[clamav-users] RHEL ScanonAccess includepaths
G.W. Haywood
clamav at jubileegroup.co.uk
Tue Sep 24 14:06:03 UTC 2019
Hi there,
On Tue, 24 Sep 2019, CROFT Ian wrote:
> We have a need to have OnAccessScanning on our RHEL servers but with
> some path exclusions.
May I ask why?
> So as I read the manuals etc it seems I have to use the
> OnAccessIncludePath rather than the OnAccessMountPath.
I guess that's right unless you have separate partitions mounted for
things like /var, /usr/local, /home and whatever.
> So the filesystem layout is as such :-
>
> /
> /boot
> /home
> /var
> /var/log
> /var/tmp
> /var/log/audit
Are these all separate mount points/partitions?
> So I have set up the following IncludePath entries in scan.conf
I guess the file scan.conf is something that RH does with ClamAV.
There is no such file in any of my systems built from source.
> OnAccessIncludePath /dev
There be dragons, I wouldn't do that.
> OnAccessIncludePath /var
I wouldn't do that.
> Does anybody know where I am going wrong ?
Why do you want to scan everything under /var/log? It seems pointless
scanning a bunch of files which are effectively write-only logs. You
*might* theorize that a text file could have something written to it
which would compromise a pager or something when you tried to read the
log with it, but it seems quite a, well, a Stretch of the imagination.
I would suggest reading the release notes for version 0.102, there are
some significant changes for on-acess scanning.
--
73,
Ged.
More information about the clamav-users
mailing list