[clamav-users] OnAccessExcludePath being ignored.
Franky Van Liedekerke
liedekef at telenet.be
Thu Sep 26 15:54:16 UTC 2019
Indeed, I'm having this problem too. Probably the include wins
over the exclude, even with this in the logs:
clamd[4940]: ScanOnAccess: Protecting directory '/var/log' (and all
sub-directories)
clamd[4940]: ScanOnAccess: Protecting directory '/var' (and all
sub-directories)
clamd[4940]: ScanOnAccess: Excluding directory '/var/log' (and all
sub-directories)
The way I do it currently is via a small script (and I don't do
/var/log) to precisely indicate via OnAccessIncludePath what I want
...
F.
Op Donderdag, 26-09-2019 om 11:53 schreef CROFT Ian:
It's a fair point Ged well made.
And making sure they are all strings looks better now in most cases.
So I now have these :-
OnAccessIncludePath /var/log ( Only added to include to get around the
bug previously mentioned )
OnAccessIncludePath /var
OnAccessExcludePath /var/log
However eicar test as /var/log/test.txt is still being picked up.
Its working fine on other real sub directories ( not separate munts ),
feels like this is falling foul of the fact /var/log is a sub mount
point perhaps.
Cheers
Ian
-----Original Message-----
From: clamav-users On Behalf Of G.W. Haywood via clamav-users
Sent: 26 September 2019 10:22
To: ClamAV users ML
Cc: G.W. Haywood
Subject: Re: [clamav-users] OnAccessExcludePath being ignored.
Hi there,
On Thu, 26 Sep 2019, CROFT Ian wrote:
> But when I put an EICAR test txt file in /var/log/test.txt it is
getting picked up by the OnAccess scanner.
>
> I have tried ^/var/log/ and ^/var/log/* - same issue the test.txt is
still picked up by the OnAccess scanner when it should in my mind be
being ignored.
>
> Any ideas ?
You really do need to get used to reading the 'man' pages.
In this case the man page for clamd.conf states
OnAccessExcludePath STRING
which means that the argument is a STRING, not a REGEX.
You must not put things like '^' and '*' in a STRING argument because
a STRING is taken literally. You are excluding names which do not
exist on your system.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Sopra Steria is the trading name of the following companies (all
registered in England & Wales): (i) Sopra Steria Limited (No.
04077975) (ii) Sopra Group Ltd (No. 01643041) (iii) Sopra Group
Holding Ltd (No. 01588948)
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190926/266d82a6/attachment.htm>
More information about the clamav-users
mailing list