[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    Re: [clamav-users] Please help
From:       "G.W. Haywood via clamav-users" <clamav-users () lists ! clamav ! net>
Date:       2022-08-31 22:47:25
Message-ID: c5177ca6-efb7-60a4-d1c8-e59095da5e15 () jubileegroup ! co ! uk
[Download RAW message or body]

Hi there,

On Wed, 31 Aug 2022, Jan Elliott wrote:

> TO:  "clamd user questions" <clamav-users@lists.clamav.net>
>
> QUESTION:  When I try to execute the command "clamd"  I
> get the following message:
>   ERROR: Please define server type (local and/or TCP)

The tool (possibly 'clamdscan', but whatever it is) which tells clamd
what it is to scan communicates with clamd through a socket.  Running
clamd on Linux, most people most of the time configure clamd to use a
Unix socket but it can also use a TCP socket.  You need to choose one.
Using a TCP socket may have security implications which I don't think
you need to worry about in your present situation.

https://docs.clamav.net/manual/Usage/Configuration.html#clamdconf

and try the command

man clamd.conf

Look for the configuration options which start with "TCP" and also
those which contain the word "Socket".

> .... The person who installed Fedora v36 suggested I
> try CLAMD to get rid of a virus/whatever that apparently
> infected my Chrome browser ...

Try to think of ClamAV as an attempt to prevent rather than a cure.

It isn't generally a good idea to try to get an infected system to
repair itself.  If the criminals who produced the malicious code are
any good at their jobs - and some of them are *very* good because it
can pay well - they will have ways of preventing something like ClamAV
from doing its job.  There might easily be hundreds of compromised
executables in the box.  If you try to replace them all, you only need
to miss one for the exercise to be pointless.  You could never be sure
that you'd found everything, and you might waste a lot of time finding
out that you hadn't.

My advice is to wipe the system and start from scratch.  Thesedays it
seems that even that isn't always enough and if the threat has reached
into the firmware then you might need to write off the machine, or at
least substantial parts of it.  It isn't an especially likely outcome,
but it's one that you should bear in mind.

What's the state of your backups?

-- 

73,
Ged.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic