Hi there, On Thu, 4 Feb 2021, Nick via clamav-users wrote:
... Ideally I want to only scan: /user-home-folders/*/Downloads
Your users won't save downloaded files anywhere else?
... could I do something like the below? OnAccessIncludePath to /user-home-folders/ ExcludePath /.local/ ExcludePath /.cache/ ExcludePath/.config/
Unlike OnAccessExcludePath, the ExcludePath directive _does_ take a regex so you could for example use ExcludePath .*/\..* which means anything which has a dot immediately after a slash. This is untested, but I have reasonable confidence in the regex matching used by clamd. Occasionally I've played around with it when testing other suggestions on the list.
In testing this I still see clamonacc tell me it's performing scanning on files created in .cache but will the engine itself ignore them due to the Excludes?
I've never used on-access scanning so my knowledge of its alleged behaviour is only from reading. I understand that the clamonacc daemon is a client of the clamd daemon, so I would say that AFAICT the clamd daemon respects its configuration so the answer is 'yes', but I would also urge you to find out by experiment. That's what I usually do if I'm unsure of any behaviour - particularly with things like regexes, which might be supplied by your local libraries, and not by the upstream sources that you've just built. The main toothache in the process is waiting for the daemon to reload its configuration after each configuration change.
Is there a better way of accomplishing this?
Personally I'm not convinced that you should be doing it at all. If I were a malicious actor and I wanted to hide things in your filesystem, then the directories you're excluding are amongst the obvious targets for some place where lots of garbage gets written and then ignored by the people using the box. On the other hand you probably haven't yet attempted to calculate the probability that what you're doing will achieve the desired results. What are the desired results? -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
