[clamav-users] ScanOnAccess issue when clamd launched from systemd

Virgo Pärna virgo.parna at mail.ee
Thu May 5 06:07:44 EDT 2016


On Thu, 5 May 2016 09:50:03 +0000, Mikko Caldara <Mikko.Caldara at fca.org.uk> wrote:
> Not sure if it's related, but when I launch clamd *without* systemd and then try to access an "infected" file, 2 problems occur:
>
> - clamd does not prevent access, despite having the option enabled
> - clamd goes into an infinite loop and hogs the CPU:
>
> Thu May  5 09:42:20 2016 -> ScanOnAccess: /etc/suricata/rules/emerging-activex.rules: Win.Trojan.cve_2011_2657-1(30e2f8e333f1624bb5ab66bed16eb110:274398) FOUND
> Thu May  5 09:42:20 2016 -> ScanOnAccess: /tmp/clamav-326fdcae0616839f918d7b703a8e513b.tmp/nocomment.html (deleted): Win.Trojan.cve_2011_2657-1(d361373a52eb4e0cfcb1fd4783700152:273785) FOUND


	Looks like it is also scanning temporary files created turing
the scanning. Could you set OnAccessExlcudeUID to clamd user id? 

-- 
Virgo Pärna 
virgo.parna at mail.ee




More information about the clamav-users mailing list