Scanning with clamAV

Hello, how do I quarantine infected files with ClamAV after I scan my system using clamscan -r /
Is there a clamscan command to quarantine the infected files and then alert me?

Output to inxi --admin --verbosity=7 --filter --no-host --width is:

System:
  Kernel: 5.9.16-1-MANJARO x86_64 bits: 64 compiler: gcc v: 10.2.1 
  parameters: BOOT_IMAGE=/boot/vmlinuz-5.9-x86_64 
  root=UUID=41b5e77f-aea6-4e67-93a5-664479adb001 rw quiet 
  cryptdevice=UUID=77b502ae-f416-426b-aedc-de4e854f3e72:luks-77b502ae-f416-426b-aedc-de4e854f3e72 
  root=/dev/mapper/luks-77b502ae-f416-426b-aedc-de4e854f3e72 apparmor=1 
  security=apparmor 
  resume=/dev/mapper/luks-7e5bc572-cfd3-4207-8901-a1f3959d6bc0 
  udev.log_priority=3 
  Desktop: KDE Plasma 5.20.5 tk: Qt 5.15.2 wm: kwin_x11 dm: SDDM 
  Distro: Manjaro Linux 
Machine:
  Type: Laptop System: LENOVO product: 82DQ v: Lenovo V14-ARE serial: <filter> 
  Chassis: type: 10 v: Lenovo V14-ARE serial: <filter> 
  Mobo: LENOVO model: LNVNB161216 v: SDK0J40697WIN serial: <filter> 
  UEFI: LENOVO v: DZCN33WW date: 09/24/2020 
Battery:
  ID-1: BAT0 charge: 32.1 Wh condition: 33.3/35.3 Wh (94%) volts: 8.5/7.6 
  model: CPT-COS L16C2PB1 type: Li-poly serial: <filter> status: Unknown 
  cycles: 6 
Memory:
  RAM: total: 7.21 GiB used: 5.28 GiB (73.3%) 
  RAM Report: permissions: Unable to run dmidecode. Root privileges required. 
CPU:
  Info: 6-Core model: AMD Ryzen 5 4500U with Radeon Graphics bits: 64 
  type: MCP arch: Zen 2 family: 17 (23) model-id: 60 (96) stepping: 1 
  microcode: 8600106 L2 cache: 3 MiB bogomips: 28454 
  Speed: 1397 MHz min/max: 1400/2375 MHz boost: enabled Core speeds (MHz): 
  1: 1397 2: 1397 3: 1397 4: 3986 5: 1774 6: 1774 
  Flags: 3dnowprefetch abm adx aes aperfmperf apic arat avic avx avx2 bmi1 
  bmi2 bpext cat_l3 cdp_l3 clflush clflushopt clwb clzero cmov cmp_legacy 
  constant_tsc cpb cpuid cqm cqm_llc cqm_mbm_local cqm_mbm_total cqm_occup_llc 
  cr8_legacy cx16 cx8 de decodeassists extapic extd_apicid f16c flushbyasid 
  fma fpu fsgsbase fxsr fxsr_opt ht hw_pstate ibpb ibrs ibs irperf lahf_lm 
  lbrv lm mba mca mce misalignsse mmx mmxext monitor movbe msr mtrr mwaitx 
  nonstop_tsc nopl npt nrip_save nx osvw overflow_recov pae pat pausefilter 
  pclmulqdq pdpe1gb perfctr_core perfctr_llc perfctr_nb pfthreshold pge pni 
  popcnt pse pse36 rdpid rdpru rdrand rdseed rdt_a rdtscp rep_good sep sha_ni 
  skinit smap smca smep ssbd sse sse2 sse4_1 sse4_2 sse4a ssse3 stibp succor 
  svm svm_lock syscall tce topoext tsc tsc_scale umip v_vmsave_vmload vgif 
  vmcb_clean vme vmmcall wbnoinvd wdt xgetbv1 xsave xsavec xsaveerptr xsaveopt 
  xsaves 
  Vulnerabilities: Type: itlb_multihit status: Not affected 
  Type: l1tf status: Not affected 
  Type: mds status: Not affected 
  Type: meltdown status: Not affected 
  Type: spec_store_bypass 
  mitigation: Speculative Store Bypass disabled via prctl and seccomp 
  Type: spectre_v1 
  mitigation: usercopy/swapgs barriers and __user pointer sanitization 
  Type: spectre_v2 mitigation: Full AMD retpoline, IBPB: conditional, IBRS_FW, 
  STIBP: disabled, RSB filling 
  Type: srbds status: Not affected 
  Type: tsx_async_abort status: Not affected 
Graphics:
  Device-1: AMD Renoir vendor: Lenovo driver: amdgpu v: kernel bus ID: 03:00.0 
  chip ID: 1002:1636 class ID: 0300 
  Device-2: Chicony Integrated Camera type: USB driver: uvcvideo bus ID: 1-3:4 
  chip ID: 04f2:b624 class ID: 0e02 serial: <filter> 
  Device-3: DisplayLink ASUSTEK MB169B+ type: USB driver: usbfs bus ID: 4-1:2 
  chip ID: 17e9:ff0b class ID: fe01 serial: <filter> 
  Display: x11 server: X.Org 1.20.10 compositor: kwin_x11 driver: 
  loaded: amdgpu,ati,modesetting alternate: fbdev,vesa display ID: :0 
  screens: 1 
  Screen-1: 0 s-res: 3840x1080 s-dpi: 96 s-size: 1013x285mm (39.9x11.2") 
  s-diag: 1052mm (41.4") 
  Monitor-1: eDP res: 1920x1080 hz: 60 dpi: 158 size: 309x173mm (12.2x6.8") 
  diag: 354mm (13.9") 
  Monitor-2: DVI-I-1-1 res: 1920x1080 hz: 60 dpi: 142 
  size: 344x193mm (13.5x7.6") diag: 394mm (15.5") 
  OpenGL: renderer: AMD RENOIR (DRM 3.39.0 5.9.16-1-MANJARO LLVM 11.0.1) 
  v: 4.6 Mesa 20.3.4 direct render: Yes 
Audio:
  Device-1: AMD vendor: Lenovo driver: snd_hda_intel v: kernel bus ID: 03:00.1 
  chip ID: 1002:1637 class ID: 0403 
  Device-2: AMD Raven/Raven2/FireFlight/Renoir Audio Processor vendor: Lenovo 
  driver: N/A alternate: snd_pci_acp3x, snd_rn_pci_acp3x bus ID: 03:00.5 
  chip ID: 1022:15e2 class ID: 0480 
  Device-3: AMD Family 17h HD Audio vendor: Lenovo driver: snd_hda_intel 
  v: kernel bus ID: 03:00.6 chip ID: 1022:15e3 class ID: 0403 
  Sound Server: ALSA v: k5.9.16-1-MANJARO 
Network:
  Device-1: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter 
  vendor: Lenovo driver: ath10k_pci v: kernel bus ID: 01:00.0 
  chip ID: 168c:003e class ID: 0280 
  IF: wlp1s0 state: up mac: <filter> 
  IP v4: <filter> type: dynamic noprefixroute scope: global 
  broadcast: <filter> 
  IP v6: <filter> type: noprefixroute scope: link 
  Device-2: Qualcomm Atheros QCA61x4 Bluetooth 4.0 type: USB driver: btusb 
  bus ID: 3-3:3 chip ID: 0cf3:e300 class ID: e001 
  WAN IP: <filter> 
Bluetooth:
  Device-1: Qualcomm Atheros QCA61x4 Bluetooth 4.0 type: USB driver: btusb 
  v: 0.8 bus ID: 3-3:3 chip ID: 0cf3:e300 class ID: e001 
  Message: Required tool hciconfig not installed. Check --recommends 
RAID:
  Message: No RAID data was found. 
Drives:
  Local Storage: total: 853.2 GiB used: 393.81 GiB (46.2%) 
  SMART Message: Unable to run smartctl. Root privileges required. 
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Western Digital 
  model: PC SN520 SDAPMUW-256G-1101 size: 238.47 GiB block size: 
  physical: 512 B logical: 512 B speed: 15.8 Gb/s lanes: 2 rotation: SSD 
  serial: <filter> rev: 20290001 temp: 32.9 C scheme: GPT 
  ID-2: /dev/sda maj-min: 8:0 vendor: Western Digital model: WDS500G2B0A 
  size: 465.76 GiB block size: physical: 512 B logical: 512 B speed: 6.0 Gb/s 
  rotation: SSD serial: <filter> rev: 90WD scheme: GPT 
  ID-3: /dev/sdb maj-min: 8:16 type: USB vendor: Generic model: SD MMC MS PRO 
  size: 119.08 GiB block size: physical: 512 B logical: 512 B rotation: SSD 
  serial: <filter> rev: 1.00 scheme: MBR 
  SMART Message: Unknown USB bridge. Flash drive/Unsupported enclosure? 
  ID-4: /dev/sdc maj-min: 8:32 type: USB vendor: Samsung 
  model: Flash Drive FIT size: 29.88 GiB block size: physical: 512 B 
  logical: 512 B rotation: SSD serial: <filter> rev: 1100 scheme: MBR 
  SMART Message: Unknown USB bridge. Flash drive/Unsupported enclosure? 
  Message: No Optical or Floppy data was found. 
Partition:
  ID-1: / raw size: 229.37 GiB size: 224.77 GiB (97.99%) 
  used: 82.35 GiB (36.6%) fs: ext4 dev: /dev/dm-0 maj-min: 254:0 
  mapped: luks-77b502ae-f416-426b-aedc-de4e854f3e72 label: N/A 
  uuid: 41b5e77f-aea6-4e67-93a5-664479adb001 
  ID-2: /boot/efi raw size: 300 MiB size: 299.4 MiB (99.80%) 
  used: 480 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1 label: N/A 
  uuid: 02D5-A444 
  ID-3: /home/<filter>/pCloudDrive raw size: N/A size: 8 GiB 
  used: 251.4 MiB (3.1%) fs: fuse source: ERR-102 label: N/A uuid: N/A 
  ID-4: /media/SystemBackup raw size: 232.83 GiB size: 228.18 GiB (98.00%) 
  used: 110.31 GiB (48.3%) fs: ext4 dev: /dev/sda1 maj-min: 8:1 
  label: SystemBackup uuid: fe8f544c-218e-473c-b9f1-9dd7377320ff 
  ID-5: /run/media/noah/VirtualBoxETC raw size: 232.93 GiB 
  size: 228.27 GiB (98.00%) used: 200.05 GiB (87.6%) fs: ext4 dev: /dev/sda2 
  maj-min: 8:2 label: VirtualBoxETC uuid: e8075768-a6e2-4484-9437-be58ae3505fa 
  ID-6: /run/media/noah/writable raw size: 27.41 GiB size: 26.86 GiB (97.97%) 
  used: 46.1 MiB (0.2%) fs: ext4 dev: /dev/sdc3 maj-min: 8:35 label: writable 
  uuid: ede1fb28-ab65-41f7-8bd9-1f7127509ed9 
  ID-7: /run/timeshift/backup raw size: 232.83 GiB size: <superuser required> 
  used: <superuser required> fs: ext4 dev: /dev/sda1 maj-min: 8:1 
  label: SystemBackup uuid: fe8f544c-218e-473c-b9f1-9dd7377320ff 
Swap:
  Kernel: swappiness: 60 (default) cache pressure: 100 (default) 
  ID-1: swap-1 type: partition size: 8.8 GiB used: 827.2 MiB (9.2%) 
  priority: -2 dev: /dev/dm-1 maj-min: 254:1 
  mapped: luks-7e5bc572-cfd3-4207-8901-a1f3959d6bc0 label: N/A 
  uuid: a3c4745a-3fbd-40e1-9d38-a4bb513d2d09 
Unmounted:
  ID-1: /dev/sdb1 maj-min: 8:17 size: 119.07 GiB fs: exfat label: Backup 
  uuid: 3534-6433 
  ID-2: /dev/sdc1 maj-min: 8:33 size: 2.46 GiB fs: iso9660 
  label: Kubuntu 20.04.2.0 LTS amd64 uuid: 2021-02-09-19-24-16-00 
  ID-3: /dev/sdc2 maj-min: 8:34 size: 3.9 MiB fs: vfat label: N/A 
  uuid: 54C5-9C6C 
USB:
  Hub-1: 1-0:1 info: Full speed (or root) Hub ports: 4 rev: 2.0 
  speed: 480 Mb/s chip ID: 1d6b:0002 class ID: 0900 
  Device-1: 1-1:2 info: Maxxter Telink Wireless Receiver type: Mouse,Keyboard 
  driver: hid-generic,usbhid interfaces: 2 rev: 1.1 speed: 12 Mb/s 
  chip ID: 248a:8367 class ID: 0301 
  Hub-2: 1-2:3 info: VIA Labs VL813 Hub ports: 4 rev: 2.1 speed: 480 Mb/s 
  chip ID: 2109:2813 class ID: 0900 
  Device-1: 1-3:4 info: Chicony Integrated Camera type: Video driver: uvcvideo 
  interfaces: 2 rev: 2.0 speed: 480 Mb/s chip ID: 04f2:b624 class ID: 0e02 
  serial: <filter> 
  Hub-3: 2-0:1 info: Full speed (or root) Hub ports: 2 rev: 3.1 speed: 10 Gb/s 
  chip ID: 1d6b:0003 class ID: 0900 
  Hub-4: 2-2:2 info: VIA Labs VL813 Hub ports: 4 rev: 3.0 speed: 5 Gb/s 
  chip ID: 2109:0813 class ID: 0900 
  Device-1: 2-2.4:3 
  info: Silicon Motion - Taiwan (formerly Feiya ) Flash Drive 
  type: Mass Storage driver: usb-storage interfaces: 1 rev: 3.1 speed: 5 Gb/s 
  chip ID: 090c:1000 class ID: 0806 serial: <filter> 
  Hub-5: 3-0:1 info: Full speed (or root) Hub ports: 4 rev: 2.0 
  speed: 480 Mb/s chip ID: 1d6b:0002 class ID: 0900 
  Device-1: 3-2:2 info: Realtek USB2.0-CRW type: Mass Storage 
  driver: ums-realtek interfaces: 1 rev: 2.0 speed: 480 Mb/s 
  chip ID: 0bda:0177 class ID: 0806 serial: <filter> 
  Device-2: 3-3:3 info: Qualcomm Atheros QCA61x4 Bluetooth 4.0 type: Bluetooth 
  driver: btusb interfaces: 2 rev: 2.0 speed: 12 Mb/s chip ID: 0cf3:e300 
  class ID: e001 
  Hub-6: 4-0:1 info: Full speed (or root) Hub ports: 2 rev: 3.1 speed: 10 Gb/s 
  chip ID: 1d6b:0003 class ID: 0900 
  Device-1: 4-1:2 info: DisplayLink ASUSTEK MB169B+ type: Video driver: usbfs 
  interfaces: 2 rev: 3.2 speed: 5 Gb/s chip ID: 17e9:ff0b class ID: fe01 
  serial: <filter> 
Sensors:
  System Temperatures: cpu: 67.1 C mobo: N/A gpu: amdgpu temp: 44.0 C 
  Fan Speeds (RPM): N/A 
Info:
  Processes: 335 Uptime: 18h 31m wakeups: 3 Init: systemd v: 247 Compilers: 
  gcc: 10.2.0 clang: 11.0.1 Packages: 1523 pacman: 1505 lib: 424 flatpak: 7 
  snap: 11 Shell: Bash v: 5.1.0 running in: konsole inxi: 3.3.01 

This is from memory and may be out of date, but you use the move option eg. clamscan -r --move=/home/USER/VIRUS /

Okay, but if it is malware should I leave on my computer?
I do know that clamav sometimes says things are infected that are not though.

ClamAV only scans for Windows viruses. There are no GNU/Linux viruses in the wild.

@Aragorn Ah, so why do they make it for linux then?

I think it’s for email servers, the client is most likely on a Windows workstation.

Okay thank you guys.

Sorry for asking for the clarification and the possible repetition of what you said, but as a former Windows with Antivirus user this is a question that comes to my mind really often.

How can this be true? I think no system is impenetrable. Is it the case due to Linux’s very small user base? But again Linux is everywhere, taking into account server infrastructures.

If unpopularity in the desktop space is our biggest protection against malicious factors, then how safe is this stance? Most of us wish for Linux to gain traction, so we kinda wish our biggest protection to vanish? And what’s the threshold for it to be gone? Won’t thousands of systems be vulnerable when Linux starts being considered “popular enough” to spend time attacking on?

Personally I went from a system with a suite specifically installed to protect me for such misfortunes to a system that has none such suite because it supposedly doesn’t need one. So even though, I have loved Linux 100%, I am still a bit uncomfortable on the security front.

Hi,

This article might help answer some of your questions:

That is part of it, but GNU/Linux is a UNIX system, and UNIX was designed from the ground up as a multiuser operating system architecture. Microsoft Windows was not; it was designed as a graphical user interface on top of MS-DOS, a single-tasking, single-user operating system for machines without a network connection.

In DOS and Windows, a file is considered executable if it has a name that ends in a given suffix ─ e.g. .EXE ─ regardless of whether the file resides in a cache or on a filesystem. In UNIX a file is only executable if it resides on a filesystem with POSIX permissions and it has the execute permission set for the user trying to run the file.

Microsoft Windows is a horrible, horrible operating system design, bolted together from mutually incompatible components, with lots of duct tape to cover the holes. UNIX on the other hand was already created in 1969/1970 and has been an industry standard since, exactly because it is so robust, scalable, reliable, flexible and secure.

GNU/Linux is a freely licensed implementation of the UNIX platform, written from scratch so that it would be free of patents and copyrights, and so that it can grant the user the four freedoms as explained at gnu.org and fsf.org.

No system is ever without bugs, but the open development model of GNU/Linux ensures that bugs are caught and dealt with a lot faster than in proprietary operating systems, and the UNIX architecture is very different from that of Microsoft Windows.

Windows is full of holes because it was never designed as an operating system. That is a role it only came to adopt later, for commercial reasons, but Bill Gates’ refusal to completely rewrite Windows when it was ported to run on the NT kernel instead of on DOS meant that Windows is still stuck with that single-user legacy underneath. By contrast, security holes in GNU/Linux are the result of programming errors ─ i.e. bugs ─ rather than of any flaws in the design of the operating system itself.

By the way, macOS is also a UNIX, but a rather perverted one, albeit that it’s still a better operating system than Windows, because unlike Gates, Steve Jobs did have the courage to start all over again and provide backward compatibility with earlier macOS ─ the now so-called Classic Mac OS ─ by way of a compatibility layer on top of OS X that was always meant to be phased out at some later point.

Anyway, the bottom line is that Windows is in and of itself a very promiscuous and unintelligible platform that needs a nanny in the form of antivirus software and userspace firewalls ─ not to mention that it also phones home ─ whereas GNU/Linux builds upon an existing and time-proven platform architecture with strict permissions and privilege separation.

Hopefully that answers your question.

Thanks for the link @NGr! I checked it out but unfortunately it just leaves the matter to the “Linux isn’t popular enough yet” thing.

So @Aragorn it’s mainly an architectural thing that makes us safer than Windows? Meaning that if Linux had 90% of the desktop market on its own, the attack surface wouldn’t change by any great deal, so our approach on our security wouldn’t change? That to best protect ourselves proactively we just have to contribute to the Debugging and Development of the system?

I understand what you say, yet it still not easy to wrap my head around it.

By the way thank you for the elaborate response. I also laughed a bit with this:

Cheers

For most part, yes, that’s the real issue. And you see this also in the evolution of the attack vectors. Given the privilege separation/isolation in GNU/Linux, the attackers have to start using different tactics, and most notably social engineering and actual theft of hardware ─ e.g. the laptops of developers in a GNU/Linux project, who have their login credentials to the remote repository they use stored on their laptops instead of in their craniums.

I guess it depends on what you’re doing.
As a desktop user, switching from Vista to Ubuntu, the first thing I did was to visit the same kinds of sites I’d visited to test my Windows malware setup. I started to realise how many SPOF (Single point of failure) weaknesses existed in Windows and appreciated the way that anyone installing Windows must first learn to do many many things to tighten it up - like trying to plug holes in a sieve.

With Linux, you mostly have to work hard to make any holes.

At the time I was working hard to strengthen my Windows security - but a BSOD interrupted me. At that time, internet shops were using solid ‘rollback’ solutions in preference to actual anti-malware (i.e. if it gets infected, simply reboot and restore). I spent a whole day (with a 500GB disk) and testdisk scraping my valuable photos off it (many lost and corrupted forever). That was the very last time.

Servers are a different story - but I never had any need to do anything more than a simple backup solution. I’ve seen a fair few sensational stories (usually some PC news website, probably appealing more to users of Windows who can now say 'well there’s malware on Macs and Linux too, so we’re not the only ones) but I’ve never known anyone in the real world who is actually affected.

I mean, try making ia test user - make a text file - then log back into your own account and browse it. File permissions make it hard work…

So, in short - never lost a file since 2007, never scanned for malware, never defragmented a drive.

I have, however, successfully destroyed installs - lost power during partitioning (which means you must learn how to manage/move/backup things before working) and survived.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.