Indeed, I'm having this problem too. Probably the include wins over the exclude, even with this in the logs:
clamd[4940]: ScanOnAccess: Protecting directory '/var/log' (and all sub-directories) clamd[4940]: ScanOnAccess: Protecting directory '/var' (and all sub-directories) clamd[4940]: ScanOnAccess: Excluding directory '/var/log' (and all sub-directories) The way I do it currently is via a small script (and I don't do /var/log) to precisely indicate via OnAccessIncludePath what I want ... F. Op Donderdag, 26-09-2019 om 11:53 schreef CROFT Ian: It's a fair point Ged well made. And making sure they are all strings looks better now in most cases. So I now have these :- OnAccessIncludePath /var/log ( Only added to include to get around the bug previously mentioned ) OnAccessIncludePath /var OnAccessExcludePath /var/log However eicar test as /var/log/test.txt is still being picked up. Its working fine on other real sub directories ( not separate munts ), feels like this is falling foul of the fact /var/log is a sub mount point perhaps. Cheers Ian -----Original Message----- From: clamav-users On Behalf Of G.W. Haywood via clamav-users Sent: 26 September 2019 10:22 To: ClamAV users ML Cc: G.W. Haywood Subject: Re: [clamav-users] OnAccessExcludePath being ignored. Hi there, On Thu, 26 Sep 2019, CROFT Ian wrote: > But when I put an EICAR test txt file in /var/log/test.txt it is getting picked up by the OnAccess scanner. > > I have tried ^/var/log/ and ^/var/log/* - same issue the test.txt is still picked up by the OnAccess scanner when it should in my mind be being ignored. > > Any ideas ? You really do need to get used to reading the 'man' pages. In this case the man page for clamd.conf states OnAccessExcludePath STRING which means that the argument is a STRING, not a REGEX. You must not put things like '^' and '*' in a STRING argument because a STRING is taken literally. You are excluding names which do not exist on your system. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml Sopra Steria is the trading name of the following companies (all registered in England & Wales): (i) Sopra Steria Limited (No. 04077975) (ii) Sopra Group Ltd (No. 01643041) (iii) Sopra Group Holding Ltd (No. 01588948) _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
