Hi Thank you for your support output of clamconf -n: Config file: clamd.conf ----------------------- LogFile = "/var/log/clamav/clamav.log" LogFileMaxSize = "5242880" LogTime = "yes" LogClean = "yes" LogSyslog = "yes" LogRotate = "yes" ExtendedDetectionInfo = "yes" LocalSocket = "/tmp/clamd.socket" LocalSocketMode = "660" User = "root" _OnAccessIncludePath_ = "/home" _OnAccessExcludeUname_ = "root" _OnAccessPrevention_ = "yes" Config file: freshclam.conf --------------------------- DatabaseMirror = "database.clamav.net" HTTPProxyServer = "172.16.130.185" HTTPProxyPort = "3128" Config file: clamav-milter.conf ------------------------------- ERROR: Please edit the example config file /usr/local/etc/clamav-milter.conf Software settings ----------------- Version: 0.104.2 Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR Database information -------------------- Database directory: /usr/local/share/clamav bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 07:21:51 2021 daily.cld: version 26477, sigs: 1975702, built on Thu Mar 10 01:34:39 2022 Total number of signatures: 1975794 Platform information -------------------- uname: Linux 3.10.0-1160.59.1.el7.x86_64 #1 SMP Wed Feb 23 16:47:03 UTC 2022 x86_64 OS: Linux, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a218e8e0800000002040805 Build information ----------------- GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5) sizeof(void*) = 8 Engine flevel: 142, dconf: 142 My main question is whether clamav can prevent malicious files from being run by the root user? Thankful From: G.W. Haywood via clamav-users Hi there, On Sun, 13 Mar 2022, Mohsen Ghahremani via clamav-users wrote: > I run clamd and clamonacc with root user and clamd.conf file is > configured as follows: > > User root > > OnAccessIncludePath / home > > OnAccessExcludeUname root > > OnAccessPrevention yes This is not sufficient information (and your configuration of the OnAccessIncludePath option looks wrong - did you mean '/home'?). Please instead provide the full, unedited output of clamconf -n and I repeat - without *any* editing on your part so that we can see your configuration correctly. > In this case, if I run a malicious file with other users, clamav > prevents it from running, and if I run the same file with the root > user, it does nothing. > > How can I configure calmav to prevent malicious files from being > executed by the root user? Please read the man page for clamd.conf where the exclusions are fully explained. There are more of them than you have listed in your post. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml |
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
