Op Donderdag, 26-09-2019 om 19:17 schreef G.W. Haywood via clamav-users:
> Hello again,
>
> On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote:
>
> > ... making sure they are all strings looks better now in most cases.
> >
> > So I now have these :-
> >
> > OnAccessIncludePath /var/log
> > (
Hello again,
On Thu, 26 Sep 2019, CROFT Ian via clamav-users wrote:
... making sure they are all strings looks better now in most cases.
So I now have these :-
OnAccessIncludePath /var/log
( Only added to include to get around the bug previously mentioned )
OnAccessIncludePath /var
It would be better if these were consistent.
Also, it seems to me that a regex is overkill, while a literal string is
rather limiting. Might it not be better simply to use the standard file
path pattern with wildcard characters ('*'), like (e.g.) rsync uses?
On Thu, 26 Sep 2019 11:30:01 +0200
Indeed, I'm having this problem too. Probably the include wins
over the exclude, even with this in the logs:
clamd[4940]: ScanOnAccess: Protecting directory '/var/log' (and all
sub-directories)
clamd[4940]: ScanOnAccess: Protecting directory '/var' (and all
sub-directories)
clamd[4940]:
It's a fair point Ged well made.
And making sure they are all strings looks better now in most cases.
So I now have these :-
OnAccessIncludePath /var/log ( Only added to include to get around the bug
previously mentioned )
OnAccessIncludePath /var
OnAccessExcludePath /var/log
However eicar
Op Donderdag, 26-09-2019 om 11:22 schreef G.W. Haywood via clamav-users:
> Hi there,
>
> On Thu, 26 Sep 2019, CROFT Ian wrote:
>
> > But when I put an EICAR test txt file in /var/log/test.txt it is getting
> > picked up by the OnAccess scanner.
> >
> > I have tried ^/var/log/ and ^/var/log/* -
Hi there,
On Thu, 26 Sep 2019, CROFT Ian wrote:
But when I put an EICAR test txt file in /var/log/test.txt it is getting picked
up by the OnAccess scanner.
I have tried ^/var/log/ and ^/var/log/* - same issue the test.txt is still
picked up by the OnAccess scanner when it should in my mind
We have separate filesystems on our servers under /var :-
/var
/var/log
/var/log/audit
And following this advice recently :-
While it is not recommended to scan everything under /var (or /var at all), the
reason it fails is because you have /var submounts (/var/log, /var/tmp).
This is
