Hi all I'm setting up a test environment with ClamAV and on access scanning and came across some problems.
When I add the directories /etc and /usr to the OnAccessIncludePath list, the machine totally locks up. All connected sessions lock up too. Only a reboot of the machine is the solution. When /etc (or /usr) is the only OnAccessIncludePath entry the same thing (lockup/hang) happens. For /usr I found a workaround: OnAccessExcludePath /usr/lib64 This way the machine stays stable. Putting SElinux in permissive mode gives the same negative result (lockup). Has somebody got an idea what could be the cause of these lockups? Excluding etc and usr wouldn't be a quite satisfying solution. Cheers, Roland Here's the set up: Red Hat Linux 8.5 SELinux turned on (antivirus_can_scan_system / clamd_use_jit are set) The machine has a clean install. Dedicated to this POC. This is the ClamAV scan.conf: LogFile /var/log/clamd.scan LogTime yes LogSyslog yes TemporaryDirectory /tmp LocalSocket /run/clamd.scan/clamd.sock LocalSocketGroup virusgroup FixStaleSocket yes ExcludePath ^/proc/ ExcludePath ^/sys/ ExcludePath ^/dev/ User clamscan OnAccessMaxThreads 10 OnAccessIncludePath /home OnAccessIncludePath /boot OnAccessIncludePath /root OnAccessIncludePath /etc OnAccessIncludePath /usr OnAccessIncludePath /opt OnAccessExcludePath ^/proc/ OnAccessExcludePath ^/sys/ OnAccessExcludePath ^/dev/ OnAccessExcludePath /usr/lib64 OnAccessPrevention yes OnAccessDenyOnError yes OnAccessExcludeUname clamupdate ________________________________ Informatie van de Raad voor de rechtspraak, de rechtbanken, de gerechtshoven en de bijzondere colleges vindt u op www.rechtspraak.nl. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
