[clamav-users] block access to file using scan on access option

Mickey Sola msola at sourcefire.com
Wed Aug 12 11:35:53 EDT 2015


Hi Kamil,

Unfortunately, the current version of on-access scanning is limited to
non-recursive detection during access attempts--not prevention. This is due
to particularities in how clamd leverages fanotify (and partially due to
limitations from fanotify itself).

Work is being done to flesh out the on-access scanner into something a bit
more robust and all-around useful. In that regard, if you have any features
you'd like to see in the on-access scanner, now's the best time to make a
request.

- Mickey

On Mon, Aug 10, 2015 at 6:05 AM, Steve Basford <
steveb_clamav at sanesecurity.com> wrote:

>
> On Mon, August 10, 2015 10:58 am, kamil kapturkiewicz wrote:
> > Hi,
> > I am trying to configure Scan On Access with ProFTPD server to block
> > acccess to file (not only mark as FOUND):
>
> Not my area but Found this from an archive...
>
> ----------
> You could write a virusevent script, put VirusEvent /path/to/yourscript in
> clamd.conf, and in yourscript:
>
> #!/bin/sh
> /usr/bin/logger -t clamd -p local1.alert "$CLAM_VIRUSEVENT_FILENAME:
> $CLAM_VIRUSEVENT_VIRUSNAME FOUND"
>
> ---------
>
> So, maybe VirusEvent with a move filename ??
>
> Cheers,
>
> Steve
> Web : sanesecurity.com
> Blog: sanesecurity.blogspot.com
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list