Hello,
I think I could not explain correctly.
I am not using clamonacc. I run my own program that uses fanotify, just like
clamonacc does, and gets list of files that are modifed\added.
I send that list to clamscan or clamdscan.
The problem is limitation of fanotify which is that " The fanotify API
does not report file accesses and modifications that may occur because of
mmap(2), msync(2), and munmap(2).".
Now my assumption is mmap, msync, munmap deals with memory mapped files. So
questions I have are:
does clamav scan memory mapped
files? Further details:
If run clamscan or clamdscan on "/" it would scan all files so it
does not matter. But how does clamonacc overcomes this limitation since it uses
fanotify?
If it does, is there a way to ask clamav to scan just memory mapped
files? Further details:
This question is probably invalid. You can ignore this question.
Thanks in advance,
-Neel.
From: <tetsuya11.chiba...@nttdata.com>
Sent: Thu, 05 Dec 2024 15:02:51
To: <clamav-users@lists.clamav.net>
Cc: <neelsm...@rediffmail.com>
Subject: Re: [clamav-users] Scanning memory mapped files
Thank you for your email.
I saw the post you mentioned
(https://superuser.com/questions/1863769/clamav-and-memory-mapped-files).
It seems to be the same issue!
I am considering commenting out the part of the startup shell script that
starts and stops the clamonacc.service,
but I haven't been able to test it yet.
For now, I think we can only ignore the error messages.
Thank you for your understanding.
�$B:9=P?M(B: clamav-users <clamav-users-boun...@lists.clamav.net> $B$,(B
neel roy via clamav-users <clamav-users@lists.clamav.net> $B$NBeM}$GAw?.(B
�$BAw?.F|;~(B: 2024$BG/(B12$B7n(B5$BF|(B 16:48
�$B08@h(B: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
CC: neel roy <neelsm...@rediffmail.com>
�$B7oL>(B: Re: [clamav-users] Scanning memory mapped files
Hello,
Sorry, I should have given complete information but my thought process was
little slow :) Here is the question as I posted on stackoverflow
(https://superuser.com/questions/1863769/clamav-and-memory-mapped-files):
I am using clamav on Enterprise Linux 9. In order to optimize it's
scanning I am getting list of modified files using fanotify
(https://man7.org/linux/man-pages/man7/fanotify.7.html).
But it states " The fanotify API does not report file accesses and
modifications that may occur because of mmap(2), msync(2), and munmap(2).".
Based on this I have two questions:
does clamav scan memory mapped files? If it does, is there a way to
ask clamav to scan just memory mapped files?
Thanks in advance!
Thanks!
From: neel roy via clamav-users <clamav-users@lists.clamav.net>
Sent: Thu, 05 Dec 2024 12:24:27
To: <clamav-users@lists.clamav.net>
Cc: neel roy <neelsm...@rediffmail.com>
Subject: [clamav-users] Scanning memory mapped files
Hello,
Does clamav scan memory mapped files? If yes, does it option to scan _just_
memory mapped files?
Thanks in advance,
-Neel.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
