Hi Kamil,
Unfortunately, the current version of on-access scanning is limited to
non-recursive detection during access attempts--not prevention. This is due
to particularities in how clamd leverages fanotify (and partially due to
limitations from fanotify itself).
Work is being done to flesh out the on-access scanner into something a bit
more robust and all-around useful. In that regard, if you have any features
you'd like to see in the on-access scanner, now's the best time to make a
request.
- Mickey
On Mon, Aug 10, 2015 at 6:05 AM, Steve Basford <
steveb_cla...@sanesecurity.com> wrote:
>
> On Mon, August 10, 2015 10:58 am, kamil kapturkiewicz wrote:
> > Hi,
> > I am trying to configure Scan On Access with ProFTPD server to block
> > acccess to file (not only mark as FOUND):
>
> Not my area but Found this from an archive...
>
> --
> You could write a virusevent script, put VirusEvent /path/to/yourscript in
> clamd.conf, and in yourscript:
>
> #!/bin/sh
> /usr/bin/logger -t clamd -p local1.alert "$CLAM_VIRUSEVENT_FILENAME:
> $CLAM_VIRUSEVENT_VIRUSNAME FOUND"
>
> -
>
> So, maybe VirusEvent with a move filename ??
>
> Cheers,
>
> Steve
> Web : sanesecurity.com
> Blog: sanesecurity.blogspot.com
>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
