We have separate filesystems on our servers under /var :- /var /var/log /var/log/audit
And following this advice recently :- While it is not recommended to scan everything under /var (or /var at all), the reason it fails is because you have /var submounts (/var/log, /var/tmp). This is currently a known bug in clamav (I reported it: https://bugzilla.clamav.net/show_bug.cgi?id=12306 ), and the workaround in your case is: OnAccessIncludePath /var/log/audit OnAccessIncludePath /var/log OnAccessIncludePath /var and then, if you don't want /var/log add this in the exclude: OnAccessExcludePath ^/var/log But when I put an EICAR test txt file in /var/log/test.txt it is getting picked up by the OnAccess scanner. I have tried ^/var/log/ and ^/var/log/* - same issue the test.txt is still picked up by the OnAccess scanner when it should in my mind be being ignored. Any ideas ? Cheers Ian Sopra Steria is the trading name of the following companies (all registered in England & Wales): (i) Sopra Steria Limited (No. 04077975) (ii) Sopra Group Ltd (No. 01643041) (iii) Sopra Group Holding Ltd (No. 01588948)
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
