Hi, clamonacc is still blocking my webapp from loading. I've tried removing clamd from apparmor and running clamd through strace to find any obvious errors. Nothing has turned up yet except that maybe something is odd with the /tmp/ directory. If I "OnAccessExcludePath /tmp/", then everything works OK. I'd like to have /tmp/ in the scan config however because it's a world-writable location.
I have a hunch the /tmp/systemd-* directories are the source of trouble but how do I include /tmp/, yet still exclude just those systemd subdirectories? I've tried "ExcludePath /tmp/systemd-*" but the obvious regex makes no difference and I'm not sure if clamd.conf uses POSIX regex, or Perl style, or what. How can I exclude /tmp/systemd-*? My clamd.conf is below showing edits I've made from the default. TemporaryDirectory /var/lib/clamav/ ExcludePath ^/proc ExcludePath ^/sys ExcludePath ^/run ExcludePath ^/dev ExcludePath ^/var/lib/lxcfs/cgroup ExcludePath /tmp/systemd-* OnAccessPrevention yes OnAccessExtraScanning yes OnAccessExcludeUname clamav OnAccessExcludePath / OnAccessIncludePath /var/www OnAccessIncludePath /home OnAccessIncludePath /tmp OnAccessExcludePath /tmp/systemd-* _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
