Hi there,
Sorry again for the delay. I've attached a small patch which provides a bit deeper (and possibly excessive) error reporting for clamonacc. Please give it a try and let us know what errors pop up so we can better figure out the problem.
Thanks,
Mickey
On 2020-08-17 18:41:49-04:00 clamav-users wrote:
Sorry for the long delay on my part as well. My teammate Mickey is presently working on a patch to improve the error output to so we can get a better idea what?s gone wrong for you. She or I will let you know as soon as we have something that you can test with.
Regards,
Micah
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Marian Galbavy via clamav-users
Sent: Wednesday, August 12, 2020 12:57 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Marian Galbavy <mgalb91@gmail.com>
Subject: Re: [clamav-users] on-access scan /media folder
Thank you guys for your answers. Sorry for my late reply, I was in abroad. I have already read documentation of ClamAV, but I didn't find any answer, what does error 3 mean. Here is my clamd.conf:
#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PreludeEnable no
PreludeAnalyzerName ClamAV
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 30
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanTime 120000
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OnAccessMaxFileSize 5M
OnAccessPrevention yes
OnAccessIncludePath /home
OnAccessIncludePath /usr/local
OnAccessIncludePath /tmp
OnAccessIncludePath /var
OnAccessIncludePath /opt
OnAccessIncludePath /root
OnAccessExcludeUname clamav
OnAccessDisableDDD no
Micah, sounds great, if you will make some patch, I am able to test it. Thank you in advance :)
st 5. 8. 2020 o 22:06 Micah Snyder (micasnyd) via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> nap?sal(a):
Hi Marian,
To add to what Ged said -- Mickey is actively investigating the source of the error you've described. Unfortunately the errors currently produced when watching a mount point fails do not provide very much detail about why it failed.
If we create a patch, would you be able to compile and test with the patch to help us figure out what is causing the issue you've encountered?
Regards,
Micah
-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net>> On Behalf Of G.W. Haywood via clamav-users
Sent: Tuesday, August 4, 2020 5:16 AM
To: Marian Galbavy via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk<mailto:clamav@jubileegroup.co.uk>>
Subject: Re: [clamav-users] on-access scan /media folder
Hi there,
On Tue, 4 Aug 2020, Marian Galbavy via clamav-users wrote:
> I have problem with on-access scan of /media folder in Ubuntu. I would
> like to have on-access scan for connected removable devices but it doesn't work.
> In log I have find this line:
> ERROR: ClamInotif: could not watch path '/media'. 3 User clamav has
> read permissions for this folder, nevertheless I can open eicar file
> from my flash disk. However if I run clamdscan, clamav recognize this
> file as malicious. ...
Although I mostly use Linux and similar systems, I don't use ClamAV to scan them nor do I use on-access scanning in any way. I believe that there are a few issues with on-acccess scanning known and being worked on, but except that they are not necessarily obvious I don't know much about them. So I'm probably not the best person to help you directly with your problem. However I can at least let you know that your mail has been seen, point you to the documentation and the list archives, and help you to improve your question. :)
There is some documentation on-line, and it should also be available for installation from Ubuntu (or already installed on your computer):
https://www.clamav.net/documents/on-access-scanning Can we take it that you have read that?
The list archives already contain questions about on-access scanning, and it might be well for you to search them. There are several places to find them, for example I find this archive very useful:
https://marc.info/?l=clamav-users&r=1&w=2 Please tell us how you installed ClamAV, and the version you're using, and please show relevant parts of the relevant configuration files.
If you don't know what's relevant you could perhaps post the output of
grep -v '^\(# \|$\)' clamd.conf
or something similar, which should be around 160 lines instead of the nearer 760 lines if you were to include all the comments.
The way that devices are mounted may be important too. For example /media might be a symlink instead of a real mount point. If you are not familiar with the terms that I'm using you may need to do some reading about how devices are mounted on the filesystem and accessed.
Please be aware that ClamAV does not do miracles and that we do not do clairvoyance. It would help a lot if you can describe how you use your computer and explain why you are trying to do what you are trying to do. We might then be able to comment on your chances of success.
The mail address that I'm using accepts mail only from the mailing list.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
