[clamav-users] OnAccessScan doesn't prevent Access

[Micah Snyder (micasnyd)]

The negation is intentional, though perhaps it should print a warning.

From the documentation here: https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/docs/UserManual/Usage.md#On-access-Scanning

Watch your entire filesystem only using the clamd.conf OnAccessMountPath option. While this will disable on-access prevention, it will avoid potential system lockups caused by fanotify’s blocking functionality.

To use OnAccessPrevention, you'll need to use OnAccessIncludePath instead of OnAccessMountPath.

Regards,
Micah



On Nov 8, 2018, at 4:39 AM, Andreas Schulze <andreas.schulze at datev.de<mailto:andreas.schulze at datev.de>> wrote:

Am 08.11.18 um 10:25 schrieb vamp898:
This is how the logs looks like when i do this

Thu Nov  8 10:13:51 2018 -> ScanOnAccess: notifying only for access attempts.
Thu Nov  8 10:13:51 2018 -> ScanOnAccess: Protecting '/var/www/localhost/htdocs/nextcloud/data' and rest of mount.
Thu Nov  8 10:13:51 2018 -> ScanOnAccess: Max file size limited to 52428800 bytes
Thu Nov  8 10:15:09 2018 -> ScanOnAccess: /var/www/localhost/htdocs/nextcloud-14.0.3/data/administrator/files/eicar.com<http://eicar.com>: Eicar-Test-Signature FOUND

Any help highly appriciated =)

looks like a bug: https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/clamd/onaccess_fan.c#L155

the second condition should not be negated for my feeling.

--
A. Schulze
DATEV eG
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181108/e3cdc88b/attachment.htm>