[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    [clamav-users] CentOS 7 fanotify and Clamd
From:       Nick Couchman <nick.e.couchman () gmail ! com>
Date:       2017-03-16 15:35:10
Message-ID: CAFjj603boiKZ3yit7cMx2HQwDzj9_ibGM4eMFNzoiGc80rRtvw () mail ! gmail ! com
[Download RAW message or body]

I'm trying to get on-access scanning working in clamav on CentOS 7.  I'm
running CentOS 7.3, kernel 3.10.0-514.6.2.el7.x86_64, and can confirm that
the kernel is compiled with fanotify support:

# grep -i fanotify /boot/config-3.10.0-514.6.2.el7.x86_64
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

I also have SELinux set to Permissive mode, and, just in case, ran the
setsebool options for enabling antivirus support in SELinux.

I've configured clamd to start as root, which is required for fanotify, and
have the following options configured:

ScanOnAccess yes
OnAccessMountPath /
OnAccessMountPath /fstest
OnAccessIncludePath /home
OnAccessIncludePath /fstest

I've got clamd started and verified it's running, and I get the following
output in the log file:

Thu Mar 16 11:29:52 2017 -> ScanOnAccess: notifying only for access
attempts.
Thu Mar 16 11:29:52 2017 -> ScanOnAccess: Protecting '/' and rest of mount.
Thu Mar 16 11:29:52 2017 -> ScanOnAccess: Protecting '/fstest' and rest of
mount.
Thu Mar 16 11:29:52 2017 -> ScanOnAccess: Max file size limited to 5242880
bytes

So, it seems like it should be configured correctly and working?  But, if I
download the eicar test virus (eicar.com, eicar.com.txt, eicar.zip), and
then copy it around, cat it, etc., in either the /home directory or the
/fstest directory, nothing happens.  No entries in the log files, no
warnings - nothing to indicate that clamd is getting notified of the file
access attempt, let alone actually scanning it.

What am I missing??

Thanks!
-Nick
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic