[clamav-users] block access to file using scan on access option

kamil kapturkiewicz horizn at wp.pl
Mon Aug 10 05:58:35 EDT 2015


Hi,
I am trying to configure Scan On Access with ProFTPD server to block acccess to file (not only mark as FOUND):

Mon Aug 10 10:09:35 2015 -> ScanOnAccess: /home/xyz/eicar.txt: {HEX}EICAR.TEST.UNOFFICIAL(69630e4574ec6798239b091cda43dca0:69) FOUND
Mon Aug 10 10:09:39 2015 -> ScanOnAccess: /home/xyz/Revelation.exe: SecuriteInfo.com.W32.HackTool.BUS.5819.UNOFFICIAL(5fbc923249818c4b0489b85c1abf0357:69632) FOUND
Mon Aug 10 10:09:44 2015 -> ScanOnAccess: /home/xyz/Revelation.exe: SecuriteInfo.com.W32.HackTool.BUS.5819.UNOFFICIAL(5fbc923249818c4b0489b85c1abf0357:69632) FOUND

For some reason I am able to upload infected files to server and above log entries appear only during access (download, view), even not during delete.

I can live with that if it is only possible to detect during downloading from FTP or opening, but I would like to able block access to file if something is detected.

clamav.conf:

ScanOnAccess true
OnAccessMaxFileSize 50M
#OnAccessIncludePath /var/ftp
OnAccessIncludePath /home/xyz
OnAccessExcludeUID 0







More information about the clamav-users mailing list