Unfortunately, the ExcludeUID option in 0.99.2 is broken due to an oversight in how clam's optparser handles numbered lists which include 0. You can follow along with the resolution of that issue here: https://bugzilla.clamav.net/show_bug.cgi?id=11978
An important takeaway for you in that thread, as a RHEL 7 user, is that your SELinux targeted policy will prevent clamd from stating /proc/PID entirely--breaking the ExcludeUID functionality even farther. A second takeaway might be the patches you can apply to rebuild clam locally with the new fixes which might help solve the issue you're seeing. Hope this helps you a bit. Sorry things weren't quite right the first go round--that's my bad. - Mickey On Wed, Dec 13, 2017 at 2:37 AM, Juan Asensio Sánchez <oke...@gmail.com> wrote: > Hi, I am trying to configure clamd (running as user root) with ScanOnAccess > enabled and "OnAccessExcludeUID 0". Basically, our web app allows the user > to upload files using a WS (the web server runs as user xxxx, not root), > and then a batch job processes the file. I have also enabled > OnAccessPrevention, so in case of an upload with an infected file, the > batch job can't access (but root user could do it, as per > OnAccessExcludeUID). I have also created a script configured in VirusEvent > so we are alerted when a virus is detected. The problem is that, as the > file remains, the batch job is always trying to process the file, throwing > errors. I have tried to move the file to a quarantine folder using the > VirusEvent script, but the server completely freezes; after the tests, I > have read in some webs that we shouldn't move or delete the infected file > inside that script. > > So, what could be a solution? How can I move the file to a quarantine > folder using this configuration? Is there a better/alternative solution? > > # uname -a > Linux xxxxxxx 3.10.0-693.11.1.el7.x86_64 #1 SMP Fri Oct 27 05:39:05 EDT > 2017 x86_64 x86_64 x86_64 GNU/Linux > > # cat /etc/redhat-release > Red Hat Enterprise Linux Server release 7.4 (Maipo) > > # rpm -qa | grep clam > clamav-filesystem-0.99.2-8.el7.noarch > clamav-server-systemd-0.99.2-8.el7.noarch > clamav-update-0.99.2-8.el7.x86_64 > clamav-data-0.99.2-8.el7.noarch > clamav-server-0.99.2-8.el7.x86_64 > clamav-scanner-0.99.2-8.el7.noarch > clamav-0.99.2-8.el7.x86_64 > clamav-lib-0.99.2-8.el7.x86_64 > clamav-scanner-systemd-0.99.2-8.el7.noarch > > Thanks. > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
