Hello,
I'm running clamav 0.102.3 on RedHat 7.8 servers.
When i use OnAccessMountPath and place the file "eicar.com" in /tmp directory i see a messages in /var/log/messages.
clamd[3994]: Self checking every 1800 seconds.
clamd[3994]: lstat() failed on: /etc/shadow
clamd[3994]: /tmp/eicar.com: Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND
clamd[3994]: /tmp/eicar3.com: Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND
clamd[3994]: lstat() failed on: /etc/selinux/config
clamd[3994]: lstat() failed on: /etc/selinux/semanage.conf
clamd[3994]: lstat() failed on: /etc/selinux/targeted/seusers
clamd[3994]: lstat() failed on: /etc/selinux/targeted/semanage.read.LOCK
clamd[3994]: lstat() failed on: /etc/selinux/targeted/active/commit_num
clamd[3994]: lstat() failed on: /etc/selinux/targeted/active/seusers
I also see lots of following messages:
clamonacc: ClamMisc: $/proc/4899 vanished before UIDs could be excluded; scanning anyway
clamonacc: ClamMisc: $/proc/4896 vanished before UIDs could be excluded; scanning anyway
clamonacc: ClamMisc: $/proc/4900 vanished before UIDs could be excluded; scanning anyway
clamonacc: ClamMisc: $/proc/4900 vanished before UIDs could be excluded; scanning anyway
However when i use "OnAccessIncludePath /tmp", i don see this message after placing this "eicar.com"
file in /tmp.
clamd[4819]: XMLDOCS support enabled.
clamd[4819]: HWP3 support enabled.
clamd[4819]: Self checking every 1800 seconds.
clamd[4819]: SelfCheck: Database status OK.
clamd[4819]: SelfCheck: Database status OK.
clamonacc: ClamInotif: watching '/tmp' (and all sub-directories)
Please tell me what i'm doing wrong ?
Thanks in advance,
Met vriendelijke groet,
Eric van Rheenen
Linux beheer
Raadhuisplein 10, 9751AN Haren
E-Mail:
Eric.van.Rheenen@groningen.nl
Ericvan.Rheenen@ts.fujitsu.com
Telefoon: +31 (0)6 1640 2686