Dnia Czwartek, 25 Lutego 2016 16:53 Mickey Sola <ms...@sourcefire.com> napisaĆ(a) > Hi Kamil, > > A few things: what OS and kernel version are you using? what are the > results of opening the eicar file with vi (or your editor of choice)? are > /home/ and or /var/ftp/ mount points? if so, are there symlinks within > those directory hierarchies? is your kernel configured with > CONFIG_FANOTIFY_ACCESS_PERMISSIONS? > > Also, extra scanning won't work without DDD since it's piggyback's off of > the inotify events caught by that system (events which otherwise aren't > caught by fanotify). > > - Mickey >
1. Debian Jessie 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux 2. I Can open eicar file without any problems. 3. System is installed on single / partition. 4. cat /boot/config-3.16.0-4-amd64 | grep FANOTIFY CONFIG_FANOTIFY=y # CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set so I presume, SoA will not work with this kernel. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
