[clamav-users] block access to file using scan on access option

kamil kapturkiewicz Mon, 10 Aug 2015 02:59:27 -0700

Hi,
I am trying to configure Scan On Access with ProFTPD server to block acccess to 
file (not only mark as FOUND):


Mon Aug 10 10:09:35 2015 -> ScanOnAccess: /home/xyz/eicar.txt: 
{HEX}EICAR.TEST.UNOFFICIAL(69630e4574ec6798239b091cda43dca0:69) FOUND
Mon Aug 10 10:09:39 2015 -> ScanOnAccess: /home/xyz/Revelation.exe: 
SecuriteInfo.com.W32.HackTool.BUS.5819.UNOFFICIAL(5fbc923249818c4b0489b85c1abf0357:69632)
 FOUND
Mon Aug 10 10:09:44 2015 -> ScanOnAccess: /home/xyz/Revelation.exe: 
SecuriteInfo.com.W32.HackTool.BUS.5819.UNOFFICIAL(5fbc923249818c4b0489b85c1abf0357:69632)
 FOUND

For some reason I am able to upload infected files to server and above log 
entries appear only during access (download, view), even not during delete.

I can live with that if it is only possible to detect during downloading from 
FTP or opening, but I would like to able block access to file if something is 
detected.

clamav.conf:

ScanOnAccess true
OnAccessMaxFileSize 50M
#OnAccessIncludePath /var/ftp
OnAccessIncludePath /home/xyz
OnAccessExcludeUID 0




_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] block access to file using scan on access option

Reply via email to