://www.clamav.net/documents/installing-clamav)
I did the following:
- Enter the clamav-0.100.2 directory with the line command.
- Change to root (sudo su) and execute the following:
- ./configure
- ./make
- ./make check
- ./make install
7) Configure clamd. I give the following example (see the clamd.conf manual).
- Open the clamd.conf file with an editor and put or change the following features:
User root
ScanOnAccess true
OnAccessIncludePath /path_to_directory_to_protect
OnAccessExcludeUID 0
OnAccessPrevention true
OnAccessExtraScanning false
VirusEvent /opt/clamav-utils/clamd-response
- save and exit
8) Write the clamd-response script.
In this example it will give a virus notification to a log file, move the virus to a quarantine and a notification appears on the screen.
- make a directory /opt/clamav-utils/
- write with an editor the following in a file named "clamd-response" in the directory /opt/clamav-utils/ and save it.
----------------------------------
#!/bin/sh
echo "$(date) - $CLAM_VIRUSEVENT_VIRUSNAME > $CLAM_VIRUSEVENT_FILENAME" >> /var/log/clamav/infected.log
mv $CLAM_VIRUSEVENT_FILENAME /opt/clamav-utils/clamd_quarantine/
sudo -u MyUserName DISPLAY=:0.0 notify-send "Virus Found $CLAM_VIRUSEVENT_VIRUSNAME" "$CLAM_VIRUSEVENT_FILENAME has been moved to quarantine"
----------------------------------
ATTENTION: "MyUserName" must be changed to your user name!
9) make an empty file /var/log/clamav/infected.log
10) start the clamd daemon: # clamd start.
It is done!
But there is still a bug. The OnAccessScan does not scan the sub-directories.
The feature "OnAccessExtraScanning", even if set "true" doesn't work.
The following message appears in the clamav.log:
----------------------------------
ScanOnAccess: OnAccessExtraScanning was requested, but has been disabled due to a known issue with thread resource cleanup.
The OnAccessExtraScanning feature will be re-enabled in a future release when the issue is resolved.
For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048
----------------------------------
So we hope it will soon be resolved.
I'm intermittently having Wi-Fi issues on LL 3.8 when I never used to before. I've had 3.8 on my machine for a long time - since 3.8 came out in fact, so this is not a new install. :-\ The problem just started in the past week or two, which is odd. It happens most often after the session is suspended due to inactivity (not sure if I'm using the correct terminology? - in any case I mean it tends to happen after I log in again after so many minutes of inactivity - but not every time).
I can usually solve it by shutting down and re-starting computer, but it's frustrating to have to keep doing that. Occasionally it will take 2 re-boots for it to get Wi-Fi working again. Other machines continue to work fine on the same Wi-Fi during those times, and the other machines (one of which is LL 4.0) are further away from the Wi-Fi than the 3.8 machine, so it can't be a proximity issue.
I did NOT install any new software on my 3.8 machine for a long, long time (except for the "install updates" that I do through LL). There have been no changes to the Wi-Fi router either. On one of those problem times I powered down the router and powered it back up again, same for the LL3.8 machine, but that didn't prevent the issue from happening again. In any case, I don't think the router is the problem, as the other machines can connect just fine.
Does anyone have any suggestions for what I could do to either fix or troubleshoot the problem?
Just updated Linux Lite and my bookmarks in the Thunar file manager don't appear in the sidebar now, nor is there any option to add them in any of the menus. What might cause this? it's certainly inconvenient! Also, I cannot drag a desired folder into the sidebar to create the shortcuts again; it won't let me.
My migration from a main Windows 7 PC to a main Linux Lite 4.2 PC is going reasonably well.
But as I've gradually added programs with related desktop icons, the LL has suddenly started re-arranging some of the desktop Icons by itself, which I discover when I switch the machine back on.
I’ve used right-click “Desktop Settings” to adjust icon tips and font size etc., but cannot find anything that freezes the icon position, or stops the machine moving them without user action.
I guess it must be something I’ve missed, can anyone help.
Thank You
I've looked all over the internet and cannot find an easy to use click and install GTK, Icon, Mouse and Wallpaper installer for XFCE.
So we're making one, the first! It's early days, but here's one day of development:
![[Image: pmPIsoG.gif]](https://i.imgur.com/pmPIsoG.gif)
At the end of each choice, there will be a dialogue asking the user if they would like to apply the settings now.
Hello people,
Kindly I would like to share that I am really happy how my computer can automatically set-up a VPN connection whenever I connect to my local WLAN. However with the VPN Protocol 'Juniper/Pulse Network Connect' the connection clears every 6 hours or so. Then every time I have to manually connect again to the VPN. I was wondering what opportunities there are to automatically reactivate the VPN connection (after a couple of seconds for example) whenever the connection is cleared. For any questions please do let me know.
Thank you in advance ;D
===========================
Install Updates Error log
===========================
Install Updates could not fetch the package cache information lists.
Go to https://www.linuxliteos.com/forums/ and paste the log below into a new or existing thread for assistance.
============ Log ===========
Ign:1 http://dl.google.com/linux/chrome/deb stable InRelease
Get:2 http://packages.microsoft.com/repos/vscode stable InRelease [2,801 B]
Hit:3 http://archive.canonical.com/ubuntu bionic InRelease
Hit:4 http://ppa.launchpad.net/apandada1/brigh...ler/ubuntu bionic InRelease
Hit:5 https://dl.yarnpkg.com/debian stable InRelease
Get:6 http://packages.microsoft.com/repos/vscode stable/main amd64 Packages [76.0 kB]
Get:7 http://dl.google.com/linux/chrome/deb stable Release [943 B]
Hit:8 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu bionic InRelease
Hit:9 http://us.archive.ubuntu.com/ubuntu bionic InRelease
Get:10 http://dl.google.com/linux/chrome/deb stable Release.gpg [819 B]
Get:11 http://repo.linuxliteos.com/linuxlite diamond InRelease [2,104 B]
Get:12 http://us.archive.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]
Hit:13 http://ppa.launchpad.net/teejee2008/ppa/ubuntu bionic InRelease
Get:14 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:15 http://repo.linuxliteos.com/linuxlite diamond/main i386 Packages [8,501 B]
Get:16 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:17 http://repo.linuxliteos.com/linuxlite diamond/main amd64 Packages [13.8 kB]
Get:18 http://us.archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages [194 kB]
Get:19 http://us.archive.ubuntu.com/ubuntu bionic-security/main i386 Packages [156 kB]
Get:20 http://us.archive.ubuntu.com/ubuntu bionic-security/main Translation-en [77.0 kB]
Get:21 http://us.archive.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [93.3 kB]
Get:22 http://us.archive.ubuntu.com/ubuntu bionic-security/universe i386 Packages [93.2 kB]
Get:23 http://us.archive.ubuntu.com/ubuntu bionic-security/universe Translation-en [51.3 kB]
Get:24 http://us.archive.ubuntu.com/ubuntu bionic-updates/main i386 Packages [380 kB]
Get:25 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [425 kB]
Get:26 http://us.archive.ubuntu.com/ubuntu bionic-updates/main Translation-en [160 kB]
Get:27 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [572 kB]
Get:28 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages [567 kB]
Get:29 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [153 kB]
Reading package lists...
E: Repository 'http://dl.google.com/linux/chrome/deb stable Release' changed its 'Origin' value from 'Google, Inc.' to 'Google LLC'
Hit:1 http://us.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu bionic InRelease
Hit:3 http://archive.canonical.com/ubuntu bionic InRelease
Get:4 http://us.archive.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]
Ign:5 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:6 http://repo.linuxliteos.com/linuxlite diamond InRelease
Get:7 http://dl.google.com/linux/chrome/deb stable Release [943 B]
Get:8 http://dl.google.com/linux/chrome/deb stable Release.gpg [819 B]
Get:9 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Hit:10 http://repository.spotify.com stable InRelease
Hit:11 http://ppa.launchpad.net/teejee2008/ppa/ubuntu bionic InRelease
Get:12 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Reading package lists...
E: Repository 'http://dl.google.com/linux/chrome/deb stable Release' changed its 'Origin' value from 'Google, Inc.' to 'Google LLC'
Hi all,
I've searched web-wide and on here so I hope I'm not repeating existing posts.
When my laptop boots a "Loading initial ramdisk ..." message stays up for quite a long time...minutes?
Using systemd-analyze I've got "that portion" of the boot time down to 17s. I think the dmesg is reveals the issue.
I've attached everything I think may help.
Thanks a bunch.
If you're still having posting issues now, please let me know. I found a rogue setting in the backend that is now fixed.