[clamav-users] Filesystem scan exclusion returns errors
G.W. Haywood
clamav at jubileegroup.co.uk
Tue Dec 1 12:26:32 UTC 2020
Hi there,
On Tue, 1 Dec 2020, Pascal De Meerleer via clamav-users wrote:
> I have a question concerning the exclusion statement in clamd.conf
>
> # clamconf | grep Exclude
> ExcludePath = "^/run/", "^/dev/", "^/sys/", "^/proc/"
> ...
> When I issue the same command but starting at the root /, I see a
> lot of errors popping up in the log file and all of them are
> pointing to /sys. I am confused because /sys is excluded from
> scanning but errors are logged for that filesystem. What do I do
> wrong and/or how can I avoid this?
I'm assuming that the 'clamconf' output is hiding the fact that your
REGEXes are really on separate 'ExcludePath' lines (as per the docs),
and that they are not on a single line, enclosed by double quotes, and
comma separated. Please can you confirm that?
I don't recall that I've ever actually used the ExcludePath directive,
because I don't generally scan filesystems. I'm not sure that you're
doing anything wrong. I can imagine that the ExcludePath directive in
the config file might be overridden by the command line intentionally.
It's the sort of thing which tools do in general for flexibility. It
seems to me that the documentation isn't clear on the point but I may
have missed something.
There's a recent Bugzilla report here:
https://bugzilla.clamav.net/show_bug.cgi?id=12632
it might be relevant, although it's not specifically about paths. I
wonder if you try removing the '^' (caret character) from the regex,
does it make any difference? It might be a similar issue to 12632.
If that doesn't help I'd suggest scripting something which scans the
directories you want to scan, rather than relying on ExcludePath.
--
73,
Ged.
More information about the clamav-users
mailing list