Op Donderdag, 26-09-2019 om 20:14 schreef Franky Van Liedekerke: > Op Donderdag, 26-09-2019 om 19:17 schreef G.W. Haywood via clamav-users: > > Hello again, > > > > On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote: > > > > > ... making sure they are all strings looks better now in most cases. > > > > > > So I now have these :- > > > > > > OnAccessIncludePath /var/log > > > ( Only added to include to get around the bug previously mentioned ) > > > > > > OnAccessIncludePath /var > > > > > > OnAccessExcludePath /var/log > > > > > > However eicar test as /var/log/test.txt is still being picked up. > > > > > > Its working fine on other real sub directories ( not separate munts ), > > > feels like this is falling foul of the fact /var/log is a sub mount > > > point perhaps. > > > > Hmmmm. Bugs or no bugs it seems rather willful having both of these: > > > > OnAccessIncludePath /var/log > > OnAccessExcludePath /var/log > > > > and I'm not surprised that things seem a bit insane if you do. :) > > > > Unfortunately on bugzilla, issue 12306 itself is restricted access. > > Because of that I didn't even know of its existence - I've trawled > > through every issue listed in the components pages at > > > > https://bugzilla.clamav.net/describecomponents.cgi?product=ClamAV > > > > and AFAICT it doesn't appear in any of them. So I don't think I can > > add anything useful to what I've already said. To repeat what I've > > already said, I think scanning /var/log isn't a great idea. > > Well, I reported the bug, so I can summarize it with this example: > ====================================================== > This works to monitor /opt (assuming /opt/openv is a submount): > > OnAccessIncludePath /opt/openv > OnAccessIncludePath /opt > > but this doesn't: > OnAccessIncludePath /opt > OnAccessIncludePath /opt/openv > ====================================================== > > The thing is of course: what to do if you want to monitor /opt and not > /opt/openv while /opt/openv is a submount? > Maybe the new 0.102 version has a workaround for it (I do know that you still > need this OnAccessIncludePath workaround, but maybe with the new onaccess > method, the standard excludes also apply and that would help then ... > something I need to test (but I need to compile clamav for that first). Ok, good news: the new 0.102 version works as expected. While it still has the bug with the OnAccessIncludePath-part, you can just exclude /opt/openv in clamd itself using the standard ExcludePath-option. Reason why this works: clamonacc is a new client daemon in 0.102 which in fact is just being told what should be monitored in on-access mode and gives those files to clamd as a client. Clamd itself then checks al its regular options, so excludepath is validated too. This is very cool in the fact that you could now once again use the mount-option for onaccess too and let all the excludes be handled via regular clamd. This has an overhead of course (you should understand that OnAccessMountPath has less possibilities), but I like the choices now.
Franky _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
