Hello again, On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:
# ps -ef|grep clam clamscan 286345 1 13 13:35 ? 00:00:55 /usr/sbin/clamd -c /etc/clamd.d/scan.conf root 286357 1 0 13:35 ? 00:00:02 /usr/sbin/clamonacc --fdpass --log=/var/log/clamonacc -F --config-file=/etc/clamd.d/scan.conf --move=/var/tmp/clamav-quarantine
Hopefully you'll see the same PIDs until you deliberately restart the daemons.
... cat scan.conf|grep -v ^#|grep -v ^$ ... OnAccessMountPath /
Are you *sure* you want to do that?
... OnAccessMountPath /var OnAccessMountPath /var/tmp OnAccessMountPath /var/log OnAccessMountPath /var/log/audit ...
Are these four separate filesystems? If they're all on the same filesystem at least three of those lines would seem to be superfluous. Again, I'd urge caution in what you require of the scanner. Although it's not impossible that criminals might seek to hide malicious things in some of those places, if they do that they'll probably also make sure you (and clamd) can't see them. It really isn't likely that your logs will pose any great threat; they're constantly being written, and clamd will be working overtime on them for probably no added value. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
