[clamav-users] Odp: Re: scan on access block when found.
kamil kapturkiewicz
horizn at wp.pl
Thu Feb 25 16:08:54 UTC 2016
Dnia Czwartek, 25 Lutego 2016 16:53 Mickey Sola <msola at sourcefire.com> napisał(a)
> Hi Kamil,
>
> A few things: what OS and kernel version are you using? what are the
> results of opening the eicar file with vi (or your editor of choice)? are
> /home/ and or /var/ftp/ mount points? if so, are there symlinks within
> those directory hierarchies? is your kernel configured with
> CONFIG_FANOTIFY_ACCESS_PERMISSIONS?
>
> Also, extra scanning won't work without DDD since it's piggyback's off of
> the inotify events caught by that system (events which otherwise aren't
> caught by fanotify).
>
> - Mickey
>
1. Debian Jessie 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux
2. I Can open eicar file without any problems.
3. System is installed on single / partition.
4. cat /boot/config-3.16.0-4-amd64 | grep FANOTIFY
CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
so I presume, SoA will not work with this kernel.
More information about the clamav-users
mailing list