clamav-users January 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: [clamav-users] ScanOnAccess issue

[clamav-users] ScanOnAccess issue

From: Pieter Caron <pieter.caron_at_nospam>
Date: Wed Jan 29 2014 - 14:57:37 GMT
To: clamav-users <clamav-users@lists.clamav.net>

Dear all

I have installed clamav 0.98.1 on Linux version 3.12.9-1-ARCH x86_64

Clamscan and Clamdscan are working perfectly, also the update via
Freshclam is ok.

However I have a problem with ScanOnAccess:

Using the following clamd.conf file:

LogFile /var/log/clamav/clamd.log
LogTime yes
PidFile /run/clamav/clamd.pid
TemporaryDirectory /tmp
LocalSocket /var/lib/clamav/clamd.sock
User root
ScanOnAccess yes
OnAccessMaxFileSize 0
OnAccessIncludePath /home/pc
OnAccessExcludePath /home/pc/Downloads

results in log file entries as follows:

        -> ScanOnAccess: Protecting directory '/home/pc'
        -> ERROR: ScanOnAccess: Can't exclude path /home/pc/Downloads
        -> SelfCheck: Database status OK.

Here I have 2 issues:

1) I do not understand why the OnAccessExcludePath is rejected, as the
directory is existing.

2) When I access a test virus (eicar.com) nothing happens, there is no
entry in the log file created.

Fanotify is installed and actived, since when I start Clamd as user, in
the Clamav log File shows the following error:

  -> ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
  -> ScanOnAccess: clamd must be started by root

which has been solved by the entry: "User root"

Since searching the Web does not give a solution I need some support.

Can someone help me here?

Many thanks in advance.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml