[clamav-users] On access scan: OnAccessIncludePath not recursive?
Steven Morgan
smorgan at sourcefire.com
Tue Feb 11 00:02:57 UTC 2014
Sandro,
Yes, that is a reasonable expectation. From reviewing the code
(clamd/fan.c), the current use of fanotify will not recurse into
sub-directories. There is a way to specify fanotify for a mount point
including sub-directories(FAN_MARK_MOUNT), but that appears to be
unimplemented at present.
Thanks,
Steve
On Sat, Feb 8, 2014 at 3:40 PM, Sandro Poppi <spoppi at gmx.net> wrote:
> Hi,
>
> I'm running ClamAV 0.98.1 on Fedora linux 19. I wonder if the
> OnAccessIncludePath directive is recursive or not? My expectation is
> that when I add eg.
>
> ScanOnAccess yes
> OnAccessIncludePath /home
>
> and a virus (eg. eicar.com) is stored in /home/user1/tmp/eicar/eicar.com
> and accessed with vi, cp, gedit ... clamd should find it which it
> currently does not. When I directly add
>
> OnAccessIncludePath /home/user1/tmp/eicar
>
> clamd finds it though. The same is true when running clamdscan. Do I
> really need to add all directories I want to scan to
> OnAccessIncludePath? Or am I simply missing another option? Could this
> be fanotify issue?
>
> Thanks in advance,
> Sandro
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
More information about the clamav-users
mailing list