[clamav-users] calmonacc
Aaron Brighton
aaron at aaronbrighton.ca
Tue Aug 18 17:29:24 UTC 2020
Hi Josh,
Trying to use clamonacc as you are, has many implications/limitations that will likely give you a headache or two. I went down that path initially when trying to implement On-Access Scanning, and ended-up deciding to use it in a much more targeted manner after much stress.
I detailed some of these issues under "Caveat of ClamAV’s On-Access Scanning" here: https://medium.com/@aaronbrighton/installation-configuration-of-clamav-antivirus-on-ubuntu-18-04-a6416bab3b41#9a3d
Specifically in your case, my guess is you're running into what I detailed under "3. Watching directory paths that contain special files" specifically, which has an associated bug ticket: https://bugzilla.clamav.net/show_bug.cgi?id=12306
If you turn on clamonacc verbose logging with the "--verbose" switch when running it, do you see an error similar to the following in the clamonacc output/log file:
--------------------------------------
ClamInotif: watching '/var' (and all sub-directories)
ClamInotif: excluding '/var/log' (and all sub-directories)
ERROR: ClamInotif: could not watch path '/var', 3
If so, can you run the following command substituting "/var" for the directory mentioned in the above error, to determine the types of files in the respective directory:
sudo find /var -exec stat -c%F {} \; | sort | uniq
In my experience, I've seen the following types of files causing issues with clamonacc's initialization:
character special file
fifo
Unfortunately, using OnAccessExcludePath doesn't eliminate the issue.
Hope this helps,
Aaron
More information about the clamav-users
mailing list