On Friday 21 August 2015 08:53:46 to...@tuxteam.de wrote: > On Fri, Aug 21, 2015 at 01:55:54PM +0200, Frédéric Marchal wrote: > > [...] > > > My understanding of ClamAV is that it is not suitable to scan an > > infected Linux computer from the computer itself. > > The best summary so-far. Thanks for it! > -- t
I would never make such a statement. I use it to do a daily scan 3 major areas of this machine that covers both home, and my web pages content. And it has found suspicious files in the email corpus tree, files that somehow got past the incoming email scan that procmail also subjects that email to. I suspect they were zero-day things aimed at winderz lusers that got by and were caught later after freshclam had updated the signature database. Files that I never attempted to view in the first place by following common sense rules, like know the sender. The incoming virii scan quarantines those in a separate file that I may scan thru with less before I nuke it a few months later, but I have yet to find a msg from somone I semi-know in that file. Its about 100k in size ATM so clamd is doing its job. My biggest complaint? It sends me emails even if it doesn't find anything. I guess its a reminder assuring me the machine is relatively clean. I am also on a 4 machine local network, isolated from all the attack vectors by an install of DD-WRT in my router. I used to follow the logs from it, but watching 100k+ login failures a day got boring. Only one person has come into this system, and because I needed help troubleshooting, I gave him the username & passwords it took to do that over the phone. NO ONE else has managed that feat in over a decade of hiding behind DD-WRT. Obvously it comes highly recommended by me. I also run my own web pages on this machine, so that needs qualifying in that all that runs in an isolated sandbox I won't further describe for obvious reasons. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
