[clamav-users] Could not watch path /var/lib/docker/overlay2 error

Franky Van Liedekerke liedekef at telenet.be
Wed Oct 9 11:38:35 EDT 2019


Your bug was already reported by me. See this
bug: https://bugzilla.clamav.net/show_bug.cgi?id=12306 (and it
contains a workaround too)

Franky

Op Woensdag, 09-10-2019 om 17:32 schreef Arthur Ramsey via
clamav-users:


Hello,

I’m trying to implement on access scanning for docker containers
using overlayfs by running ClamAV outside of a container.  I’m
using Amazon Linux 2 which is currently at 0.101.4.

If I set "OnAccessMountPath /“ an eicar test file downloaded and
read via a container isn’t detected.  If I read the file created
within the container from outside the container it is detected.

If I set “OnAccessIncludePath /var/lib/docker/overlay2” I get:

Tue Oct  8 15:22:12 2019 -> ScanOnAccess: Protecting directory
'/var/lib/docker/overlay2' (and all sub-directories)
Tue Oct  8 15:22:12 2019 -> ERROR: ScanOnAccess: Could not watch path
'/var/lib/docker/overlay2', Success

I also tried "OnAccessIncludePath /var/lib/docker/overlay2//merged“
which isn’t practical because the uuid is generated when the
container starts but it does work.

I see that 0.102.0 has significant changes to on access scanning so
I’m trying to test that but the configure script isn’t detecting
fanotify support. I have kernel-devel and glibc-headers installed.
 I’ve also confirmed fanotify support with "cat /boot/config- |
grep FANOTIFY”.

I get an error from the configure script:
./configure: line 30024: auto=yes: command not found


Here’s the full configure output: https://pastebin.com/0xYqhr2V.


This was my attempt to fix it but it didn’t
work: https://pastebin.com/k2kCrmHP.


Thanks,
Arthur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20191009/611a6935/attachment.html>


More information about the clamav-users mailing list