Hi there, On Sun, 13 Mar 2022, Mohsen Ghahremani via clamav-users wrote:
I run clamd and clamonacc with root user and clamd.conf file is configured as follows: User root OnAccessIncludePath / home OnAccessExcludeUname root OnAccessPrevention yes
This is not sufficient information (and your configuration of the OnAccessIncludePath option looks wrong - did you mean '/home'?). Please instead provide the full, unedited output of clamconf -n and I repeat - without *any* editing on your part so that we can see your configuration correctly.
In this case, if I run a malicious file with other users, clamav prevents it from running, and if I run the same file with the root user, it does nothing. How can I configure calmav to prevent malicious files from being executed by the root user?
Please read the man page for clamd.conf where the exclusions are fully explained. There are more of them than you have listed in your post. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
