clamtk possible corruption issues

[musicgarryj]

On several occasions my ClamTK on xubuntu has stopped downloading updates or the settings have been mysteriously changed. I have tried deleting and reinstalling ClamTK but found that after removal several ClamTK-related directories/files remained in the xubuntu file system. Some of these could be manually deleted but two cannot..they are "permission denied". Firstly, is there any legitimate reason why any Clam TK files should remain after removal? Secondly, why should some be locked and others not? The two current locked directories are both called "clamav" and are in the following locations: /Desktop/clamav /Desktop/lib/clamav File names are: onerrorexecute.d onupdateexecute.d freshclam.conf bytecode.cld daily.cld main.cvd mirrors.dat

The last for are "Unknown Files" and not readable. Any help with this would be greatly appreciated. My knowledge on this is very limited and I am learning as I go along. Are these directories//files legit or not?

Many thanks.

[dave-theunsub]

Hi,

I don't think any ClamTk directories should exist other than a "personal" one - that is, if you like downloading updates yourself rather than the system doing it, ClamTk will create a "~/.clamtk" folder. But that's it. I'm not sure why you would have a clamav (or two) folder(s) under your desktop. Did you do a manual installation or something?

Also, ClamTk does not use the onerrorexecute.d or onupdateexecute.d files. They may be associated with ClamAV, though. The last five you list may be associated with ClamTk but only if they're found in your "personal" clamtk folder (~/.clamtk).

Which directories are you trying to remove where you're getting "permission denied"? If they're anywhere other than your home directory, you're going to need root (or sudo) to remove them. I'd try to use a package manager first, or at least try to figure out how they were installed.

Also, can you elaborate on the "settings have mysteriously changed" part? Do you mean your "~/.clamtk/prefs" file?

respectfully Dave M

[musicgarryj]

Thanks for replying! Sorry...those folders are only linked on my desktop so I can easily find them. No manual installations or anything like that! The correct locations are: /etc/clamav and /var/lib/clamav The last five files ARE also in my personal clamTK folder, in a sub folder called "db" /etc/clamav and /var/lib/clamav are both permission denied. sudo doesn't remove them... I've tried, although I am not knowledgable enough to try anything else. The point is, why should they be permission denied at all and why should they remain after ClamTK has been removed? Both these things indicate to me that something is not legit. "Settings mysteriously changed" are the settings option in the Configuration section at the top of the ClamTK virus scanner page....scan for PUAs, scan for directories recursively....etc. All or some suddenly get left blank/un-ticked....not by me. I had similar problems when using Windows..... anti-virus programs stopping working or settings being altered by possible Trojans or whatever.... that's why I switched to the supposedly safer Linux!

Any further light you could shed on this would be very welcome..... such as any other way of removing the locked folders.... but I need it explaining as if you were talking to a very slow learning three year old!

[dave-theunsub]

Hi,

I'm not sure why you can't delete those folders if you use sudo. Sometimes they are left in place because they contain files which could be important, but this wouldn't stop root from deleting them.

Also, the directories you're referring to are owned by ClamAV, not ClamTk; therefore, removing ClamTk will not remove those. ClamTk is just a GUI while ClamAV is the actual antivirus program.

Two things:

1. Open a terminal window and type "clamtk" (no quotes) and hit enter. Try using the program like you normally would for scans, but ensure you change the settings. Sometimes error messages show up in the terminal window, so please pass those along if you see anything.
2. See what permissions your personal directory has. Type "ls -ld ~/.clamtk" and send the output, and type "ls -l ~/.clamtk". We'll see if there are permissions issues.

respectfully Dave M

[dave-theunsub]

Closing for now - open a new ticket if you still have issues.

Thanks!