Hi Josh, Trying to use clamonacc as you are, has many implications/limitations that will likely give you a headache or two. I went down that path initially when trying to implement On-Access Scanning, and ended-up deciding to use it in a much more targeted manner after much stress.
I detailed some of these issues under "Caveat of ClamAV’s On-Access Scanning" here: https://medium.com/@aaronbrighton/installation-configuration-of-clamav-antivirus-on-ubuntu-18-04-a6416bab3b41#9a3d Specifically in your case, my guess is you're running into what I detailed under "3. Watching directory paths that contain special files" specifically, which has an associated bug ticket: https://bugzilla.clamav.net/show_bug.cgi?id=12306 If you turn on clamonacc verbose logging with the "--verbose" switch when running it, do you see an error similar to the following in the clamonacc output/log file: -------------------------------------- ClamInotif: watching '/var' (and all sub-directories) ClamInotif: excluding '/var/log' (and all sub-directories) ERROR: ClamInotif: could not watch path '/var', 3 If so, can you run the following command substituting "/var" for the directory mentioned in the above error, to determine the types of files in the respective directory: sudo find /var -exec stat -c%F {} \; | sort | uniq In my experience, I've seen the following types of files causing issues with clamonacc's initialization: character special file fifo Unfortunately, using OnAccessExcludePath doesn't eliminate the issue. Hope this helps, Aaron _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
