[clamav-users] OnAccessScan doesn't prevent Access
vamp898
vamp898 at ignaz.org
Thu Nov 8 10:54:38 UTC 2018
Am 2018-11-08 11:37, schrieb vamp898:
> Am 2018-11-08 10:39, schrieb Andreas Schulze:
>> Am 08.11.18 um 10:25 schrieb vamp898:
>>> This is how the logs looks like when i do this
>>>
>>> Thu Nov 8 10:13:51 2018 -> ScanOnAccess: notifying only for access
>>> attempts.
>>> Thu Nov 8 10:13:51 2018 -> ScanOnAccess: Protecting
>>> '/var/www/localhost/htdocs/nextcloud/data' and rest of mount.
>>> Thu Nov 8 10:13:51 2018 -> ScanOnAccess: Max file size limited to
>>> 52428800 bytes
>>> Thu Nov 8 10:15:09 2018 -> ScanOnAccess:
>>> /var/www/localhost/htdocs/nextcloud-14.0.3/data/administrator/files/eicar.com:
>>> Eicar-Test-Signature FOUND
>>>
>>> Any help highly appriciated =)
>>
>> looks like a bug:
>> https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/clamd/onaccess_fan.c#L155
>>
>> the second condition should not be negated for my feeling.
> Dear Mr. Schulze,
>
> thank you for your email.
>
> Eeeyup, looks like a bug for me too. Maybe someone had one to many
> beer writing that part of the code :P
>
> Am i supposed to open the bug report or would/could you do that? (I
> dont have an account or something).
>
> If not, please feel free to tell me and i will registert myself there.
>
>
>
> Best Regards
>
> Former Avira Employee who exclusively supported DATEV back then when
> they had Webgate :P
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
For the reference, i also tested the following
OnAccessMaxFileSize 50M
OnAccessIncludePath /var/www/localhost/htdocs/nextcloud/data
OnAccessDisableDDD yes
OnAccessPrevention yes
And the log looks different
Thu Nov 8 11:52:27 2018 -> ScanOnAccess: preventing access attempts on
malicious files.
Thu Nov 8 11:52:27 2018 -> ScanOnAccess: Protecting directory
'/var/www/localhost/htdocs/nextcloud/data'
Thu Nov 8 11:52:27 2018 -> ScanOnAccess: Max file size limited to
52428800 bytes
but there is still full access to this file, it no longer gets detected
at all.
More information about the clamav-users
mailing list