Hi there, On Wed, 13 Apr 2022, Oorschot, R. van (IVO Rechtspraak) via clamav-users wrote:
I'm setting up a test environment with ClamAV and on access scanning and came across some problems. When I add the directories /etc and /usr to the OnAccessIncludePath list, the machine totally locks up. ... Has somebody got an idea what could be the cause of these lockups?
You haven't talked about RAM. Be aware that if you're using on-access protection, the minimum amount of memory that you will need will be at least a gigabyte more (to run clamd) than you'd need without it. Even if nothing is flagged as malicious, think about how many seconds it might take to scan a typical library file against some ten million potential threats, and, if the box is busy, how many times per second numerous library files might need to be read during normal operation of more or less anything which is running on it.
This is the ClamAV scan.conf: ... OnAccessPrevention yes ...
If you use OnAccessPrevention, and you scan system libraries, then if a false positive happens to flag a perfectly clean library file which happens to be needed by the system then you can expect the machine to lock up unless you have taken steps to prevent that. For example you could exclude a bunch of user IDs from the access prevention, but of course then ClamAV might not give the protection you're looking for. And indeed it might not give it anyway. The constructions of your regexes seem to be a litle inconsistent but I don't imagine that it's relevant to this issue. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
