[clamav-users] OnAccessScan doesn't prevent Access

Micah Snyder (micasnyd) micasnyd at cisco.com
Thu Nov 8 16:12:13 UTC 2018

The negation is intentional, though perhaps it should print a warning.

From the documentation here: https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/docs/UserManual/Usage.md#On-access-Scanning

Watch your entire filesystem only using the clamd.conf OnAccessMountPath option. While this will disable on-access prevention, it will avoid potential system lockups caused by fanotify’s blocking functionality.

To use OnAccessPrevention, you'll need to use OnAccessIncludePath instead of OnAccessMountPath.


On Nov 8, 2018, at 4:39 AM, Andreas Schulze <andreas.schulze at datev.de<mailto:andreas.schulze at datev.de>> wrote:

Am 08.11.18 um 10:25 schrieb vamp898:
This is how the logs looks like when i do this

Thu Nov  8 10:13:51 2018 -> ScanOnAccess: notifying only for access attempts.
Thu Nov  8 10:13:51 2018 -> ScanOnAccess: Protecting '/var/www/localhost/htdocs/nextcloud/data' and rest of mount.
Thu Nov  8 10:13:51 2018 -> ScanOnAccess: Max file size limited to 52428800 bytes
Thu Nov  8 10:15:09 2018 -> ScanOnAccess: /var/www/localhost/htdocs/nextcloud-14.0.3/data/administrator/files/eicar.com<http://eicar.com>: Eicar-Test-Signature FOUND

Any help highly appriciated =)

looks like a bug: https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/clamd/onaccess_fan.c#L155

the second condition should not be negated for my feeling.

A. Schulze
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>

Help us build a comprehensive ClamAV guide:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181108/e3cdc88b/attachment.htm>

More information about the clamav-users mailing list