Install and Use ClamAV Antivirus - Zorin OS 17 Core

[wizardfromoz]

Did not recognize the command. Please advise.

Easier than following the symlinks approach may be the following (because Clam may actually have been running in the background):

sudo systemctl stop clamav-freshclam.service
sudo freshclam
sudo systemctl start clamav-freshclam

That works fine under Zorin 16.3, I have not added Zorin 17 yet to my stable.

If you want to run the checks up to 12 times per day, it requires the presence of the clamav-daemon

(it may already be installed, check with apt policy)

sudo apt install clamav clamav-daemon

More reading can be found for Terminal with

man clamscan

or the Terminal manual can be found online at https://linux.die.net/man/1/clamscan

Hope this helps

Wizard

 

[WillingToLearn777]

Easier than following the symlinks approach may be the following (because Clam may actually have been running in the background):

sudo systemctl stop clamav-freshclam.service
sudo freshclam
sudo systemctl start clamav-freshclam

That works fine under Zorin 16.3, I have not added Zorin 17 yet to my stable.

If you want to run the checks up to 12 times per day, it requires the presence of the clamav-daemon

(it may already be installed, check with apt policy)

sudo apt install clamav clamav-daemon

More reading can be found for Terminal with

man clamscan

or the Terminal manual can be found online at https://linux.die.net/man/1/clamscan

Hope this helps

Wizard

Thanks for your response. I will keep you posted.

 

[WillingToLearn777]

Easier than following the symlinks approach may be the following (because Clam may actually have been running in the background):

sudo systemctl stop clamav-freshclam.service
sudo freshclam
sudo systemctl start clamav-freshclam

That works fine under Zorin 16.3, I have not added Zorin 17 yet to my stable.

If you want to run the checks up to 12 times per day, it requires the presence of the clamav-daemon

(it may already be installed, check with apt policy)

sudo apt install clamav clamav-daemon

More reading can be found for Terminal with

man clamscan

or the Terminal manual can be found online at https://linux.die.net/man/1/clamscan

Hope this helps

Wizard

Inserted the second command code "sudo freshclam". Received the following error message:
guy@guy-Aspire-A515-52:~$ sudo systemctl stop clamav-freshclam.service
[sudo] password for guy:
guy@guy-Aspire-A515-52:~$ sudo freshclam
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf
guy@guy-Aspire-A515-52:~$

Please advise.

 

[GatorsFan]

Inserted the second command code "sudo freshclam". Received the following error message:

guy@guy-Aspire-A515-52:~$ sudo systemctl stop clamav-freshclam.service
[sudo] password for guy:
guy@guy-Aspire-A515-52:~$ sudo freshclam
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf
guy@guy-Aspire-A515-52:~$

Please advise.
----------------------------------------
The reason is, with the default installation, the ‘Example’ variable is set to On which makes the configuration file work as a example and not the real configuration file

To fix the issue you need to edit the freshclam.conf file usually located here

/usr/local/etc/freshclam.conf

Open with your text editor - I use Mousepad so the command would be - just substitute Mousepad for your editor

sudo mousepad /usr/local/etc/freshclam.conf

and comment (put a hashtag in front of it) the line that says ‘Example’.

#Example

Save the file and execute the freshclam command to update the ClamAV database.

 

[WillingToLearn777]

guy@guy-Aspire-A515-52:~$ sudo systemctl stop clamav-freshclam.service
[sudo] password for guy:
guy@guy-Aspire-A515-52:~$ sudo freshclam
ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf
guy@guy-Aspire-A515-52:~$

Please advise.
----------------------------------------
The reason is, with the default installation, the ‘Example’ variable is set to On which makes the configuration file work as a example and not the real configuration file

To fix the issue you need to edit the freshclam.conf file usually located here

/usr/local/etc/freshclam.conf

Open with your text editor - I use Mousepad so the command would be - just substitute Mousepad for your editor



and comment (put a hashtag in front of it) the line that says ‘Example’.

#Example

Save the file and execute the freshclam command to update the ClamAV database.

Sir Gator,
Pleeeeaaassse be patient with me. I am da Newbie to Linux! I am swimming in the deep end!
I tried to follow your instructions by using my default text editor Gedit and the Terminal...did not make it.
Is it possible to make what you are saying more simple? I know I am asking a lot but can you make screen shots of the process?
Please advise.

 

[GatorsFan]

Sir Gator,
Pleeeeaaassse be patient with me. I am da Newbie to Linux! I am swimming in the deep end!
I tried to follow your instructions by using my default text editor Gedit and the Terminal...did not make it.
Is it possible to make what you are saying more simple? I know I am asking a lot but can you make screen shots of the process?
Please advise.

First go to /usr/local/etc/
you should have 2 files in there one is clamd.conf the other is freshclam.conf - here is mine below - I have see it where it says clamd.conf.sample and freshclam.conf.sample - if that is the case you need to get rid of .sample and re-save the file you will need to be in root to do this.

Now notice the red line pointing to Example one is BEFORE the other is AFTER the change

 

[ron.alan]

Pleeeeaaassse be patient with me. I am da Newbie to Linux!

Since you say you are new to Linux I'll put my .02¢ in. You don't need AV in Linux. I know it's hard for new Linux users to believe but it's true (and I'm a former Windows user myself). Someone gave a link earlier in this thread, and I'm going to repost it below. Give it a read . . . the author of that website is a member of the Mint forums, Pjotr, and he knows what he is talking about. And, sooner or later, Clam will wreck your system if you let it delete or quarantine its many false positives.

https://easylinuxtipsproject.blogspot.com/p/security.html

 

[Condobloke]

""1. First of all: you'll never be able to achieve 100 % security. Not in real life and not in the digital world. Not even when your computer is running Linux. You should always use your common sense; that's your best protection.""

 

[WillingToLearn777]

Since you say you are new to Linux I'll put my .02¢ in. You don't need AV in Linux. I know it's hard for new Linux users to believe but it's true (and I'm a former Windows user myself). Someone gave a link earlier in this thread, and I'm going to repost it below. Give it a read . . . the author of that website is a member of the Mint forums, Pjotr, and he knows what he is talking about. And, sooner or later, Clam will wreck your system if you let it delete or quarantine its many false positives.

https://easylinuxtipsproject.blogspot.com/p/security.html

Thank you for your response. I have viewed the linked article. Really great advice for da Newbie!
Confess there is a lot in the article that I need to get my head around!
Much appreciated!

 

[WillingToLearn777]

First go to /usr/local/etc/
you should have 2 files in there one is clamd.conf the other is freshclam.conf - here is mine below - I have see it where it says clamd.conf.sample and freshclam.conf.sample - if that is the case you need to get rid of .sample and re-save the file you will need to be in root to do this.

View attachment 17950

Now notice the red line pointing to Example one is BEFORE the other is AFTER the change


View attachment 17951
View attachment 17952

Thank you for your response. I do not have permission to make the change # Example in Gedit line number 4 below. My access to freshclam.config.sample file is in Read-only.
How do I change the permissions to get root access?

## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
# Comment or remove the line below.
# Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
#LogFile /tmp/clamd.log

Please advise.

 

[f33dm3bits]

You can also install Microsoft Defender on Linux

Deploy Microsoft Defender for Endpoint on Linux manually - Microsoft Defender for Endpoint

Describes how to deploy Microsoft Defender for Endpoint on Linux manually from the command line.

learn.microsoft.com

 

[GatorsFan]

My access to freshclam.config.sample file is in Read-only.

You have to open it in root to get full access, as stated in my post #26 "I have see it where it says clamd.conf.sample and freshclam.conf.sample - if that is the case you need to get rid of .sample and re-save the file you will need to be in root to do this."

 

[WillingToLearn777]

You can also install Microsoft Defender on Linux

Deploy Microsoft Defender for Endpoint on Linux manually - Microsoft Defender for Endpoint

Describes how to deploy Microsoft Defender for Endpoint on Linux manually from the command line.

learn.microsoft.com

Thanks for your response. When Microsoft Defender Endpoint is installed. Has MS got access to my Linux system privacy and security features? What access to my Linux data will MS get?

Please advise.

 

[f33dm3bits]

Thanks for your response. When Microsoft Defender Endpoint is installed. Has MS got access to my Linux system privacy and security features? What access to my Linux data will MS get?

Please advise.

I have never tried it on my PC, but generally speaking AV software normally needs elevated privileges to do on access scanning, so whatever company who wrote the AV product will most likely have kernel level access to your system in order to remove rootkits, malware, viruses, etc.

 

[WillingToLearn777]

I have never tried it on my PC, but generally speaking AV software normally needs elevated privileges to do on access scanning, so whatever company who wrote the AV product will most likely have kernel level access to your system in order to remove rootkits, malware, viruses, etc.

Thank you for your response.

 

[WillingToLearn777]

You have to open it in root to get full access, as stated in my post #26 "I have see it where it says clamd.conf.sample and freshclam.conf.sample - if that is the case you need to get rid of .sample and re-save the file you will need to be in root to do this."

Thanks for your response.
With Admin Password Authorisation in Gedit I was able to change Example to # Example in both config files. The name of the config files have not changed. They both still read .sample.

## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
# Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
#LogFile /tmp/clamd.log

##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##
# Comment or remove the line below.
# Example

# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav

Please advise.

 

[WillingToLearn777]

Easier than following the symlinks approach may be the following (because Clam may actually have been running in the background):

sudo systemctl stop clamav-freshclam.service
sudo freshclam
sudo systemctl start clamav-freshclam

That works fine under Zorin 16.3, I have not added Zorin 17 yet to my stable.

If you want to run the checks up to 12 times per day, it requires the presence of the clamav-daemon

(it may already be installed, check with apt policy)

sudo apt install clamav clamav-daemon

More reading can be found for Terminal with

man clamscan

or the Terminal manual can be found online at https://linux.die.net/man/1/clamscan

Hope this helps

Wizard

Hello Wizard of Linux!
In the terminal entered "sudo apt update && sudo apt upgrade" - completed no errors.
Again in the terminal entered "sudo apt install clamav clamav-daemon" - result is 1 (one) error:

Unpacking clamav-daemon (0.103.11+dfsg-0ubuntu0.22.04.1) ...
Setting up clamav-daemon (0.103.11+dfsg-0ubuntu0.22.04.1) ...
touch: cannot touch '/var/log/clamav/clamav.log': No such file or directory
dpkg: error processing package clamav-daemon (--configure):
installed clamav-daemon package post-installation script subprocess returned er
ror exit status 1
Processing triggers for man-db (2.10.2-1) ...
Errors were encountered while processing:
clamav-daemon
E: Sub-process /usr/bin/dpkg returned an error code (1)

Please advise how do I fix this error?

 

[GatorsFan]

They both still read .sample.

You have to be in root to remove .sample - what file manager are you using? to access root in your file manager
for thunar - pkexec thunar
for nemo - pkexec nemo
for nautilus - pkexec nautilus
for caja - pkexec caja
If you are using Nemo it is already in the right click function
generally it is pkexec and your filemanager

once in root navigate to the files then right click then rename and remove the .sample at the end then save the file

 

[wizardfromoz]

Processing triggers for man-db (2.10.2-1) ...
Errors were encountered while processing:
clamav-daemon
E: Sub-process /usr/bin/dpkg returned an error code (1)

Please advise how do I fix this error?

You could try running

sudo dpkg --configure -a

... that's a double dash before configure

and then repeat the process and see if it works.

If not, then you might have to remove the clamav-daemon package

sudo apt purge clamav-daemon

and try running wthout.

After that, I am stumped.

Wizard

 

[WillingToLearn777]

You have to be in root to remove .sample - what file manager are you using? to access root in your file manager
for thunar - pkexec thunar
for nemo - pkexec nemo
for nautilus - pkexec nautilus
for caja - pkexec caja
If you are using Nemo it is already in the right click function
generally it is pkexec and your filemanager

once in root navigate to the files then right click then rename and remove the .sample at the end then save the file

Thank you for your response.
This is a dumb question. Nautilus is my File Manager. Where do I enter "pkexec nautilus" to get into root?

Please advise.