Mailing List Archive: [clamav-users] Virusevent is not working

[clamav-users] Virusevent is not working

Aug 27, 2020, 6:21 AM

Post #1 of 3 (268 views)

Hello,

well, thank to the input from this list clamonacc is now working.
Unfortunately opening a file with the eicar test signature will not trigger
a virusevent. If I execute the file myself I get an email with clamav.log
attached, as it should. These are my versions of clamav: (Debian 10)
ii clamav 0.102.4+dfsg-0+deb10u1
ii clamav-base 0.102.4+dfsg-0+deb10u1
ii clamav-daemon 0.102.4+dfsg-0+deb10u1
ii clamav-freshclam 0.102.4+dfsg-0+deb10u1
ii clamdscan 0.102.4+dfsg-0+deb10u1
ii libclamav9:amd64 0.102.4+dfsg-0+deb10u1

Any suggestions how to fix this or maybe a recipe for a workaround?

Yours sincerely
Stefan

Re: [clamav-users] Virusevent is not working [ In reply to ]

clamav-users at lists

Aug 27, 2020, 7:06 AM

Post #2 of 3 (268 views)

Permalink

Hi there,

On Thu, 27 Aug 2020, Stefan Malte Schumacher via clamav-users wrote:

> well, thank to the input from this list clamonacc is now working.

:)

> Unfortunately opening a file with the eicar test signature will not trigger
> a virusevent.

https://bugzilla.clamav.net/show_bug.cgi?id=12152#c2

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virusevent is not working [ In reply to ]

clamav-users at lists

Aug 27, 2020, 3:40 PM

Post #3 of 3 (267 views)

Permalink

Ged, that ticket isn't really relevant anymore and should be closed. In 0.102, the on-access scanning feature is a separate application "clamonacc", as you know, and is simply a client to clamd the same way clamdscan is. As a result, the VirusEvent issue for on-access scanning is fixed and should work just fine.

In fact, on my laptop I have (although it's off right now) on-access scans of my Windows WSL2 Ubuntu home directory triggering powershell.exe to pop up native Windows notifications when an alert occurs. It's kinda cool!

The trick is that whatever your VirusEvent command may be -- the user that `clamd` is running as needs to be able to execute it or you won't see any activity. In my powershell.exe example, I found that my "clamav" user didn't have the same environment variables and originally couldn't find powershell.exe. To fix it, Ihad to use a full path to powershell.exe. Stefan, perhaps the reason VirusEvent isn't working for you is similar.

-Micah

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of G.W. Haywood via clamav-users
Sent: Thursday, August 27, 2020 7:07 AM
To: Stefan Malte Schumacher via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] Virusevent is not working

Hi there,

On Thu, 27 Aug 2020, Stefan Malte Schumacher via clamav-users wrote:

> well, thank to the input from this list clamonacc is now working.

:)

> Unfortunately opening a file with the eicar test signature will not
> trigger a virusevent.

https://bugzilla.clamav.net/show_bug.cgi?id=12152#c2

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml