Using the ClamAV daemon to scan files placed in my Downloads directory in Gentoo Linux

In a previous post I explained how to automatically detect files placed in my Downloads directory in Linux and scan them for viruses. The method I described in that post used clamscan, the command-line anti-virus scanner of ClamAV. Now, in addition ClamAV has a daemon (a program that runs continuously in the background), clamdscan, that you can enable. So I decided to switch to using clamdscan, as its response to downloaded files is much faster because the process waiting for new files to appear in ~/Downloads/ does not have to load clamscan from disk each time a new file arrives. Anyway, if you want to monitor a download directory in Gentoo Linux (running OpenRC) by using the ClamAV daemon — which will also download virus signature database updates automatically — then the procedure to set this up is given below.

1. Install clamav if it is not installed already:

root # emerge clamav

2. Add the service to the default runlevel:

root # rc-update add clamd default

The daemon will be launched automatically next time the computer boots.

3. The first download of the virus database has to be done manually:

root # freshclam

4. Start the daemon now:

root # rc-service clamd start

5. Create the Bash script ~/monitorDownloadsGUI with the following contents:



# Get rid of old log file, if any
rm $HOME/virus-scan.log 2> /dev/null

IFS=$(echo -en "\n\b")

# Optionally, you can use shopt to avoid creating two processes due to the pipe
shopt -s lastpipe
inotifywait --quiet --monitor --event close_write,moved_to --recursive --format '%w%f' $DIR | while read FILE
# Added '--recursive' so that a directory copied into $DIR also triggers clamscan/clamdscan, although downloads
# from the Web would just be files, not directories.
     # Have to check file length is nonzero otherwise commands may be repeated
     if [ -s $FILE ]; then
          # Replace 'date >' with 'date >>' if you want to keep log file entries for previous scans.
          date > $HOME/virus-scan.log
          clamdscan --move=$HOME/virus-quarantine $FILE >> $HOME/virus-scan.log
          kdialog --title "Virus scan of $FILE" --msgbox "$(cat $HOME/virus-scan.log)"

Make it executable:

user $ chmod +x ~/monitorDownloadsGUI

6. Create the directory ~/virus-quarantine/ to store infected files pending investigation/deletion:

user $ mkdir ~/virus-quarantine

7. Install kdialog if it is not already installed:

root # emerge kdialog

8. Use ‘System Settings’ > ‘Startup and Shutdown’ > ‘Autostart’ to add the script ~/monitorDownloadsGUI to the list of script files that are automatically started each time you log in to KDE.

9. Log out then back in again, and you should see that everything is running as expected:

user $ rc-status | grep clam
 clamd                                                             [  started  ]

user $ ps -ef | grep clam | grep -v grep
clamav    1920     1  0 01:48 ?        00:00:00 /usr/sbin/clamd
clamav    1929     1  0 01:48 ?        00:00:00 /usr/bin/freshclam -d

user $ ps -ef | grep GUI | grep -v grep
fitzcarraldo      9143  8971  0 13:56 ?        00:00:00 /bin/bash /home/fitzcarraldo/.config/autostart-scripts/

10. To test, surf to and download one of the EICAR test files into your ~/Downloads/ directory. You should see a pop-up KDialog window with a message similar to the following:

Virus scan of /home/fitzcarraldo/Downloads/ — KDialog

Mon 27 Feb 14:05:26 GMT 2017
/home/fitzcarraldo/Downloads/ Eicar-Test-Signature FOUND
/home/fitzcarraldo/Downloads/ moved to ‘/home/fitzcarraldo/virus-quarantine/’

———– SCAN SUMMARY ———–
Infected files: 1
Time: 0.001 sec (0 m 0 s)

Note that the above-mentioned pop-up window may be preceded by one or more pop-up windows with an error message. I’m using the Chrome browser at the moment, but you may get a similar message if you are using another browser. Here is an example:

Virus scan of /home/fitzcarraldo/Downloads/ — KDialog ?

Mon 27 Feb 14:16:30 GMT 2017
/home/fitzcarraldo/Downloads/ Access denied. ERROR

———– SCAN SUMMARY ———–
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

Read the error message and click ‘OK’, as this is not an actual problem; it is inotifywait detecting temporary files in the ~/Downloads/ directory during the download process. With larger files sometimes several such messages are displayed, presumably because the file being downloaded is being opened and closed more than once during the downloading process. This issue does not occur if you copy or move a file into ~/Downloads/ from another directory in your installation; try it and see for yourself. Then you only get the one pop-up window with the scan result for the file you put in ~/Downloads/.

Also have a look in ~/virus-quarantine/ and you will see the EICAR test file in that directory. You can delete it if you want (it is not infected with a real virus, so does no harm).

In future be sure to read the messages in the pop-up windows before clicking ‘OK’, as they will inform you that an infected file has been moved to the quarantine directory.

That’s all there is to it. Very simple, and quite handy if you want to check quickly that files you download don’t have a malware payload. Just make sure you download all files into ~/Downloads/ or they will not be checked automatically. Also, if you are given e.g. a USB pen drive with a file on it, you can copy the file to ~/Downloads/ if you want it to be scanned for malware.

WebRTC – A viable alternative to Skype

webrtc_logoSkype for Linux 4.3 and upwards requires the use of PulseAudio, which has caused discontent amongst those Linux users who do not use PulseAudio. Although I do use PulseAudio, I recently found out about WebRTC, an API (application programming interface) for browser-based communication offering most of the functions provided by Skype, namely: voice calling, video chat, text chat, file sharing and screen sharing. The official WebRTC site states:

WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple JavaScript APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high quality, RTC applications to be developed in the browser via simple JavaScript APIs and HTML5.

WebRTC was originally released by Google but is now a draft standard of the World Wide Web Consortium, and is supported by Chrome, Firefox and Opera browsers. Several commercial Web sites offer WebRTC-based communications to fee-paying customers, but I thought I would try WebRTC by using one of the so-called ‘demo’ WebRTC pages. AppRTC is a WebRTC demo page which can be reached from a link on the official WebRTC site, but I prefer Multi-Party WebRTC Demo by TokBox which offers a more polished experience with better features. Both are free to use and viable substitutes to Skype for video chatting (one-to-one or conference).

So, how do you actually use WebRTC-based sites? Below is a quick guide to get you going.

Text and video chatting

Open the following URL in Chrome or Firefox:

Enter a Room Name that is likely to be unique. I used ‘fitzchat’ (without the quotes), but you can use any name you want.

The other party or parties can do the same thing, i.e. they enter the same Room Name as you, and you will all become connected.

Alternatively, to send an e-mail invitation to someone, click on the URL at the top of the pane on the right-hand side (which is Invite: in this example, as I chose to name the Room ‘fitzchat’). The partially visible pane at the right-hand side of the browser window will slide into full view when you click on it.

That’s all there is to it. You should see a video window showing each party, and they should see the same. Each party should also be able to hear the other parties. In the top right-hand corner of each video window is an icon (microphone for you; speaker for each of the other parties) which you can click on to mute/un-mute that party.

Click on the partially visible pane at the right-hand side of the browser window. Notice the ‘chat bar’ at the bottom where you enter commands and chat text. Read the grey instructions listed near the top of the pane:

Welcome to OpenTokRTC by TokBox
Type /nick your_name to change your name
Type /list to see list of users in the room
Type /help to see a list of commands
Type /hide to hide chat bar
Type /focus to lead the group
Type /unfocus to put everybody on equal standing

For example, to give myself a meaningful name instead of the default username Guest-0120e48c which was given to me automatically, I entered the following:

           /nick Fitz

Screen sharing

I found that screen sharing already works well in Chrome 36.0.1985.125 but is not yet supported in Firefox 31.0. It will be supported in Firefox 32 or 33, apparently, or you can already use Firefox Nightly providing you add the appropriate preferences via about:config.

To be able to share screens in Chrome, I had to perform two steps: enable a Chrome flag and install a Chrome extension. The two steps, which do not need to be repeated, are given below (see Ref. 1).

To enable screen sharing in Chrome, do the following:

  1. Open a new tab or window in Chrome.
  2. Copy the following link: chrome://flags/#enable-usermedia-screen-capture and paste it in the location bar.
  3. Click on the ‘Enable’ link below ‘Enable screen capture support in getUserMedia().’ at the very top of the screen.
  4. Click on the ‘Relaunch Now’ button at the bottom of the page to restart Chrome.

To install the screen sharing extension in Chrome, do the following:

  1. Launch Chrome and click on the Menu icon.
  2. Click on ‘Settings’.
  3. Click on ‘Extensions’.
  4. Click on ‘Get more extensions’ and search for ‘webrtc’.
  5. Download ‘WebRTC Desktop Sharing’.
  6. This places an icon to the right of the URL bar in Chrome.

To share your screen or just a window, do the following in Chrome:

  1. Click on the ‘Share Desktop’ icon to the right of the URL bar and select either ‘Screen’ or the window you wish to share.
  2. Click ‘Share’.
  3. When sharing has started in a new Chrome window, select the URL of the relevant tab in that window and send it to the other parties via the chat pane on the right-hand side of the first browser window.

To stop sharing, click on ‘Stop sharing’ and click on the ‘Share Desktop’ icon to the right of the URL bar to get it to return to displaying the ‘Share Desktop’ icon instead of the || (Pause) icon.

File sharing

I did not bother to try file sharing using WebRTC, but there are various Web sites you can use to do that. One such is ShareDrop, and googling will find others.


Chrome 36.0.1985.125 and Firefox 31.0 were used in this trial (I did not try Opera). I found that video chat worked faultlessly when both parties were using Chrome, and when both parties were using Firefox. However, when one of the parties was using Firefox and the other was using Chrome, I could not see myself in one of the video boxes in the browser window (although I could see the other party in the other video box in the browser window). Furthermore, there was a grey bar across the middle of the video images in the AppRTC demo, whereas the Multi-Party WebRTC Demo video images were normal. Other than those two issues, the experience was smooth and straightforward. My recommendation would therefore be to use Multi-Party WebRTC Demo and for all the parties to use the same browser, be it Chrome or Firefox. If you want to share your screen or a window, the logical choice at the moment would be Chrome.


1 LiveMinutes Blog – Beta Testers: How To Activate Screen Sharing!

UPDATE (January 2, 2015): Mozilla has added a button to Firefox 34 to provide account-free video chat using WebRTC. Mozilla calls this feature ‘Firefox Hello’.

I have it in Firefox 34.0.5 (I had to drag the ‘Hello’ button from ‘Customise’ | ‘Additional Tools and Features’). It works quite well. I didn’t bother creating an account; I just clicked on the ‘Email’ button to e-mail the automatically-generated URL to someone, and he clicked on the URL in the e-mail he received, which launched Firefox on his laptop and rang Firefox on my laptop. We tried both video and audio-only conversations, and both worked well. Firefox Hello is not as polished as Skype but, if Mozilla keeps working on it, they could end up with a good product.

Can Linux cope with 24 Hours of Happy?

I enjoyed Pharrell Williams’ feel-good songs in ‘Despicable Me‘ and its sequel, ‘Despicable Me 2‘. ‘Happy‘, a very catchy ditty he wrote for the sequel, also features in the World’s first 24-hour-long music video, ‘24 Hours of Happy‘, shot in and around Los Angeles and released on 21 November last year. The song is played a total of 360 times over the duration of the video, each 4-minute take featuring a different person or persons dancing (improvised) along streets, in petrol stations, through Union Station, in a church, around a school, in a moving school bus, around a supermarket, in a bowling alley, and so on. Each 4-minute performance was filmed in one take using Steadicam, and the location at the end of each take segues into the next take. You see the sun rise; you see the bright sunlight of the morning and the warm sunlight of the afternoon; you see the sun set; you see the twinkling city lights at night. The concept is simple yet brilliant.

Clips from some of the takes were used to create the 4-minute official music video for ‘Happy’, so you can watch that on YouTube to get a flavour of the takes, although it does not do justice to the full video.

Williams appears in a different take every hour on the hour, and a few other takes have celebrity cameos, but the vast majority of the participants are unknown extras of all ages, races, shapes, sizes and looks. To quote Williams talking to the Los Angeles Times: “We wanted all humanity in there, not just the model-types you might expect.” Some are good dancers, others not so good. But they all have one thing in common: they’re having fun, so they look good. The joy is infectious, and I found myself watching far longer than I would have expected, having to return to the site again and again. Half the fun is watching the bystanders.

When you open the ’24 Hours of Happy’ site, the take that was in progress at the current time of day starts playing from the beginning. However, you can drag the pointer around the clock dial and watch any take from the 24-hour period. There are also buttons you can click on to jump between takes or to jump to each take featuring Williams. The yellow on-screen controls can be made to disappear by not moving the mouse pointer for 5 seconds.

Still from 24 Hours of Happy, showing on-screen controls

Still from 24 Hours of Happy, showing on-screen controls

The Web site is well-designed and fun to use, so I was not surprised it was voted ‘Site of the Month‘ and ‘Site of the Year Users’ Choice‘ by AWWWARDS, and voted ‘Site of the Month‘ and ‘Site of the Year‘ by TheFWA.

It’s impossible to list them all, but a few of my favourite takes are:

01:36  Very perky woman with ponytail.
05:28  Jogger who has to keep pulling his shorts up!
08:24  Woman on roller skates.
09:52  Very cute little girl.
09:56  Woman with some groovy moves.
10:40  Woman in Union Station. Some of the bystanders are particularly amusing.
11:16  Man with cast on foot.
11:20  Boy with an Afro.
11:36  Three groovy old ladies.
11:44  Chubby guy with style.
12:36  Woman with some groovy moves.
13:32  Dancing couple in pink.
14:20  Two cool guys in dinner jackets inside and outside Union Station.
15:00  Pharrell Williams in a church with a gospel choir.
19:04  Woman with a lizard puppet. The lizard does the lip-synching!
19:36  Guy on stilts.
23:40  Woman with LED hula hoop (love it!).

If you want to start viewing a take made at a specific time of day, you can append the time to the URL, like so:

Obviously I think ’24 Hours of Happy’ is fabulous, but why am I discussing it in a blog predominantly about Linux? Because Firefox 27.0.1 (32-bit) running in Windows 8.1 (64-bit) on my new Acer Aspire XC-600 micro-tower PC (dual-core Intel Pentium G2030 @ 3 GHz & 3 MB cache, 4 GB DDR3 RAM) handles ’24 Hours of Happy’ at 720p with ease, but the story is very different on my main laptop running 64-bit Gentoo Linux with KDE (quad-core Intel Core i7 720QM @ 933 MHz & 6 MB cache, 4 GB DDR3 RAM). Both machines are on my home network, connected to the Internet via high-bandwidth broadband (FTTC).

On my laptop, the latest available versions of Firefox (27.0) and Opera (12.16_p1860-r1) for Gentoo, both 64-bit, do not even complete loading the ’24 Hours of Happy’ site: the black progress bar at the bottom of the home page stops about 7/8th of the way across the page and the KDE Network Monitor widget shows there is no network activity. Clearing Firefox’s Web content cache or increasing the cache’s size to 1 GB make no difference. Konqueror 4.12.2 (configured to use the WebKit browser engine rather than the KHTML engine) loads the site and plays it quite well at 720p to start with, but eventually video becomes choppy and I notice a lot of spawned kio_http processes. The KDE Network Monitor widget shows a continuous 3600 Kib/s data stream, which does not stop when I exit Konqueror. Numerous kio_http processes are spawned and remain after I exit Konqueror, and the 3600 KiB/s activity on the network only ceases when I kill all the kio_http processes. The number of spawned kio_http processes increases if I drag the pointer around the clock to select different takes, and the page just displays ‘LOADING’ ad infinitum if I do this several times. To be fair, if I do this a lot in Firefox running in Windows 8.1, I can get Firefox to stall too. I thought I’d try a lightweight browser and installed NetSurf (3.0-r1), but that couldn’t even render the title on the home page, let alone begin to load the video.

So, does ’24 Hours of Happy’ play nicely in your Linux installation? If it does, what hardware, distribution, desktop environment, browser and quality (360p, 480p, 720p or 1080p) are you using?