[clamav-users] OnAccessScan doesn't prevent Access

vamp898 vamp898 at ignaz.org
Thu Nov 8 10:54:38 UTC 2018


Am 2018-11-08 11:37, schrieb vamp898:
> Am 2018-11-08 10:39, schrieb Andreas Schulze:
>> Am 08.11.18 um 10:25 schrieb vamp898:
>>> This is how the logs looks like when i do this
>>> 
>>> Thu Nov  8 10:13:51 2018 -> ScanOnAccess: notifying only for access 
>>> attempts.
>>> Thu Nov  8 10:13:51 2018 -> ScanOnAccess: Protecting 
>>> '/var/www/localhost/htdocs/nextcloud/data' and rest of mount.
>>> Thu Nov  8 10:13:51 2018 -> ScanOnAccess: Max file size limited to 
>>> 52428800 bytes
>>> Thu Nov  8 10:15:09 2018 -> ScanOnAccess: 
>>> /var/www/localhost/htdocs/nextcloud-14.0.3/data/administrator/files/eicar.com: 
>>> Eicar-Test-Signature FOUND
>>> 
>>> Any help highly appriciated =)
>> 
>> looks like a bug:
>> https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/clamd/onaccess_fan.c#L155
>> 
>> the second condition should not be negated for my feeling.
> Dear Mr. Schulze,
> 
> thank you for your email.
> 
> Eeeyup, looks like a bug for me too. Maybe someone had one to many
> beer writing that part of the code :P
> 
> Am i supposed to open the bug report or would/could you do that? (I
> dont have an account or something).
> 
> If not, please feel free to tell me and i will registert myself there.
> 
> 
> 
> Best Regards
> 
> Former Avira Employee who exclusively supported DATEV back then when
> they had Webgate :P
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
For the reference, i also tested the following

OnAccessMaxFileSize 50M
OnAccessIncludePath /var/www/localhost/htdocs/nextcloud/data
OnAccessDisableDDD yes
OnAccessPrevention yes

And the log looks different

Thu Nov  8 11:52:27 2018 -> ScanOnAccess: preventing access attempts on 
malicious files.
Thu Nov  8 11:52:27 2018 -> ScanOnAccess: Protecting directory 
'/var/www/localhost/htdocs/nextcloud/data'
Thu Nov  8 11:52:27 2018 -> ScanOnAccess: Max file size limited to 
52428800 bytes

but there is still full access to this file, it no longer gets detected 
at all.



More information about the clamav-users mailing list