Mailing List Archive

Yogesh,

I’m sorry to say VirusEvent for On-Access scanning has been disabled since 0.100 was released. I was unaware that there was nothing in the 0.100 release notes or that no other announcement was made. My apologies.

We’re actively re-working the OnAccess scanning feature, placing it in an external tool that interfaces with clamd, similar to how clamdscan or clamav-milter interface with clamd. Once this is complete, VirusEvent will work correctly with OnAccess scans.

Regards,
Micah

From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Yogesh Girikumar via clamav-users <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Monday, April 15, 2019 at 10:48 AM
To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Cc: Yogesh Girikumar <yogesh.girikumar@gmail.com>
Subject: [clamav-users] VirusEvent notification

Context: I'm trying to set up ClamAV on several servers a (Debian 9; )nd setup Slack/pagerduty-based notifications. But the command never fired. Searching around for clued, I found a forum post that mentions virusaction being disabled here: https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.102/clamd/onaccess_fan.c#L85

This change has not reflected in the man page, neither is there any announcement on ClamAV website or social media. This needs to be fixed.

Is there a different way I can setup a notification on virus detection that does not involve parsing logs? If not, are there examples that someone can point to where simple log parsing tools are used? I'm trying to not have to rely on something heavy like elasticsearch for this.

--
Yogesh

Yogesh,

I don’t like to make specific promises in public regarding release dates or new features. However, we are expecting this to be ready for the 0.102.0 release, which is planned to go into beta anywhere from late June to early August.

Regards,
Micah




From: Yogesh <yogesh.girikumar@zoho.com>
Date: Tuesday, April 16, 2019 at 2:03 PM
To: "Micah Snyder (micasnyd)" <micasnyd@cisco.com>, ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Yogesh Girikumar <yogesh.girikumar@gmail.com>
Subject: Re: [clamav-users] VirusEvent notification


Micah,

Thank you for the response.
On 4/16/19 8:51 PM, Micah Snyder (micasnyd) wrote:
I’m sorry to say VirusEvent for On-Access scanning has been disabled since 0.100 was released. I was unaware that there was nothing in the 0.100 release notes or that no other announcement was made. My apologies.
Can we retroactively add this to the release notes?

We’re actively re-working the OnAccess scanning feature, placing it in an external tool that interfaces with clamd, similar to how clamdscan or clamav-milter interface with clamd. Once this is complete, VirusEvent will work correctly with OnAccess scans.

This information is worth an announcement. Also, should I assume there's some timeline for these fixes? A milestone release might include this fix, perhaps?

--
Yogesh.