2

I have scheduled system scan at daily interval using ClamTk. It found some viruses but taken no action e.g., quarantine or delete.

  1. Is it possible that the antivirus quarantine them automatically?
  2. How to apply the setting to automatically quarantine the found threats?
Syed Mohammed Omer Farooq
  • 21

1 Answers1

1

In case you use Ubuntu as a gateway and have Windows computers behind that gateway

  • In case you want to move the files to another location use:

    clamscan -r --move=/home/$USER/VIRUS /home/$USER

  • If you want to delete them automatically:

    clamscan -r --remove /home/$USER

/home/$USER is the scanned directory. /home/$USER/VIRUS is a sub directory inside the scanned folder. WARNING: --remove -will- delete those files.

That basically is the answer to your question but do keep reading.

In case you solely run Ubuntu desktops

As far as I know 100% of all reported viruses by clamav are fake so I would advice against this. All of them are false positives. And it is not from the lack of trying by virus creators: I bet any of them would like to break Linux like they broke Windows as it would make that person famous and absolutely revered as a god in that world.

The big flaw virus scanners have: they use Windows rules to scan Linux files and that just does not work. So the only reason to scan for viruses is when you use Ubuntu as a gateway to provide content to Windows computers and you want to scan Windows related files before those reach your Windows computers.

Automatically moving or deleting those files will eventually kill your operating system. At some point it will find a system file that is crucial for your operating system and either moving or deleting it will essentially make the connection process stop from working. If that file is part of the boot process you killed your system.

I would suggest to investigate each of these files and actually confirm those are viruses. Manually. I really doubt you found any and, after you did investigate those files, if you agree with me: delete the software and do not look at it again. I, and many Linux Desktop users with me, have never ever used a virus scanner. On a server with sensitive data I would suggest to use root kit scanner and a good password. Or even 2 root kit scanners so you can compare results as those tend to report false positives too.

Linux, up to today, is free of viruses.

You can however install a virus yourself. The viruses that are available for Linux never got passed lab tests and require you to download it yourself, install it and provide it your admin password. If that happens that person made so many mistakes in regards to security it is fairer to claim that that person does not need a virus scanner but needs to be educated about basic usage of a computer ;)

Things to take note of:

  • keep your system always up to date.
  • install software always from the official repositories. This is especially true when installing components (like "extensions") inside browsers: those do not tend to have a virus but often have malware in them. Always investigate those before installing: check for comments and for discussions on-line.
  • when installing 3rd party software investigate the 3rd party.
  • never ever type your admin password when you know it should not be asked. A regular desktop user hardly ever needs it: only when doing admin tasks.
  • have a decent admin password.

... and you never need a virus scanner. The only company you need to put your trust in is Canonical as they provide our operating system. Of course ... if they mess up we all will notice. An unofficial version of Ubuntu called Mint had their servers breached and their installers compromised. A very very very serious problem yes, but not something a virus scanner would have caught :)

Rinzwind
  • 309,379