[clamav-users] Prevent root users from running infected files
G.W. Haywood
clamav at jubileegroup.co.uk
Sun Mar 13 12:09:39 UTC 2022
Hi there,
On Sun, 13 Mar 2022, Mohsen Ghahremani via clamav-users wrote:
> I run clamd and clamonacc with root user and clamd.conf file is
> configured as follows:
>
> User root
>
> OnAccessIncludePath / home
>
> OnAccessExcludeUname root
>
> OnAccessPrevention yes
This is not sufficient information (and your configuration of the
OnAccessIncludePath option looks wrong - did you mean '/home'?).
Please instead provide the full, unedited output of
clamconf -n
and I repeat - without *any* editing on your part so that we can see
your configuration correctly.
> In this case, if I run a malicious file with other users, clamav
> prevents it from running, and if I run the same file with the root
> user, it does nothing.
>
> How can I configure calmav to prevent malicious files from being
> executed by the root user?
Please read the man page for clamd.conf where the exclusions are fully
explained. There are more of them than you have listed in your post.
--
73,
Ged.
More information about the clamav-users
mailing list