[clamav-users] block access to file using scan on access option
msola at sourcefire.com
Wed Aug 12 11:35:53 EDT 2015
Unfortunately, the current version of on-access scanning is limited to
non-recursive detection during access attempts--not prevention. This is due
to particularities in how clamd leverages fanotify (and partially due to
limitations from fanotify itself).
Work is being done to flesh out the on-access scanner into something a bit
more robust and all-around useful. In that regard, if you have any features
you'd like to see in the on-access scanner, now's the best time to make a
On Mon, Aug 10, 2015 at 6:05 AM, Steve Basford <
steveb_clamav at sanesecurity.com> wrote:
> On Mon, August 10, 2015 10:58 am, kamil kapturkiewicz wrote:
> > Hi,
> > I am trying to configure Scan On Access with ProFTPD server to block
> > acccess to file (not only mark as FOUND):
> Not my area but Found this from an archive...
> You could write a virusevent script, put VirusEvent /path/to/yourscript in
> clamd.conf, and in yourscript:
> /usr/bin/logger -t clamd -p local1.alert "$CLAM_VIRUSEVENT_FILENAME:
> $CLAM_VIRUSEVENT_VIRUSNAME FOUND"
> So, maybe VirusEvent with a move filename ??
> Web : sanesecurity.com
> Blog: sanesecurity.blogspot.com
> Help us build a comprehensive ClamAV guide:
More information about the clamav-users