[clamav-users] ClamClient errors
G.W. Haywood
clamav at jubileegroup.co.uk
Thu Jun 3 21:57:45 UTC 2021
Hello again,
On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:
> # ps -ef|grep clam
> clamscan 286345 1 13 13:35 ? 00:00:55 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
> root 286357 1 0 13:35 ? 00:00:02 /usr/sbin/clamonacc --fdpass --log=/var/log/clamonacc -F --config-file=/etc/clamd.d/scan.conf --move=/var/tmp/clamav-quarantine
Hopefully you'll see the same PIDs until you deliberately restart the daemons.
> ... cat scan.conf|grep -v ^#|grep -v ^$
> ...
> OnAccessMountPath /
Are you *sure* you want to do that?
> ...
> OnAccessMountPath /var
> OnAccessMountPath /var/tmp
> OnAccessMountPath /var/log
> OnAccessMountPath /var/log/audit
> ...
Are these four separate filesystems? If they're all on the same
filesystem at least three of those lines would seem to be superfluous.
Again, I'd urge caution in what you require of the scanner. Although
it's not impossible that criminals might seek to hide malicious things
in some of those places, if they do that they'll probably also make
sure you (and clamd) can't see them. It really isn't likely that your
logs will pose any great threat; they're constantly being written, and
clamd will be working overtime on them for probably no added value.
--
73,
Ged.
More information about the clamav-users
mailing list