Hi there, On Wed, 11 Aug 2021, Prevost, Keith via clamav-users wrote:
I was wondering if there is a way to get ClamAV to recursively watch a mount point for on access scanning? The only way it seems to work is If I have the entire static path in the clamd.conf file, but this isn't sufficient since that path changes depending on the current user logged into the system. Also, the clamd and clamonaccess services will not start properly if the system is rebooted since the external drive on the mount doesn't auto-mount. I use a test EICAR virus file to trigger the notification for testing. Anyone familiar with the on access functionality that I may be overlooking?
I don't use on-access scanning so this is just conjecture, but I'd have thought that if you want to use on-access scanning for users' home directories, then if you watch /home/ you'll be watching all the directories under /home/, whether or not they're mounted at boot (as long as you don't have "CrossFilesystems" set to "no", nor any other relevant exclusions, in the clamd config). But I haven't tested it. It isn't clear to me exactly what it is you've found that doesn't do what you want, it might help if you can give the exact combinations of (the relevant) configuration options that you've tried. The on-access capability depends on the operating system's "notify" features, so I guess if the OS doesn't notify when your filesystems are mounted, then the information won't reach the ClamAV utilities. It might be worth some time spent with the man pages, and also see https://blog.clamav.net/2015/09/clamav-099b2-on-access-scanning-now.html -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
