Op Donderdag, 26-09-2019 om 19:17 schreef G.W. Haywood via clamav-users: > Hello again, > > On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote: > > > ... making sure they are all strings looks better now in most cases. > > > > So I now have these :- > > > > OnAccessIncludePath /var/log > > ( Only added to include to get around the bug previously mentioned ) > > > > OnAccessIncludePath /var > > > > OnAccessExcludePath /var/log > > > > However eicar test as /var/log/test.txt is still being picked up. > > > > Its working fine on other real sub directories ( not separate munts ), > > feels like this is falling foul of the fact /var/log is a sub mount > > point perhaps. > > Hmmmm. Bugs or no bugs it seems rather willful having both of these: > > OnAccessIncludePath /var/log > OnAccessExcludePath /var/log > > and I'm not surprised that things seem a bit insane if you do. :) > > Unfortunately on bugzilla, issue 12306 itself is restricted access. > Because of that I didn't even know of its existence - I've trawled > through every issue listed in the components pages at > > https://bugzilla.clamav.net/describecomponents.cgi?product=ClamAV > > and AFAICT it doesn't appear in any of them. So I don't think I can > add anything useful to what I've already said. To repeat what I've > already said, I think scanning /var/log isn't a great idea.
Well, I reported the bug, so I can summarize it with this example: ====================================================== This works to monitor /opt (assuming /opt/openv is a submount): OnAccessIncludePath /opt/openv OnAccessIncludePath /opt but this doesn't: OnAccessIncludePath /opt OnAccessIncludePath /opt/openv ====================================================== The thing is of course: what to do if you want to monitor /opt and not /opt/openv while /opt/openv is a submount? Maybe the new 0.102 version has a workaround for it (I do know that you still need this OnAccessIncludePath workaround, but maybe with the new onaccess method, the standard excludes also apply and that would help then ... something I need to test (but I need to compile clamav for that first). Franky _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
