Thanks Ged - much appreciated :- >> We have a need to have OnAccessScanning on our RHEL servers but with >> some path exclusions.
>May I ask why? - Ian Response - Yes the Application folks have deemed certain path not required to be scanned and are hoping to avoid any performance issues as well. >> So as I read the manuals etc it seems I have to use the >> OnAccessIncludePath rather than the OnAccessMountPath. >I guess that's right unless you have separate partitions mounted for things >like /var, /usr/local, /home and whatever. >> So the filesystem layout is as such :- >> >> / >> /boot >> /home >> /var >> /var/log >> /var/tmp >> /var/log/audit >Are these all separate mount points/partitions? Ian Response - Yes >> So I have set up the following IncludePath entries in scan.conf >I guess the file scan.conf is something that RH does with ClamAV. >There is no such file in any of my systems built from source. >> OnAccessIncludePath /dev >There be dragons, I wouldn't do that. Ian response - ok noted. >> OnAccessIncludePath /var >I wouldn't do that. Ian Response - why - I was going to include it then then exclude particular directories below it as required. - But the error I am getting wont let me include it in the first place. >> Does anybody know where I am going wrong ? >Why do you want to scan everything under /var/log? It seems pointless >scanning a bunch of files which are effectively write-only logs. You *might* theorize that a text file could have something written to it which would compromise a pager or something when you tried to read the log with it, but it seems quite a, well, a Stretch of the imagination. >I would suggest reading the release notes for version 0.102, there are some >significant changes for on-acess scanning. Ian Response - will do. Sopra Steria is the trading name of the following companies (all registered in England & Wales): (i) Sopra Steria Limited (No. 04077975) (ii) Sopra Group Ltd (No. 01643041) (iii) Sopra Group Holding Ltd (No. 01588948) _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
