Hi,
clamonacc is still blocking my webapp from loading. I've tried
removing clamd from apparmor and running clamd through strace to find
any obvious errors. Nothing has turned up yet except that maybe
something is odd with the /tmp/ directory. If I "OnAccessExcludePath
/tmp/", then everything works OK. I'd like to have /tmp/ in the scan
config however because it's a world-writable location.
I have a hunch the /tmp/systemd-* directories are the source of
trouble but how do I include /tmp/, yet still exclude just those
systemd subdirectories?
I've tried "ExcludePath /tmp/systemd-*" but the obvious regex makes no
difference and I'm not sure if clamd.conf uses POSIX regex, or Perl
style, or what. How can I exclude /tmp/systemd-*?
My clamd.conf is below showing edits I've made from the default.
TemporaryDirectory /var/lib/clamav/
ExcludePath ^/proc
ExcludePath ^/sys
ExcludePath ^/run
ExcludePath ^/dev
ExcludePath ^/var/lib/lxcfs/cgroup
ExcludePath /tmp/systemd-*
OnAccessPrevention yes
OnAccessExtraScanning yes
OnAccessExcludeUname clamav
OnAccessExcludePath /
OnAccessIncludePath /var/www
OnAccessIncludePath /home
OnAccessIncludePath /tmp
OnAccessExcludePath /tmp/systemd-*
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
clamonacc is still blocking my webapp from loading. I've tried
removing clamd from apparmor and running clamd through strace to find
any obvious errors. Nothing has turned up yet except that maybe
something is odd with the /tmp/ directory. If I "OnAccessExcludePath
/tmp/", then everything works OK. I'd like to have /tmp/ in the scan
config however because it's a world-writable location.
I have a hunch the /tmp/systemd-* directories are the source of
trouble but how do I include /tmp/, yet still exclude just those
systemd subdirectories?
I've tried "ExcludePath /tmp/systemd-*" but the obvious regex makes no
difference and I'm not sure if clamd.conf uses POSIX regex, or Perl
style, or what. How can I exclude /tmp/systemd-*?
My clamd.conf is below showing edits I've made from the default.
TemporaryDirectory /var/lib/clamav/
ExcludePath ^/proc
ExcludePath ^/sys
ExcludePath ^/run
ExcludePath ^/dev
ExcludePath ^/var/lib/lxcfs/cgroup
ExcludePath /tmp/systemd-*
OnAccessPrevention yes
OnAccessExtraScanning yes
OnAccessExcludeUname clamav
OnAccessExcludePath /
OnAccessIncludePath /var/www
OnAccessIncludePath /home
OnAccessIncludePath /tmp
OnAccessExcludePath /tmp/systemd-*
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml