Mailing List Archive

I suspect it will depend on what platform you are running it on.

-Al-

> On Sep 24, 2019, at 04:20, Franky Van Liedekerke via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Hi all,
>
> currently I have onaccess scanning up and running just fine in clamav. However, some people claim this can be bypassed (so access a file and not force it to be scanned), so I have some questions:
>
> - is this true? Can onaccess be bypassed?
> - if so: can I force a scan of all files that should be protected by onaccess once a week or so? I know clamdscan exists, but you need to provide a folder to it, and via cron it seems too much to scan "/". Or maybe force a scan of all files that should be protected by onaccess but haven't been accessed/scanned yet?
>
> With friendly regards,
> Franky

To be complete: I'm running clamav 0.101.4 on RHEL7 (fully
patched)

Franky

Op Dinsdag, 24-09-2019 om 13:22 schreef Al Varnell via clamav-users:


I suspect it will depend on what platform you are running it on.

-Al-



On Sep 24, 2019, at 04:20, Franky Van Liedekerke via clamav-users
wrote:

Hi all,

currently I have onaccess scanning up and running just fine in clamav.
However, some people claim this can be bypassed (so access a file and
not force it to be scanned), so I have some questions:

- is this true? Can onaccess be bypassed?
- if so: can I force a scan of all files that should be protected by
onaccess once a week or so? I know clamdscan exists, but you need to
provide a folder to it, and via cron it seems too much to scan "/". Or
maybe force a scan of all files that should be protected by onaccess
but haven't been accessed/scanned yet?

With friendly regards,
Franky 

ClamAV only has built-in support for OnAccess scanning on Linux.

If there are people claiming that OnAccess scanning can be bypassed, you should ask them for more details. To my knowledge it hasn’t been discussed here before, and is the first I have heard of it.

Regards,
Micah


From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Al Varnell via clamav-users <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Tuesday, September 24, 2019 at 7:23 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Al Varnell <alvarnell@mac.com>
Subject: Re: [clamav-users] OnAccess and regular scanning

I suspect it will depend on what platform you are running it on.

-Al-


On Sep 24, 2019, at 04:20, Franky Van Liedekerke via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

Hi all,

currently I have onaccess scanning up and running just fine in clamav. However, some people claim this can be bypassed (so access a file and not force it to be scanned), so I have some questions:

- is this true? Can onaccess be bypassed?
- if so: can I force a scan of all files that should be protected by onaccess once a week or so? I know clamdscan exists, but you need to provide a folder to it, and via cron it seems too much to scan "/". Or maybe force a scan of all files that should be protected by onaccess but haven't been accessed/scanned yet?

With friendly regards,
Franky