Clam Antivirus Version 0.102.3 32-bit for Bionic Xenial Tahr

[perdido]

Latest stable version.
Download is about 6MB
-----------------------------------------------------------------------------------------------
Compiled in Bionicpup32 19.03
PET file available here
http://ibm-pc.org/puppy/bionic/clamav-0 ... onic32.pet
md5 checksum 9a9b1a62a18de2a8eda75e24eb31fe3f
------------------------------------------------------------------------------------------------
Compiled in Xenialpup32 7.5
PET file available here
http://ibm-pc.org/puppy/xenial/clamav-0 ... nial32.pet
md5 checksum 9ea1bfd4375f4be3d039ac84e59ae1e4
-------------------------------------------------------------------------------------------------
Compiled in tahrpup32 6.0.6
PET file available here
http://ibm-pc.org/puppy/tahr/clamav-0.102.3_tahr32.pet
md5 checksum db386a048ec72e1629b4f858b3f42292
-------------------------------------------------------------------------------------------------

There are two different methods to run this program, either the terminal (command line) or from a
menu available as a seperate download at the bottom of this post.

--------------------------------------------------------------------------------------------------
Running from the terminal
Install the pet, open a terminal and run the command freshclam to download the virus definition files. They are about 186MB total

Code: Select all

freshclam

Here are a few examples of how to scan with it using the terminal, the following command lines are run from a terminal.
None of these examples will remove or quarantine an infected file. It will only be reported on the terminal and logged to the scan.log
Removing infected files can break stuff so be careful if you decide to do that and keep backups.

To scan the partition you are running puppy from - that partition will need to be designated /mnt/home in the command line parameter(see examples below)

To scan my sda1 partition (please note that I am running my puppy from a directory on sda1),

Code: Select all

clamscan --infected --recursive --remove=no /mnt/home --log=/usr/share/clamav/scan.log

To scan sda2

Code: Select all

clamscan --infected --recursive --remove=no /mnt/sda2 --log=/usr/share/clamav/scan.log

To scan sda3

Code: Select all

clamscan --infected --recursive --remove=no /mnt/sda3 --log=/usr/share/clamav/scan.log

What I use to scan sda1 (this scan excludes some puppy system directories}

Code: Select all

clamscan --infected --recursive --exclude-dir=^/sys --exclude-dir=^/dev --exclude-dir=^/proc --exclude-dir=^/root/.wine --exclude-dir=^/initrd/pup_rw/root/.wine/ --remove=no /mnt/home --log=/usr/share/clamav/scan.log

The scan log is saved to /usr/share/clamav/scan.log

To get a list of command line parameters

Code: Select all

clamscan --help

If you are running your puppy from a different partition than sda1 you should be able to scan sda1 using the same method as my suggested scan examples for sda2 or sda3 by changing the partition in the example)
The partition you are running puppy from will need to be designated /mnt/home in the command line, please read my reply in post #3 for further clarification.

There are many sites on the internet with scanning suggestions and help.
Scanning can become as complicated as you want.

The only way I have found to scan sda1 when my puppy is running from sda1 is scanning /mnt/home - I believe it has something to do with how eventmanager handles the drives.

Have fun!

####======== About the menu ========####

The menu program (Clamvtk 1.2) that was created by forum members nilsonmorales, josep2424 and mama21mama for clamav version 0.98 also works with the version 0.102.3 pet packages in this post.

I am putting this information here only to alert users to the availability of a menu program.
I do not recommend using a menu. It limits the scan options and automatically removes files that are identified as infected.
That can break programs so be aware.

The menu program will move infected files to ---> /opt/clamav/virus
That can be dangerous and break programs so be careful if you run the scan from this menu.

If you know what you are doing you can modify the menu scripts to scan however you want. That is not difficult but is beyond the scope of this post.

The menu does simplify usage and gets you away from the command line.
Check out the original post about their menu http://www.murga-linux.com/puppy/viewtopic.php?t=88656

If you do try the menu package install the PET packages in this order
It is important to install them in this order.

1. Install one of the clamav-0.102.3 .pet versions (clamav version you chose)
2. Install the clamvtk-1.2.pet (the menu program)

Have fun!

.

[enrique]

perdido
Thanks for your promt work.

Now think in this Idea.
Puppy frugal do not change. So I guess I can do 1rst Full Scan.

For any future scan we do not need to scan all as it is Read ONLY.
Now I wonder I there is an easy way to scan just the PuppySave while it is mounted. Like in those weird ro partitions. This will make the scan really really fast! Do you have any Idea? Thanks in advance.


Also this is like in Windows, will show infected. But not put them on quarantine or delete?

[perdido]

perdido
Thanks for your promt work.

Now think in this Idea.
Puppy frugal do not change. So I guess I can do 1rst Full Scan.

For any future scan we do not need to scan all as it is Read ONLY.
Now I wonder I there is an easy way to scan just the PuppySave while it is mounted. Like in those weird ro partitions. This will make the scan really really fast! Do you have any Idea? Thanks in advance.


Also this is like in Windows, will show infected. But not put them on quarantine or delete?

Hi enrique,

First thing is my disclaimer
I am no expert with the commands of clamav

The commands for scanning that I suggested as examples will not remove any files due to parameter --remove=no
I do not recommend removing files or quarantine during a scan as that might break something. I suggest looking at the log /usr/share/clamav/scan.log to see the list of potential infected files after running a scan.

To scan only the save file in my bionicpup32 (it is located in directory bionic-19.03 on partition sda1)

Code: Select all

clamscan --infected --recursive --remove=no /mnt/home/bionic-19.03/upupbbsave --log=/usr/share/clamav/scan.log

Please note that your running puppy system will be a different partition and puppylinux directory - /mnt/home/your puppy directory/upupbbsave (or whatever the save file name in red)
I believe should scan the running system save file (I just tried this on mine and it worked)

These example scan commands I provided are only examples as relates to my system that I run puppy from, I run puppy from sda1 so my /mnt/home is on sda1
Using /mnt/home/your puppy directory/your save file should scan your running puppy save file. There can be a lot of variations of partitions and directory names in puppyland

If you boot from a different partition than sda1 you may be able to directly scan sda1 using the same method I suggested in my first post above for sda2 or sda3
I have not tried that yet. Maybe later today I will boot my usb stick and try to directly scan sda1, that may work since sda1 would not be my /mnt/home (I am talking about my first post instructions again)

Have Fun!

[enrique]

perdido

You are the man. You had provided me the confidence I was looking. And I am no joking.

Listen last week was my best, I did learn a lot in the forum. Wao I did test so many old Puppys. Now this week has been good but I had made so many s7upid mistakes and always on the basics.

I give you an example, I was going to suggest NOT to test " /mnt/home/your puppy directory/your save file" as it is mounted. Boy I am really bad. It does not matters as we are only reading the files and making no changes!!! We only care about what the log will show.

So again THANK You

[perdido]

One of the interesting clamscan options is --verbose (see screen capture below)
The --verbose option displays in the terminal which files are being scanned. System memory is always scanned first before the files. There will be a short delay for scan display to start when using the --verbose option (be patient for screen output it is scanning memory first)
The --verbose option shows output to the screen of the scanning process and can also log to the log file. If you are using the--log option while using --verbose option the log file can become very large.


Example of scanning my save file with --verbose as an option and logging the whole scan to /usr/share/clamav/scan.log

Code: Select all

clamscan --infected --recursive --verbose --remove=no /mnt/home/bionic-19.03/upupbbsave --log=/usr/share/clamav/scan.log

Example of scanning my save file with --verbose as an option and not logging to the scan.log file - only shows screen output during the scan. (there is no --log=/usr/share/clamav/scan.log in this command

Code: Select all

clamscan --infected --recursive --verbose --remove=no /mnt/home/bionic-19.03/upupbbsave 

###########################################
All options for scanning in clam AV version 0.102.3 are listed below
###########################################

Clam AntiVirus: Scanner 0.102.3
By The ClamAV Team: https://www.clamav.net/about.html#credits
(C) 2020 Cisco Systems, Inc.

clamscan [options] [file/directory/-]

--help -h Show this help
--version -V Print version number
--verbose -v Be verbose
--archive-verbose -a Show filenames inside scanned archives
--debug Enable libclamav's debug messages
--quiet Only output error messages
--stdout Write to stdout instead of stderr. Does not affect 'debug' messages.
--no-summary Disable summary at end of scanning
--infected -i Only print infected files
--suppress-ok-results -o Skip printing OK files
--bell Sound bell on virus detection

--tempdir=DIRECTORY Create temporary files in DIRECTORY
--leave-temps[=yes/no(*)] Do not remove temporary files
--gen-json[=yes/no(*)] Generate JSON description of scanned file(s). JSON will be printed and also-
dropped to the temp directory if --leave-temps is enabled.
--database=FILE/DIR -d FILE/DIR Load virus database from FILE or load all supported db files from DIR
--official-db-only[=yes/no(*)] Only load official signatures
--log=FILE -l FILE Save scan report to FILE
--recursive[=yes/no(*)] -r Scan subdirectories recursively
--allmatch[=yes/no(*)] -z Continue scanning within file after finding a match
--cross-fs[=yes(*)/no] Scan files and directories on other filesystems
--follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0 = never, 1 = direct, 2 = always)
--follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0 = never, 1 = direct, 2 = always)
--file-list=FILE -f FILE Scan files from FILE
--remove[=yes/no(*)] Remove infected files. Be careful!
--move=DIRECTORY Move infected files into DIRECTORY
--copy=DIRECTORY Copy infected files into DIRECTORY
--exclude=REGEX Don't scan file names matching REGEX
--exclude-dir=REGEX Don't scan directories matching REGEX
--include=REGEX Only scan file names matching REGEX
--include-dir=REGEX Only scan directories matching REGEX

--bytecode[=yes(*)/no] Load bytecode from the database
--bytecode-unsigned[=yes/no(*)] Load unsigned bytecode
--bytecode-timeout=N Set bytecode timeout (in milliseconds)
--statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
--detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications
--exclude-pua=CAT Skip PUA sigs of category CAT
--include-pua=CAT Load PUA sigs of category CAT
--detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card)
--structured-ssn-format=X SSN format (0=normal,1=stripped,2=both)
--structured-ssn-count=N Min SSN count to generate a detect
--structured-cc-count=N Min CC count to generate a detect
--scan-mail[=yes(*)/no] Scan mail files
--phishing-sigs[=yes(*)/no] Enable email signature-based phishing detection
--phishing-scan-urls[=yes(*)/no] Enable URL signature-based phishing detection
--heuristic-alerts[=yes(*)/no] Heuristic alerts
--heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
--normalize[=yes(*)/no] Normalize html, script, and text files. Use normalize=no for yara compatibility
--scan-pe[=yes(*)/no] Scan PE files
--scan-elf[=yes(*)/no] Scan ELF files
--scan-ole2[=yes(*)/no] Scan OLE2 containers
--scan-pdf[=yes(*)/no] Scan PDF files
--scan-swf[=yes(*)/no] Scan SWF files
--scan-html[=yes(*)/no] Scan HTML files
--scan-xmldocs[=yes(*)/no] Scan xml-based document files
--scan-hwp3[=yes(*)/no] Scan HWP3 files
--scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)
--alert-broken[=yes/no(*)] Alert on broken executable files (PE & ELF)
--alert-encrypted[=yes/no(*)] Alert on encrypted archives and documents
--alert-encrypted-archive[=yes/no(*)] Alert on encrypted archives
--alert-encrypted-doc[=yes/no(*)] Alert on encrypted documents
--alert-macros[=yes/no(*)] Alert on OLE2 files containing VBA macros
--alert-exceeds-max[=yes/no(*)] Alert on files that exceed max file size, max scan size, or max recursion limit
--alert-phishing-ssl[=yes/no(*)] Alert on emails containing SSL mismatches in URLs
--alert-phishing-cloak[=yes/no(*)] Alert on emails containing cloaked URLs
--alert-partition-intersection[=yes/no(*)] Alert on raw DMG image files containing partition intersections
--nocerts Disable authenticode certificate chain verification in PE files
--dumpcerts Dump authenticode certificate chain in PE files

--max-scantime=#n Scan time longer than this will be skipped and assumed clean
--max-filesize=#n Files larger than this will be skipped and assumed clean
--max-scansize=#n The maximum amount of data to scan for each container file (**)
--max-files=#n The maximum number of files to scan for each container file (**)
--max-recursion=#n Maximum archive recursion level for container file (**)
--max-dir-recursion=#n Maximum directory recursion level
--max-embeddedpe=#n Maximum size file to check for embedded PE
--max-htmlnormalize=#n Maximum size of HTML file to normalize
--max-htmlnotags=#n Maximum size of normalized HTML file to scan
--max-scriptnormalize=#n Maximum size of script file to normalize
--max-ziptypercg=#n Maximum size zip to type reanalyze
--max-partitions=#n Maximum number of partitions in disk image to be scanned
--max-iconspe=#n Maximum number of icons in PE file to be scanned
--max-rechwp3=#n Maximum recursive calls to HWP3 parsing function
--pcre-match-limit=#n Maximum calls to the PCRE match function.
--pcre-recmatch-limit=#n Maximum recursive calls to the PCRE match function.
--pcre-max-filesize=#n Maximum size file to perform PCRE subsig matching.
--disable-cache Disable caching and cache checks for hash sums of scanned files.

Pass in - as the filename for stdin.

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
files inside. The above options ensure safe processing of this kind of data.