====== ClamAV Desktop Popup notification from on-access-scanner ======

You can set up a visual confirmation with option to delete an infected file doing the following:
1. create a new script:

<code>
sudo gedit /opt/clamdazer
</code>

2. copy and paste to /opt/clamdazer:

<code bash /opt/clamdazer>
#!/bin/sh
#Clamdazer script by Gabor Igloi (2005) GPL

v=`tail -n 1 /var/log/clamav/clamav.log`
v=${v#*: }
v=${v%:*}

f=${v##*/}

zenity --title ClamDazer --warning --text '"'"$f"$'" CONTAINS A VIRUS!\n[ '"$1"$' ]\nWould you like to delete it?'

if [ $? -eq 0 ]; then
    rm $v
    zenity --title ClamDazer --info --text '"'"$f"$'"\nRemoved successfully!'
fi
</code>

3. making it executable

<code>
sudo chmod a+x /opt/clamdazer
</code>

4. finally add VirusEvent option to /etc/clamav/clamd.conf

<code>
sudo gedit /etc/clamav/clamd.conf
</code>

Add this line to the end of clamd.conf:

<code>
VirusEvent /opt/clamdazer %v &
</code>

5. Don't forget to restart clamav-daemon by "sudo invoke-rc.d clamav-daemon restart"

Now you'll get a warning dialog every time you click on an infected file/archive and you can delete it easily.

You can grab the "eicar" test virus (no malicious code, just for testing) from here:
[[http://www.eicar.org/anti_virus_test_file.htm|http://www.eicar.org/anti_virus_test_file.htm]]

You can also try it with real-life (!) viruses from here:
[[http://vx.netlux.org/vl.php|http://vx.netlux.org/vl.php]]