Clam AV Almost Bricked My Computer

[lman26]

I installed the program and immediately had problems using Mint 22.3. I lost access to my printer and couldn't reinstall any drivers. I have a brand new NIvidia RTX 5050 card and a brand new Dell 2725 QC monitor but it wouldn't recognize my computer so I had to fight with it to get it to work. My Proton VPN stopped working as well. Once I uninstalled Clam everything pretty much started working again although I still had monitor issues for awhile. I would not install this AV program unless you want problems. JMO.

 

[Condobloke]

Uninstalling clamav is likely the best thing you have done all day....it can give problems.....agreed.

Make sure your firewall is enabled, practise safe browsing etc, and you'll be fine.

Timeshift can save your bacon in circumstances such as what you have just encountered.

 

[KGIII]

Most users will not benefit from using AV with Linux. ClamAV operates by signatures. If it finds something, you were probably already affected. The chance of there being malware in the wild aimed at Linux on the desktop is rather low. Sure, it could happen, but the odds are really low. If there's going to be malware, it's likely going to come from a quiet little package that's maintained by a few people but in common use.

Linux is not immune from malware, but it's a really low chance. You're likely better off watching your system for anomalies than you are scanning for the fairly limited set of signatures used by ClamAV.

Well, that and (for now), you're not really a useful target. If you're going to hack at Linux, you're going to be targeting servers and stuff like that. We desktop users are small in number, paranoid, and (often) really cheap! Going after us is a waste of time.

 

[gvisoc]

I would not install this AV program unless you want problems.

Clam AV is not recommended (and I think they don't recommend it themselves) to be installed as a service in desktop computers, only on server applications where end users upload files (and hence attackers would upload malware targetting windows' clients).

For non-windows desktop computers you only need to scan on demand before copying or running stuff downloaded from untrusted or unknown third parties --and if they involve sudo.

 

[Condobloke]

if I type clam av in Linux mint Software Manager, i get a result....

If I alter my type to clam ... I get a larger offering...

Fairly typical of Mint's Software Manager at the moment..... a mess

 

[gvisoc]

Detailing my response above, as an example, in Fedora Workstation all packages of clamav that provide a systemd service will be disabled by default, expecting the user to manual use them (see below). This also reinforce the comment of @KGIII and @Condobloke about the rarity of being affected by malware.

Probably the most frequent use of it by desktop linux users is when we're helping a friend, family or acquaintance with a Windows or Mac computer that involves downloading something for them, and we don't want to spread malware even if that wouldn't affect us.

(0) ⚙️  [~] systemctl status clam
clamav-clamonacc.service       clamav-freshclam-once.service  clamav-freshclam-once.timer    clamav-freshclam.service       clamonacc.service
(0) ⚙️  [~] systemctl status clamav-clamonacc.service 
○ clamav-clamonacc.service - ClamAV On-Access Scanner
     Loaded: loaded (/usr/lib/systemd/system/clamav-clamonacc.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: inactive (dead)
       Docs: man:clamonacc(8)
             man:clamd.conf(5)
             https://docs.clamav.net/

(3) ⚙️  [~] systemctl status clamav-freshclam-once.service 
○ clamav-freshclam-once.service - Update ClamAV virus database once
     Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam-once.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: inactive (dead)
       Docs: man:freshclam(1)
             man:freshclam.conf(5)
             https://docs.clamav.net/

(3) ⚙️  [~] systemctl status clamav-freshclam-once.timer 
○ clamav-freshclam-once.timer - Daily ClamAV virus database update
     Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam-once.timer; disabled; preset: disabled)
     Active: inactive (dead)
    Trigger: n/a
   Triggers: ● clamav-freshclam-once.service

(3) ⚙️  [~] systemctl status clamav-freshclam.service 
○ clamav-freshclam.service - ClamAV virus database updater
     Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: inactive (dead)
       Docs: man:freshclam(1)
             man:freshclam.conf(5)
             https://docs.clamav.net/

(3) ⚙️  [~] systemctl status clamonacc.service 
○ clamav-clamonacc.service - ClamAV On-Access Scanner
     Loaded: loaded (/usr/lib/systemd/system/clamav-clamonacc.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: inactive (dead)
       Docs: man:clamonacc(8)
             man:clamd.conf(5)
             https://docs.clamav.net/

 

[ron.alan]

Desktop Linux does not need AV. For more info, read the link. It's written by a guy on Mint's forums with the forum name Pjotr.

https://easylinuxtipsproject.blogspot.com/p/security.html

 

[Condobloke]

Pjotr knows his stuff. You can believe what he writes

 

[lman26]

Desktop Linux does not need AV. For more info, read the link. It's written by a guy on Mint's forums with the forum name Pjotr.

https://easylinuxtipsproject.blogspot.com/p/security.html

After my experience with it I have to agree however if you watch YouTube videos about Linux there are a lot of them saying you should use it which is why I installed it.

 

[Condobloke]

@lman26, a better idea may be to ask here, first.

 

[Brickwizard]

if you watch YouTube videos about Linux there are a lot of them saying you should use it which is why I installed it.

Why do you think most of us do not recommend YouTube Videos,

 

[deb_user]

All that is necessary to make a YouTube video is a phone. Actual knowledge of the subject is totally optional.

 

[PuppyHome]

After my experience with it I have to agree however if you watch YouTube videos about Linux there are a lot of them saying you should use it which is why I installed it.

Goes to show that algorithms can really let one astray. There's a whole dedicated topic in there somewhere.

 

[J_Temple]

After my experience with it I have to agree however if you watch YouTube videos about Linux there are a lot of them saying you should use it which is why I installed it.

YouTube is probably the worst place to get advise. If one is looking at YouTube videos it is always a good practice to verify with other sources. I watch a really bad amount of YouTube and I listen to a lot of cooking, tech and medical stuff but if I plan on implementing any suggestions on a video, I always do a little more research, first.

 

[Condobloke]

I ran it on my pc, once.

it found 170 suspect files.

every single one of them was a part of Libre office, and had no connection to malware, trojan, or infection of any kind whatsoever.