I'm not sure if this IS the answer, but my guess would be that ClamAV needs to access files in /usr/lib64... And it has to scan (and come back with an OK result) before access is allowed... resulting in scans being blocked which, in turn, results in ALL processes being blocked while waiting on the scans to complete.
--Maarten On Wed, Apr 13, 2022 at 7:49 AM Oorschot, R. van (IVO Rechtspraak) via clamav-users <clamav-users@lists.clamav.net> wrote: > Hi all > > I'm setting up a test environment with ClamAV and on access scanning and > came across some problems. > > When I add the directories /etc and /usr to the OnAccessIncludePath list, > the machine totally locks up. > All connected sessions lock up too. Only a reboot of the machine is the > solution. > When /etc (or /usr) is the only OnAccessIncludePath entry the same thing > (lockup/hang) happens. > > For /usr I found a workaround: OnAccessExcludePath /usr/lib64 > This way the machine stays stable. > > Putting SElinux in permissive mode gives the same negative result (lockup). > > Has somebody got an idea what could be the cause of these lockups? > Excluding etc and usr wouldn't be a quite satisfying solution. > > Cheers, > Roland > > Here's the set up: > Red Hat Linux 8.5 > SELinux turned on (antivirus_can_scan_system / clamd_use_jit are set) > > The machine has a clean install. Dedicated to this POC. > > This is the ClamAV scan.conf: > > LogFile /var/log/clamd.scan > LogTime yes > LogSyslog yes > TemporaryDirectory /tmp > LocalSocket /run/clamd.scan/clamd.sock > LocalSocketGroup virusgroup > FixStaleSocket yes > ExcludePath ^/proc/ > ExcludePath ^/sys/ > ExcludePath ^/dev/ > User clamscan > OnAccessMaxThreads 10 > OnAccessIncludePath /home > OnAccessIncludePath /boot > OnAccessIncludePath /root > OnAccessIncludePath /etc > OnAccessIncludePath /usr > OnAccessIncludePath /opt > OnAccessExcludePath ^/proc/ > OnAccessExcludePath ^/sys/ > OnAccessExcludePath ^/dev/ > OnAccessExcludePath /usr/lib64 > OnAccessPrevention yes > OnAccessDenyOnError yes > OnAccessExcludeUname clamupdate > > > ________________________________ > > Informatie van de Raad voor de rechtspraak, de rechtbanken, de > gerechtshoven en de bijzondere colleges vindt u op www.rechtspraak.nl. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
