Hi,
I have a question concerning the exclusion statement in clamd.conf
# clamconf | grep Exclude
ExcludePath = "^/run/", "^/dev/", "^/sys/", "^/proc/"
# /bin/clamdscan -l /var/log/clamdscan.log /sys
--------------------------------------
/sys: Excluded
/sys: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
Fine /sys seems to be excluded from scanning.
When I issue the same command but starting at the root /, I see a lot of errors popping up in the log file and all of them are pointing to /sys. I am confused because /sys is excluded from scanning but errors are logged for that filesystem. What do I do wrong and/or how can I avoid this?
# /bin/clamdscan -l /var/log/clamdscan.log /
# head /var/log/clamdscan.log
--------------------------------------
/root/eicar.com: Eicar-Signature FOUND
/sys/fs/xfs/stats/stats: Can't read file ERROR
/sys/fs/xfs/stats/stats_clear: Can't open file or directory ERROR
/sys/fs/xfs/dm-0/stats/stats: Can't read file ERROR
/sys/fs/xfs/dm-0/stats/stats_clear: Can't open file or directory ERROR
/sys/fs/xfs/dm-0/error/fail_at_unmount: Can't read file ERROR
/sys/fs/xfs/dm-0/error/metadata/default/max_retries: Can't read file ERROR
/sys/fs/xfs/dm-0/error/metadata/default/retry_timeout_seconds: Can't read file ERROR
/sys/fs/xfs/dm-0/error/metadata/EIO/max_retries: Can't read file ERROR
........
Pascal De Meerleer
Disclaimer <http://www.kbc.com/KBCmailDisclaimer>
I have a question concerning the exclusion statement in clamd.conf
# clamconf | grep Exclude
ExcludePath = "^/run/", "^/dev/", "^/sys/", "^/proc/"
# /bin/clamdscan -l /var/log/clamdscan.log /sys
--------------------------------------
/sys: Excluded
/sys: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
Fine /sys seems to be excluded from scanning.
When I issue the same command but starting at the root /, I see a lot of errors popping up in the log file and all of them are pointing to /sys. I am confused because /sys is excluded from scanning but errors are logged for that filesystem. What do I do wrong and/or how can I avoid this?
# /bin/clamdscan -l /var/log/clamdscan.log /
# head /var/log/clamdscan.log
--------------------------------------
/root/eicar.com: Eicar-Signature FOUND
/sys/fs/xfs/stats/stats: Can't read file ERROR
/sys/fs/xfs/stats/stats_clear: Can't open file or directory ERROR
/sys/fs/xfs/dm-0/stats/stats: Can't read file ERROR
/sys/fs/xfs/dm-0/stats/stats_clear: Can't open file or directory ERROR
/sys/fs/xfs/dm-0/error/fail_at_unmount: Can't read file ERROR
/sys/fs/xfs/dm-0/error/metadata/default/max_retries: Can't read file ERROR
/sys/fs/xfs/dm-0/error/metadata/default/retry_timeout_seconds: Can't read file ERROR
/sys/fs/xfs/dm-0/error/metadata/EIO/max_retries: Can't read file ERROR
........
Pascal De Meerleer
Disclaimer <http://www.kbc.com/KBCmailDisclaimer>