KlamAV"> ]> The &klamav; Handbook Philippe Mavridis
mavridisf@gmail.com
Robert Hogan
robert@roberthogan.net
Original Developer
2020 2021 The Trinity Desktop project &FDLNotice; 2021-03-04 &klamav_version; &klamav; is a sophisticated anti-virus manager for ClamAV. KDE KlamAV ClamAV Freshklam Klamonacc anti-virus
Introduction &klamav; is an anti-virus manager for the Trinity Desktop Environment. It is an advanced front-end to the Clam Anti-Virus toolkit with a lot of useful features: scan scheduling, on-access scanning, KMail protection, quarantine management, automatic database updates and even a Virus Browser to do your virus research. The main window of &klamav; Using &klamav; The main window of &klamav; consists of tabs. Each tab has its own function and most of them can be closed if the user does not need them. Closing a tab disables it. This means that the next time &klamav; starts up, this tab will remain closed. You can close a tab either from its right-click context menu or through the Tabs menu on the top. You can use this menu to re-open any tabs you closed. Welcome tab This is probably the first tab that the user sees when they launch &klamav;. It includes an overview of the &klamav; features. This tab has no useful functionality yet, so it can be safely disabled. Scan tab This tab contains the scan manager. From here you can launch and control any of your &klamav; scans. This tab cannot be closed. By default the manager only contains the tab "Launcher". New scans and their results are shown in their own separate tabs. These tabs can be managed in the same fashion as the tabs of the main window. In the "Launcher" tab you can set the directories you want to scan and control some scanning options. You can select what to do when a virus or a suspicious file is found. The default is to ask you whether you want to put that file in quarantine or not. Checking the "Scan Folders Recursively" checkbox enables scanning of the selected folders' subdirectories. The "Schedule" button permits to schedule a scan on the selected directories on a specific schedule. The "Options" button launches the general Options dialog. This option is also accessible from the Scanner menu. The three buttons on the top right (Scan, Stop and Close) control scans. When you choose the directories you want and press "Scan", a new tab will be created in which you can see the progress of the scan and, when the scan ends, its results. You can run several scans simultaneously (although this might have an effect on the system's performance). If you want to end a scan before it completes, use the "Stop" button. Closing the tab also terminates the associated scan. You cannot close &klamav; while at least one scan is active. Update tab This tab permits you to keep your signature databases up-to-date. You can control all the options related to database updates from this tab. This tab cannot be closed. You cannot close &klamav; while this feature is active. In the Virus Database Directory section you can set the folder where you want your personal copy of ClamAV's signature databases stored. It must be a folder you have access to. The next section permits you to set up Proxy information for use with Freshklam. Checking the "Update Virus Database Automatically" checkbox enables auto-updates for this user. You can set how many times a day you want Freshklam to check for updates. The buttons "Update" and "Cancel" allow you to start/stop the update process manually. Quarantine tab This tab permits you to see which files have been quarantined by &klamav;, delete them or restore them. The Quarantine Directory section allows you to set the folder where you want quarantined suspicious files to be stored. It must be a folder you have access to. The stored files lose their original permission information. The "Contents of Quarantine" section lists the files which are currently stored in the Quarantine directory. To see the latest additions you might need to refresh this list, by pressing the "Refresh" button. You can use the "Restore" and "Delete" buttons to decide on the fate of the quarantined files. The "Quarantine History" section lists the names of files which have once been quarantined, but which you have since chosen to delete. Virus Browser tab This tab contains the Virus Browser, a tool which allows you to search for information related to any virus in the ClamAV signature databases on the Internet. As the Virus Browser deals with a big amount of virus signatures, extracting them may take some time. Thus, this tab may take a lot of time to load on an average machine. The left panel contains the name of every virus known to ClamAV, in alphabetical order, while the right panel contains an embedded web-browser. The web-browser has tabs, so you can inspect mulitple viruses at once. Common web-browser actions, like "Back" and "Forward" buttons, are accessible from the right-click context menu. The web-browser's tabs can be managed in the same fashion as the tabs of the main window. To inspect a virus, right-click on its name and select a search engine. The same right-click menu is also accessible from both scan results in the "Scan" tab and the Quarantine tab. In this case, the Virus Browser tab is automatically shown. Events tab This tab contains the a detailed event log for &klamav; and its related parts (Freshklam, KlamOnAcc). You can filter entries by specifying event type and time span from the drop-down menus. You can also search through the events by using the search box above the list. You can configure the events which are written to the events log in the Options dialog. By pressing the "Options" button, the corresponding section of this dialog will be shown. Commands Reference The <guimenu>Scanner</guimenu> Menu &Ctrl;O Scanner Scan File... Open a file to scan with &klamav;. Scanner Scan Directory... Open a directory to scan with &klamav;. Scanner Schedule scan... Schedule a repeated scan at a specified time. Scanner Options... Launch the Options dialog. Scanner Quit Close &klamav;. The <guimenu>Tabs</guimenu> Menu Tabs Show Welcome tab Show/hide the Welcome tab. Tabs Show Quarantine tab Show/hide the Quarantine tab. Tabs Show Virus Browser tab Show/hide the Virus Browser tab. Tabs Show Events tab Show/hide the Events tab. The <guimenu>Help</guimenu> Menu F1 Help The &klamav; Handbook Invokes the TDE Help System starting at the &klamav; help pages (this document). Help Report Bug/Request Enhancement... Opens the Bug report dialog where you can report a bug or request a “wishlist” feature. Help Switch Application Language... Select the language which &klamav; will use. Help About &klamav; This will display version and author information. Help About TDE This displays the TDE version and other basic information. Options dialog The Options dialog contains important settings which affect different aspects of &klamav;. The Options dialog The Backend section Here you can select the backend that &klamav; will use for its scans. Two backends are available. The default option is "Standalone scanner", which uses the 'clamscan' command to scan files and directories. It has the advantage of being the most simple one to set up and the most customizable option of the two. The other option is "ClamAV daemon", which uses the 'clamdscan' and the 'clamd' daemon to scan files and directories. It depends on a running 'clamd' daemon, but the scans overall start faster, as the virus signatures have already been loaded by the ClamAV daemon. When using this option, most settings depend on the configuration of the daemon and thus cannot be configured through &klamav;. The Multiscan feature (available when "ClamAV daemon" is set as backend) makes clamd scan the contents of a directory in parallel using available threads. The Archives section Here you can configure everything related to scanning archive files. You can disable scanning of archives by unchecking the "Scan Archives" checkbox. According to ClamAV's documentation: "If you turn off this option, the original files will still be scanned, but without unpacking and additional processing". In the "Archive Limits" section you can impose some custom limits on archive scanning. Limits can be imposed on extracted file count, file size and archive recursion level. The E-Mail Protection section Here you can configure your e-mail client to scan incoming and outgoing files with Klammail. Currently available clients are KMail and Evolution (untested). You choose the preferred e-mail client from the drop-down list. Then, you can press the "Tell me how to do it" button to get the appropriate instructions. For KMail, you can also press the "Configure Automatically" button to let &klamav; do it for you. The File Types section Here you can configure how different types of files will be treated by &klamav;. The "Exclude Quarantine Directory" option is on by default. You might want to keep this option on in order to prevent false positives. Options marked red are related to how &klamav; handles suspicious files and detected viruses. All the other options enable/disable additional parsing of each file type. As the documentation has it, the original files are still scanned, but without decoding and additional processing. The On-Access Scanner section This sections allows you to configure your on-access file scanner. Currently, this feature is experimental and may cause freezes and considerably lower performance. Use with care. You cannot close &klamav; while the on-access scanner is active. You can enable this feature using the "Enable On-Access Scanner" checkbox. This feature depends on a running instance of the ClamAV daemon, 'clamd' (but not on the chosen scanning backend). The on-access scanner scans files as soon as you or the system access them. If a suspicious file is detected, then access to the file is prevented. Extra checks can be enabled by checking the "Scan Files/Directories When They Are Created or Moved" checkbox. The "Exclude TDE Configuration Directory" is currently unavailable due to a possible bug in ClamAV. You can set a limit on the size of scanned files by setting a value for the "Max File Size" field. Before you can enable the on-access scanner, you should set the directories which &klamav; will watch for activity. To do this, press the "Set up Directories to Watch" button. After you have enabled on-access scanning, you can start/stop the scanner daemon manually through the system tray icon of &klamav;. The Event Logging section Here you can configure how the event logging feature works. You can change the amount of days &klamav; will wait in order to purge old entries from its log by setting the "Expire events after..." field to a value of your preference. You can also configure the events that &klamav; will keep track of and log by checking/unchecking the appropriate checkboxes. System Tray Icon The system tray icon indicates the state of &klamav; and allows you to start/stop some &klamav; services, notably Auto-Updates and On-Access Scanner (this might be useful when you want to quit &klamav; while one of these features is active). means that &klamav; is open and the on-access scanner is inactive. means that the on-access scanner is active. means that one or more scans are active. means that a scan has finished and no threats have been found. means that a scan has finished and some viruses or suspicious files have been detected. means that some detected files are being put into quarantine. means that an error has occured. means that there is a newer version of ClamAV and you should update. Credits and License &klamav; &klamav_version; Program copyright 2004-2006 Robert Hogan robert@roberthogan.net and 2020-2021 The Trinity Desktop project Documentation copyright 2021 Mavridis Philippe mavridisf@gmail.com Icons by Maarten van Gent (since version 0.45) &underFDL; &underGPL; &documentation.index;