Dear Clamav Developers Is anyone working on a feature for clamonacc to filter out clamd's pid, so they don't scan themselves? This feature would allow us to run both clamd/clamonacc as root without the need OnAccessExcludeRootUID/UID/Uname.
Other AM like McAfee and Trend-DS operate as root while also scanning root events. My customer and I stand at the conclusion that we require root-execution while scaning other root-process-evets, as to achieve feature parity with commercial AM. Our deployment would be in the few 1000s of RHEL7+8 under PCI-DSS. I was thinking about having clamonacc watching the clamd.pid-file - But then discovered https://bugzilla.clamav.net/show_bug.cgi?id=12595 which discusses removal of PID-Path from config. Please let me know if you already see blockers or issue "go for it" to this idea. Unless I accomplish this myself, we might be able to raise a bounty. My background is System Engineering and I am inclined to contributing opensource. Just FYI, this is my current playground, simply installing the EPEL packaged RPMs into a virutalmachine: https://gitlab.com/goshansp/clamav Question Summary: - Is it feasible to implement clamd-pid-filtering in clamonacc or am I missing something? - What is needed to bump clamav v1.0? - Are there any videocalls / irc sessions scheduled? (I live in UTC and would be eager to listen into current discussions) I am looking forward to your answer. Best regards and much appreciation for clamav, Hanspeter -- hanspeter.gost...@gmail.com +41794010780 _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
