I’ve been experimenting with ClamAV on various Linux distributions and have had trouble doing on-access scanning on CentOS 8 machines – everything installs fine and I can do on-demand scanning with clamscan but on-access scanning isn’t preventing me from accessing a test infected file.  I see this behavior right now with ClamAV 0.103.0 on:

 

AWS CentOS 8.2 (4.18.0-193.6.3.el8_2.x86_64)

GCP CentOS 8.3 (4.18.0-240.10.1.el8_3.x86_64)

 

I’ve got a repo with Ansible playbooks to do the installation and test on-access on on-demand testing: https://github.com/pfuntner/clamav-onacc.  I’ve gotten successes consistently using the same playbooks with Debian 9 and 10.

 

Am I doing something wrong?