1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
|
README
------
(Last updated February 20, 2010)
1. Important Links
ClamAV : http://www.clamav.net
ClamTk : http://freshmeat.net/projects/clamtk/
: http://clamtk.sf.net
: http://clamtk.cvs.sf.net
Gtk2-Perl : http://gtk2-perl.sourceforge.net
ClamTk FAQ : http://clamtk.sf.net/faq.html
Launchpad ClamTk: https://launchpad.net/clamtk
2. About
ClamTk is a frontend for ClamAV using Gtk2-perl. It is intended to be
an easy to use, lightweight scanner for Linux systems. It has been
ported to Fedora, Debian, RedHat, openSUSE, ALT Linux, Ubuntu, CentOS,
Gentoo, Archlinux, Mandriva, PCLinuxOS and FreeBSD.
Although its earliest incarnations date to 2003, it was first uploaded
for distribution in 2004 to a rootshell.be account and finally to
Sourceforge.net in 2005.
3. GUI
ClamTk started out using the Tk libraries (thus its name). I have
since switched to perl-Gtk2 (or Gtk2-perl, whatever). The Tk version
is still available on sourceforge.net but has not been updated for
some time now.
4. Cross-distro
RPMs for Fedora and CentOS are available from clamtk.sourceforge.net,
and its requirements from apt and yum repos.
Check rpmfind.net or your local packager for others. The source works
just fine too, but be warned that version >= 4.00 has gotten more complex
and is no longer just a single script; that is, it may take a slight bit
of tweaking. It is actually much easier to install with package managers.
5. Installation
RPMs:
The easiest way to install ClamTk is to use the rpms.
If you downloaded it, you might try:
# yum localinstall --nogpgcheck clamtk*.rpm
The "--nogpgcheck" option is necessary since I no longer gpg-sign
the rpms. The Debian/Ubuntu builds are gpg-signed.
To remove clamtk:
# yum erase clamtk
SOURCE:
The tarball contains all the sources. One way to do this on Fedora:
# mkdir -p /usr/lib/perl5/vendor_perl/5.10.0/ClamTk
# cp lib/*.pm /usr/lib/perl5/vendor_perl/5.10.0/ClamTk
# chmod +x clamtk
# cp clamtk /usr/local/bin (or /usr/bin)
EXAMPLES:
a. $ perl clamtk
or
b. $ chmod +x /path/to/clamtk
$ /path/to/clamtk
To add right-click functionality, you may wish to do the following:
# cp clamtk.desktop /usr/share/applications
* Note: If you have installed this program as an rpm or .deb, you
do not need to take these steps.
* Note: Did you get errors with this? Check the TROUBLESHOOTING section
at the end.
DEBs:
You should be able to just double-click the .deb file to install it.
This assumes you have permissions to install programs, of course. Your
package manager should grab any necessary dependencies.
By the commandline, you can do this:
# dpkg -i clamtk-*.deb
To remove clamtk:
# dpkg --purge clamtk
6. Running ClamTk
a. Upon startup (versions >= 4.00), the user is prompted with a
choice: maintain and update his/her own signatures ('single-user')
or use those on the system ('shared'). The system signatures
are typically held under /var/lib/clamav or /var/clamav.
If 'single-user' is selected, ClamTk will search for existing
signatures and copy them over. This will save bandwidth and time.
Beginning with version 4.23, ClamTk will automatically
search for signatures if you do not have them set already.
This way ClamTk should work right out of the box, with no
prompting.
b. Consider the extra scanning options
By selecting "Save a Log", you can opt to save a log of your
scanning.
Select "Scan Hidden" to scan those files beginning with a ".".
Select "Recursive" to scan all files and directories within
a directory.
The "Thorough" option enables the ability to scan for
PUA's, or Potentially Unwanted Applications as well as
broken executables.
By default, ClamTk will avoid scanning files larger than 20MB.
To force scanning of these files, check the "Scan files
larger than 20 MB" box.
Note: The automatic "Delete" and "Quarantine" options have
been removed. After scanning, you can still right-click on the
file and take actions from there. Be warned that once a file
has been deleted, it is gone. There is no recycle bin.
c. Information on items quarantined is available under the
"Quarantine" option. "Status" will quickly inform you of the
number of files you have quarantined. "Maintenance" will
allow you to delete quarantined files or, if you believe there
is a false positive contained, you can easily move it back to
your home directory. You may also empty your quarantine folder
with the "Empty Quarantine Folder" options as well.
d. Scan a file by either clicking the File icon or selecting the
option under "Scan".
e. Scan a directory by either clicking the icon or going under
"Scan". Also available is the recursive scan, which
will descend to all directories within the selected directory.
f. You can STOP the scan by clicking the stop button located on the
gui toolbar (red circle with the white X). Note that due to the
speed of the scanning, it may not stop immediately; it will
continue scanning and displaying files it has already "read"
until the stop catches up.
g. Occasionally, you may wish to have certain options set for
certain scans. Under Advanced, select Preferences (or click
Ctrl-P. Here you can also set Startup Preferences as well as
directories for whitelisting (to not be scanned, that is).
h. You can also conduct scans of your Home drive easily by clicking
the icon or using the option under "Scan".
NOTE: ClamTk no longer follows symlinks.
7. Commandline
ClamTk can run from the commandline, too:
$ clamtk file_to_be_scanned
or
$ clamtk directory_to_be_scanned
However, the main reason for the commandline option (however basic) is
to allow for right-click scanning within your file manager (e.g., Nautilus
or Dolphin). If you want more extensive commandline options, it is
recommended that you use the clamscan binary itself. (Type
"man clamscan" at the commandline.) Or, if you know of something useful,
let me know and I can add it as an option.
8. Afterwards
If you've opted to save the results, you can view and delete them by
selecting the "Manage Histories" option under "View".
Clear away the output by clicking the clear icon (looks like a broom) on the
gui toolbar, or select "Clear Output" under "View".
You also have a few options with the files displayed. Click on the file
scanned to select it, then right-click: you should have four options there.
a. Quarantine this file: This drops the selected file into a
"quarantined" folder.
b. Delete this file: Be careful! There's no recycle bin!
c. Save As: This option is useful if, for example, you wish to
scan a file downloaded with your browser. Typically, such files
are moved off to your temp (/tmp) directory and difficult to
recover. So, use this to save it elsewhere, such as your
home directory.
d. Cancel: Cancels this menu.
9. Quarantine / Maintenance
If you've quarantined files for later examination, you have several options:
a. Check the Status (Ctrl-S, or Quarantine/Status) - Lets you know
how many (if any) files you have quarantined
b. Empty the quarantine area (Ctrl-E, or Quarantine/Empty) - Just
a reminder: there is no recycle bin! Be careful with this, and
ensure you wish to delete them.
c. Maintenance (Ctrl-M, or Quarantine/Maintenance) - Here you have
the option to delete or restore files. If ClamTk knows where the
file originally was, the file can be put back.
10. Scheduling
As of version 4.18, users can schedule antivirus signature updates
as well as daily scans. Because no cross-distro Perl module exists to
do it, this requires the "crontab" program, which is pretty standard.
While you do have the option to scan your entire computer (excluding
the /proc, /sys and /dev directories), you probably only need to
scan your home directory.
To view the results of the scheduled scan, look under "View" and
"Manage Histories".
11. Proxy settings
For those who need to set a proxy for signature updates, a "Proxy
settings" tab is available under Preferences. Most will be fine with
"No Proxy". The "Environment settings" option will look for the
http_proxy setting in %ENV. You can also set it manually with an
IP address or hostname as well as the port number.
12. Locale/Internationalization
Version 2.20 is the first ClamTk version to offer this. Have time
on your hands and want to contribute? Contact me! Also see the
Launchpad page at https://launchpad.net/clamtk .
Note that some builds do not account for other than English
languages because they have not yet updated their spec files.
A polite email to the respective maintainer may fix this.
13. Limitations/Bugs
Probably a lot. Let me know, please. Ranting on some bulletin board
somewhere on one of dozens of Linux sites will not improve things.
Let me know what you like and dislike!
One of the current issues that hopefully will be resolved is that
ClamAV rpms are not standardized. This isn't my fault (that I'm aware of),
but I feel it adds unnecessary confusion (as opposed to necessary
confusion :). Because of this, multiple builds are needed as opposed to
just one. Fortunately, Debian does not appear to suffer from this.
14. Contact
For feature requests or bugs, it's best to email me. You can also go
to the Sourceforge project page and submit requests/problems there
(http://sourceforge.net/projects/clamtk).
15. Other
As of version 3.10, ClamTk will not scan standard mail directories,
such as .evolution, .mozilla or .thunderbird. This is due to parsing
problems. If I come up with a smart way of doing that, it will be added.
It will probably have to wait until version 5.x.
Note that "delete" and "quarantine" options have been disabled if
scanning involves the directories "/proc", "/dev", or "/sys". Let
me know if you have suggestions on better or other ways of dealing
with that, or if there are other directories that should be avoided.
Also, please note that version numbers mean absolutely nothing. There
is no rhyme or reason to odd or even numbers, so an odd number does not
mean "unstable". A new version means it goes up 1. Or .01, whichever.
Because I changed from Tk to Gtk2 I did move the major version number up
significantly, but that was just to keep them separate.
The version 3.x series became 4.x when there was a major change in
the packaging and processes.
Just pointing it out.
16. Troubleshooting
* Are your signatures up to date, but ClamTk says they're not?
You probably have more than one virus signature directory. See below
answer for finding signatures.
* If you are getting an error that ClamTk cannot find your signatures:
ClamTk is trying to find its virus definitions. Typically these are
held under /var/lib/clamav or /var/clamav or ... If you are sure these
files exist, please find their location and send it to me.
Try the following to determine their location:
1. find /var -name "daily.cvd" -print
2. find /var -name "daily.cld" -print
Yes, there are three variations on the definitions...
* Are you using the source and you see something like this:
Can't locate Foo/Bar.pm in @INC... (etc, etc).
This means you are missing some of the dependencies. Try to find
the dependency through your distribution's repositories, or simply
go to http://search.cpan.org. I recommend trying your distro's repo
first. It's more than likely your distribution already packages these
for easy installation. Depending on your distro, you will likely
use "yum" or "apt" or some "Update Manager" and the like.
17. Thanks to...
* Everyone who has contributed in one way or another to ClamTk -
including language assistance and bug notifications
* Dag, without whom rpms would likely not currently exist
* Muppet and the gtk2-perl folks for their time and effort
* Perlmonks.org for helping me to learn Perl (and continuing
to do so on a daily basis!)
* Ksnapshot for making snapshot-taking very easy
18. Contributors
Many people have contributed their free time, energy, opinions,
recommendations and expertise to this software.
Please see http://clamtk.sf.net/credits.html for a complete listing.
19. Contact
email : dave.nerd AT gmail DOT com
jabber: dave-m AT jabber DOT org
|
