Hi there, On Tue, 24 Sep 2019, CROFT Ian wrote:
We have a need to have OnAccessScanning on our RHEL servers but with some path exclusions.
May I ask why?
So as I read the manuals etc it seems I have to use the OnAccessIncludePath rather than the OnAccessMountPath.
I guess that's right unless you have separate partitions mounted for things like /var, /usr/local, /home and whatever.
So the filesystem layout is as such :- / /boot /home /var /var/log /var/tmp /var/log/audit
Are these all separate mount points/partitions?
So I have set up the following IncludePath entries in scan.conf
I guess the file scan.conf is something that RH does with ClamAV. There is no such file in any of my systems built from source.
OnAccessIncludePath /dev
There be dragons, I wouldn't do that.
OnAccessIncludePath /var
I wouldn't do that.
Does anybody know where I am going wrong ?
Why do you want to scan everything under /var/log? It seems pointless scanning a bunch of files which are effectively write-only logs. You *might* theorize that a text file could have something written to it which would compromise a pager or something when you tried to read the log with it, but it seems quite a, well, a Stretch of the imagination. I would suggest reading the release notes for version 0.102, there are some significant changes for on-acess scanning. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
