firewall

[John Dangler]

On Tue, 2007-02-13 at 14:55 -0500, Jeffrey F. Bloss wrote:
> John Dangler wrote:
> 
> <snippage>
> 
> > yeah - it's one of those packages that (i guess) you just need to have
> > the entire kde environment installed in order for it to run.  I really
> > that was the case with clamtk... I installed it to see what it does
> > over the commandline tool... It installed a TON of kde stuff with it,
> > and on a clean install of Edgy (according to the gui) found 17
> > viruses. Looking through the 125,000 files it scanned, it didn't mark
> > ANY of the files as infected.  Then I run sudo clamscan -r -i / from
> > commandline... everything checks out ok (like I would think it
> > should)... so clamtk is definitely junk (IMO), so it's coming off
> 
> Just out of curiosity, what version of ClamAV did/do you have
> installed, and do you happen to know if ClamTK did anything funny like
> throwing the --enable-experimental switch?
clamav version 0.88.4/2562
I looked through all of the perl scripts and conf files and didn't see
anything that said "experimental" ...
> 
> Thing is, clam isn't exactly prone to false positives like that but it
> *will* scan email and does a pretty competent job of spotting phishing
> attempts if told to do so. I was wondering of maybe something like that
> wasn't what you were seeing...???
Don't know...  I do know on a command line scan, it said it found 1
virus in an email, but went by so fast that I couldn't get to it...
I'm currently running this - 
clamscan -r -i --exclude-dir=/sys / /var/log/clamav/clamscan.log &

so, when it finishes (and if it finds that 1 again), it will be in the
log, so I can update you on what it found...


>