[Clamav-devel] OnAccessIncludePath Patch

Grant Williamson traxtopel at gmail.com
Sat Dec 20 04:03:15 EST 2014


The following patch allows a whole mount point to be scanned.
i.e.
set "OnAccessIncludePath /" and your whole drive will be scanned, kind of
like real time scanning.

--- clamav-0.98.5.orig/clamd/fan.c    2014-11-13 17:30:35.000000000 -0500
+++ clamav-0.98.5/clamd/fan.c    2014-12-20 03:35:56.295882036 -0500
@@ -94,7 +94,14 @@
     short int scan;
     int sizelimit = 0, extinfo;
     STATBUF sb;
-        uint64_t fan_mask = FAN_ACCESS | FAN_EVENT_ON_CHILD;
+        uint64_t fan_mask =
+        (FAN_ACCESS |         /* File accessed */
+        FAN_MODIFY |         /* File modified */
+        FAN_CLOSE_WRITE |    /* Writtable file closed */
+        FAN_CLOSE_NOWRITE |  /* Unwrittable file closed */
+        FAN_OPEN |           /* File was opened */
+        FAN_ONDIR |          /* We want to be reported of events in the
directory */
+        FAN_EVENT_ON_CHILD); /* We want to be reported of events in files
of the directory */
     int fan_fd;
         fd_set rfds;
     char buf[4096];
@@ -132,7 +139,7 @@

     if((pt = optget(tharg->opts, "OnAccessIncludePath"))->enabled) {
     while(pt) {
-        if(fanotify_mark(fan_fd, FAN_MARK_ADD, fan_mask, fan_fd,
pt->strarg) != 0) {
+        if(fanotify_mark(fan_fd, FAN_MARK_ADD|FAN_MARK_MOUNT, fan_mask,
fan_fd, pt->strarg) != 0) {
         logg("!ScanOnAccess: Can't include path '%s'\n", pt->strarg);
         return NULL;
         } else


More information about the clamav-devel mailing list