Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

Virgo Pärna Thu, 05 May 2016 03:08:38 -0700

On Thu, 5 May 2016 09:50:03 +0000, Mikko Caldara <mikko.cald...@fca.org.uk> 
wrote:
> Not sure if it's related, but when I launch clamd *without* systemd and then 
> try to access an "infected" file, 2 problems occur:
>
> - clamd does not prevent access, despite having the option enabled
> - clamd goes into an infinite loop and hogs the CPU:
>
> Thu May  5 09:42:20 2016 -> ScanOnAccess: 
> /etc/suricata/rules/emerging-activex.rules: 
> Win.Trojan.cve_2011_2657-1(30e2f8e333f1624bb5ab66bed16eb110:274398) FOUND
> Thu May  5 09:42:20 2016 -> ScanOnAccess: 
> /tmp/clamav-326fdcae0616839f918d7b703a8e513b.tmp/nocomment.html (deleted): 
> Win.Trojan.cve_2011_2657-1(d361373a52eb4e0cfcb1fd4783700152:273785) FOUND



        Looks like it is also scanning temporary files created turing
the scanning. Could you set OnAccessExlcudeUID to clamd user id? 

-- 
Virgo Pärna 
virgo.pa...@mail.ee

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ScanOnAccess issue when clamd launched from systemd

Reply via email to