selecting and deleting multiple viruses in one go.

[GoogleCodeExporter]

Please suggest a way to delete detected viruses when multiple viruses are 
found, selecting and deleting each one is very tedious when (sometimes) viruses 
are found in hundreds.

I am using Mint 17

Original issue reported on code.google.com by [email protected] on 17 Jan 2015 at 4:15

[GoogleCodeExporter]

Hi,

Be very careful quarantining and/or deleting files especially those identified 
as PUAs.  I recommend doing one of the following:

1. do *not* scan for PUAs (remove the selection from Settings)
2. get a second opinion - upload some of them to Virustotal and see what comes 
back as a result

This is actually the reason why I removed the "quarantine all" and "delete all" 
from the options - so you'd have to think about it first.

I understand that it seems like a good thing to do that, but it could be a 
mistake on a Linux system to do that.

Thanks,
Dave M

Original comment by [email protected] on 17 Jan 2015 at 9:41

[GoogleCodeExporter]

I agree. It could be dangerous to do that in Linux. But case in point is
scanning large flaah drives or non Linux partitions. It is then that the
necessity of "Delete/quarantine" all is felt. Hope you will do a rethink on
the issue.
Thanks.

Original comment by [email protected] on 19 Jan 2015 at 2:33

[GoogleCodeExporter]

Ok, I'll look at it and see if there's a smart way of doing it.

Thanks,
Dave M

Original comment by [email protected] on 20 Jan 2015 at 11:44

• Changed state: Accepted

[GoogleCodeExporter]

Sorry, one more thing if you're still there: I just caught that "non Linux 
partitions" thing you mentioned.  I *really* recommend you do *not* use this on 
anything other than Linux systems.  I don't have the resources to test that.

Original comment by [email protected] on 22 Jan 2015 at 11:48

[setherith]

How about check boxes against each item and an apply to selection button to quarantine or delete checked items?

[LarryRink]

Check boxes sounds great. I backup my entire system in the clouds and on a thumb drive. Even if you offered this feature and included a large lengthy warning in red you may help alot of us out big time.
Thanks in advance.

[dave-theunsub]

I'll have a look regarding implementation. Thanks for offering suggestions!

Thanks,
Dave M

[TinaRussell]

This is actually the reason why I removed the "quarantine all" and "delete all" from the options - so you'd have to think about it first.

I understand you mean well, but please allow the user to make this call for themselves. Even if it’s an option you have to turn on, and then verify that you know what you’re doing, it’s far better than using the software to do a multi-hour scan, and then and only then finding out that you have hundreds or thousands of items you have to quarantine one by one, with the mouse (at which point you won’t even be able to make informed decisions at all, your brain and your wrist will hurt too badly from the constant clicking and scrolling). I’m trying to help a friend with a Windows machine that’s been deliberately infected, and this process is driving me mad.

[dave-theunsub]

@TinaRussell , okay, I will look at adding something like that for 5.28.

However, see what I wrote earlier about Windows systems:
#36 (comment)

All you need is one item that the scanner thinks is bad or a PUA and bad stuff can happen. Be careful if you're using it on Windows.

[eqjjh]

I agree with the above, at least why can we not highlight multiple items and delete/quarantine en masse? Can take an incredibly long amount of time, as others have mentioned.

[Discusseded]

Hey Dave, first I wanted to say thanks so much for a great tool.

This one thing though...I just started using this and as a power user who is new to Linux I have to say that while yes, I probably am capable of breaking Linux unintentionally, I am a thinking agent that can own up to my own mistakes. I understand you want to eliminate the grief of loss, but in reality you are adding grief to the process for every single scan.

I was shocked to see that a Ctrl+A, Ctrl+Select, or Shift+Select paradigm wasn't used in this app. If that's too Windows-y, why not reinstate the * All buttons but add a dialogue box warning of the consequences and offering a way to back out and assess the threats responsibly? I presume you probably did have such a setup so I have to wonder why it was removed. Too much hate mail from dum dums who broke their OS?

Here I sit with about 50 lines that I have to go through one-by-one, click Delete, click Ok, rinse and repeat. I can't even use the up or down keys, so I have to move my mouse up to the next item, click, move down and click Delete, move back up and click Ok, move to the next item, and so on. That's 3(n) actions plus the hand-eye coordination. Please let's be reasonable about this. Empower your users, don't punish them. Ignore the dum dums, they don't deserve the attention.

Here is an idea I had off the top of my head:

Instead of the Results screen taking action at the time the buttons are clicked, why not queue up the actions the user selects and then instead of Close, there is a Next button that brings you to an Execute view which warns the files will be permanently affected, allowing you to go back to Results and change things. Approving that prompt will then take the actions.

Results screen lets you do multiple selections or select all, and the buttons would then need to be Ignore (or Keep), Quarantine, Delete, Analysis. Instead of an Action Taken column, it would be Action Chosen.

I keep editing here, but one more idea:

If you must enforce one-by-one actions, why not have Delete All or Quarantine All but then the app just queues up the list and one-by-one gives you the OK/Cancel prompt for each one? At least then it's just (n) actions instead of 3(n).

[dave-theunsub]

Hi @Discusseded ,

Thank you for the great feedback.

Older versions did have something similar where you could delete a lot (or all, I think) at once. The problem was that there were, at times, many false positives that could result in a broken/crummy state... so it was removed. I know that's not always great for everyone... but as this is a Linux tool, we have to be careful in that this type of scanning is different than on a Windows one. Most malware threats will be found in a person's home directory but people will still want to scan the entire system, and that was also where a lot of false positives came from. Rootkits were getting installed in /tmp and /dev, but it's usually advised to not scan /dev (and /proc and others) for various reasons. Also, ClamAV isn't as great for detecting rootkits - that's for rkhunter and chkrootkit, which do that.

Anyway, I'm rambling, but I do like the idea with the results though. Not sure that would make anyone change their mind but it does seem nice with a good flow.

I'll look into it.

Thanks,
Dave M