Hi Kamil, Unfortunately, the current version of on-access scanning is limited to non-recursive detection during access attempts--not prevention. This is due to particularities in how clamd leverages fanotify (and partially due to limitations from fanotify itself).
Work is being done to flesh out the on-access scanner into something a bit more robust and all-around useful. In that regard, if you have any features you'd like to see in the on-access scanner, now's the best time to make a request. - Mickey On Mon, Aug 10, 2015 at 6:05 AM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > > On Mon, August 10, 2015 10:58 am, kamil kapturkiewicz wrote: > > Hi, > > I am trying to configure Scan On Access with ProFTPD server to block > > acccess to file (not only mark as FOUND): > > Not my area but Found this from an archive... > > ---------- > You could write a virusevent script, put VirusEvent /path/to/yourscript in > clamd.conf, and in yourscript: > > #!/bin/sh > /usr/bin/logger -t clamd -p local1.alert "$CLAM_VIRUSEVENT_FILENAME: > $CLAM_VIRUSEVENT_VIRUSNAME FOUND" > > --------- > > So, maybe VirusEvent with a move filename ?? > > Cheers, > > Steve > Web : sanesecurity.com > Blog: sanesecurity.blogspot.com > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
