On Thu, Sep 9, 2021 at 1:45 PM Maarten Broekman <maarten.broek...@gmail.com>
wrote:

> It depends on the OS, but if you have something like AppArmor or
> GrSecurity, you may need to grant the appropriate permissions there to
> allow access even for root.
>


Thanks for the info.

I disabled apparmor (systemctl disable apparmor) and rebooted but still got
the 'could not watch /var/www' error, so re-enabled it again.

/var is a separate partition with www being a "regular" subdir under that.
We use autofs to mount some shared directories under www for the webserver
and after disabling autofs, the error has went away. So, I don't know if
autofs itself is the issue, or maybe something could be altered with the
autofs mount options to get this working with the network mounts. It
probably makes more sense to have those files scanned on the NAS rather
than over a network link so maybe the point is moot. If excluding them
works on the web server, then that's probably fine.

This is /etc/auto.master:
/-    /etc/auto.sshfs --timeout=30,--ghost

This is a reduced /etc/auto.sshfs. All four entries are basically the same
just different mounts/locations on the NAS:

/var/www/wordpress/incoming
 
-fstype=fuse,user,idmap=user,transform_symlinks,allow_other,uid=www-data,gid=www-data,ro,nodev,nonempty,noatime,allow_other,max_read=65536,port=61122,identityfile=/root/.ssh/nas_sshfs
:sshfs\#user_s...@nas.mycorp.com\:/incoming/

I added OnAccessExcludePath for the autofs mounts in clamd.config which
seems to be working but still get some errors for files under that mount
(scan failed with error code 34) which I still need to research.


On Thu, Sep 9, 2021 at 2:34 PM Micah Snyder (micasnyd) via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> Hi!
>>
>> No worries about sounding complainy.  I'm glad you're reaching out for
>> help.
>>
>> I recommend always running clamonacc using the --fdpass command line
>> argument, provided it is available on your system Some
>>
>

Thanks! I've adjusted the unit file to use --fdpass
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to