Hi clamav-users, I am trying to set up ClamAV for non-blocking OnAccess scanning. It appears to be working since I am receiving delayed instream alerts. When I tested with eicar, I received an alert after ~30s to 2m of opening the test file. For now, I am running clamd and clamonacc as root. (*sudo clamd && sudo clamonacc*, no other arguments)
1) Why is OnAccess scanning so delayed? I would have expected the OnAccess scan to be immediate. 2) How can I print the filepath of the OnAccess scanned file in the alert script? $CLAM_VIRUSEVENT_FILENAME prints "instream(127.0.0.1@34740)" which isn't helpful. *clamd --version* ClamAV 1.4.1/27497/Tue Dec 24 03:44:06 2024 *clamd.conf* LogFile /var/log/clamd.log ExtendedDetectionInfo yes DatabaseDirectory /var/lib/clamav TCPSocket 3310 TCPAddr localhost VirusEvent /opt/send_virus_alert.sh DetectPUA yes CacheSize 262144 OnAccessIncludePath /home OnAccessExtraScanning yes OnAccessMountPath / OnAccessExcludeUname clamav */opt/send_virus_alert.sh* echo "Virus detection!!! $CLAM_VIRUSEVENT_VIRUSNAME - $CLAM_VIRUSEVENT_FILENAME" | wall
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
