1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
|
README
------
(Last updated 18 August 2014)
1. Important Links
ClamTk : http://code.google.com/p/clamtk/
: https://bitbucket.org/dave_theunsub/clamtk/
: http://freshmeat.net/projects/clamtk/
: http://clamtk.sourceforge.net
ClamAV : http://www.clamav.net
Gtk2-Perl : http://gtk2-perl.sourceforge.net
Launchpad ClamTk: : https://launchpad.net/clamtk
Virustotal : https://virustotal.com
2. About
ClamTk is a frontend for ClamAV (Clam Antivirus).
It is intended to be an easy to use, light-weight, on-demand scanner
for Linux systems. It has been ported to Fedora, Debian, RedHat,
openSUSE, ALT Linux, Ubuntu, CentOS, Gentoo, Archlinux, Mandriva,
PCLinuxOS, Frugalware, FreeBSD, and others.
Although its earliest incarnations date to 2003, ClamTk was first
uploaded for distribution in 2004 to a rootshell.be account and
finally to Sourceforge.net in 2005. At the end of 2013, we moved to a
Google Code page and Bitbucket. It's now 2014 and for some reason
it's still going. Technically, February 2014 marked 10 years
of activity (of being publically available, that is).
3. GUI
ClamTk started out using the Tk libraries (thus its name). In 2005,
this was changed to perl-Gtk2 (or Gtk2-perl, whatever). The Tk version
is still available on sourceforge.net but has not been updated for
some time now and should not be used.
The plan for the 5.xx series was to use Gtk3. Unfortunately, Debian
and Ubuntu do not have a recent version of libgtk3-perl, and CentOS
does not have perl-Gtk3 at all and reportedly never will.
So, at the last second, I rewrote the 5.00 version to use Gtk2. Again.
4. Availability
I always recommend you install ClamTk from official repositories.
Check your distribution first, and always install from trusted sources.
5. Installation
RPMs:
The easiest way to install ClamTk is to use the rpms.
First, try "yum install clamtk". If this does not work,
download it and try:
# yum install clamtk*.rpm
To remove clamtk:
# yum erase clamtk
SOURCE:
Warning: Don't do this. It's much easier to just double-click
a .deb or .rpm. Really, put down the source.
The tarball contains all the sources. One way to do this on Fedora:
# mkdir -p /usr/share/perl5/vendor_perl/ClamTk
# cp lib/*.pm /usr/share/perl5/vendor_perl/ClamTk
# chmod +x clamtk
# cp clamtk /usr/local/bin (or /usr/bin)
EXAMPLES:
a. $ perl clamtk
or
b. $ chmod +x /path/to/clamtk
$ /path/to/clamtk
* Note: If you have installed this program as an rpm or .deb, you
do not need to take these steps.
* Note: Did you get errors with this? Check the TROUBLESHOOTING section
at the end.
DEBs:
You should be able to just double-click the .deb file to install it.
This assumes you have permissions to install programs, of course. Your
package manager should grab any necessary dependencies.
By the commandline, you can do this:
# dpkg -i clamtk-*.deb
To remove clamtk:
# dpkg --purge clamtk
Note that the Debian/Ubuntu builds are gpg-signed.
6. Running ClamTk
a. Beginning with version 4.23, ClamTk will automatically
search for signatures if you do not have them set already.
This way ClamTk should work right out of the box, with no
prompting.
b. Consider the extra scanning options in Settings.
Select "Scan files beginning with a dot (.*)" to scan
those files beginning with a ".". These are sometimes
referred to as "hidden" files.
Select "Scan directories recursively" to scan all files
and directories within a directory.
The "Scan for PUAs" option enables the ability
to scan for Potentially Unwanted Applications as well as
broken executables. Note that this can result in
what may be false positives.
By default, ClamTk will avoid scanning files larger than 20MB.
To force scanning of these files, check the "Scan files
larger than 20 MB" box.
You can also check for updates upon startup. This requires
an active Internet connection.
c. Information on items quarantined is available under the
"Quarantine" option. If you believe there is a false
positive contained, you can easily move it back to
your home directory. You may also delete this file(s).
Note that there is no recycle bin - once deleted, they are
gone forever.
d. Scan a file or directory by right-clicking on it within
the file manager (e.g., Nautilus).
e. You can STOP the scan by clicking the Cancel button.
Note that due to the speed of the scanning,
it may not stop immediately; it will continue scanning
and displaying files it has already "read" until the
stop catches up.
f. View previous scans by selecting "History".
g. The Update Assistant is necessary because some systems
are set up to do automatic updates, while others must
manually update them.
h. If you require specific proxy settings, select "Network".
i. As of version 5.xx, you can use the "Analysis" button to
see if a particular file is considered malicious by other
antivirus products. This uses results from Virustotal.
If you desire, you can submit a file for further review.
Please do *not* submit personal files.
j. The "Whitelist" option provides the ability to skip
specific directories during scan time. For example, you
may wish to skip directories containing music or videos.
7. Commandline
ClamTk can run from the commandline, too:
$ clamtk file_to_be_scanned
or
$ clamtk directory_to_be_scanned
However, the main reason for the commandline option (however basic) is
to allow for right-click scanning within your file manager (e.g., Nautilus
or Dolphin). If you want more extensive commandline options, it is
recommended that you use the clamscan binary itself. (Type
"man clamscan" at the commandline.) Or, if you know of something useful,
let me know and I can add it as an option.
8. Afterwards
You can view and delete scan logs by selecting the "History" option.
You also have a few options with the files displayed. Click on the file
scanned to select it, then right-click: you should have four options there.
a. Quarantine this file: This drops the selected file into a
"quarantined" folder with the executable bit removed. The
quarantine folder is held in the user's ClamTk folder
(~/.clamtk/viruses).
b. Delete this file: Be careful: There's no recycle bin!
d. Cancel: Cancels this menu.
9. Quarantine / Maintenance
If you've quarantined files for later examination, you have the option
to restore them to their previous location (if known), or delete them.
10. Locale/Internationalization
Version 2.20 is the first ClamTk version to offer this. Have time
on your hands and want to contribute? See the Launchpad page at
https://launchpad.net/clamtk .
Note that some builds do not account for other than English
languages because they have not yet updated their build/spec files.
A polite email to the respective maintainer may fix this.
11. Limitations/Bugs
Probably a lot. Let me know, please. Ranting on some bulletin board
somewhere on one of dozens of Linux sites will not improve things.
Let me know what you like and dislike!
One of the current issues that hopefully will be resolved is that
ClamAV rpms are not standardized. This isn't my fault (that I'm aware of),
but I feel it adds unnecessary confusion (as opposed to necessary
confusion :). Because of this, multiple builds are needed as opposed to
just one. Fortunately, Debian does not appear to suffer from this.
Also, some distributions require you to manually delete certain
malware - such as the (un)popular right-to-left override stuff.
12. Contact
For feature requests or bugs, it's best to email me. You can also go
to the Launchpad project page listed above and submit requests/problems there.
13. Other
As of version 3.10, ClamTk will not scan standard mail directories,
such as .evolution, .mozilla or .thunderbird. This is due to parsing
problems. If I come up with a smart way of doing that, it will be added.
Also, please note that version numbers mean absolutely nothing. There
is no rhyme or reason to odd or even numbers, so an odd number does not
mean "unstable". A new version means it goes up 1 (or, rather, .01).
Because I changed from Tk to Gtk2 I did move the major version number up
significantly, but that was just to keep them separate.
The version 3.xx series became 4.xx when there was a major change in
the packaging and processes. As stated, 5.xx was supposed to be
the jump from Gtk2 -> Gtk3. Still, enough changed that it warranted
the 5.xx series.
Just pointing it out.
14. Troubleshooting
* Are your signatures up to date, but ClamTk says they're not?
You probably have more than one virus signature directory. See below
answer for finding signatures.
* If you are getting an error that ClamTk cannot find your signatures:
ClamTk is trying to find its virus definitions. Typically these are
held under /var/lib/clamav or /var/clamav or ... If you are sure these
files exist, please find their location and send it to me.
Try the following to determine their location:
1. find /var -name "daily.cvd" -print
2. find /var -name "daily.cld" -print
* Are you using the source and you see something like this:
Can't locate Foo/Bar.pm in @INC... (etc, etc).
This means you are missing some of the dependencies. Try to find
the dependency through your distribution's repositories, or simply
go to http://search.cpan.org. I recommend trying your distro's repo
first. It's more than likely your distribution already packages these
for easy installation. Depending on your distro, you will likely
use "yum" or "apt" or some "Update Manager" and the like.
15. Thanks to...
* Everyone who has contributed in one way or another to ClamTk -
including language files, bug notifications, and
feature requests
* Dag, without whom rpms would likely not currently exist
* All the gtk2-perl and gtk3-perl folks for their time and effort
* Perlmonks.org for helping me learn the wonderful Perl language -
and continuing to do so on a daily basis!
* Ksnapshot for making snapshot-taking very easy
16. Contributors
Many people have contributed their time, energy, opinions,
recommendations, and expertise to this software. I cannot thank
them enough. Their names are listed on the ClamTk website.
17. Direct contact
email : dave.nerd AT gmail DOT com
|
