clamav/docs/html/node32.html

150 lines
5 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--Converted with LaTeX2HTML 2008 (1.71)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>On-access Scanning</TITLE>
<META NAME="description" CONTENT="On-access Scanning">
<META NAME="keywords" CONTENT="clamdoc">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="clamdoc.css">
<LINK REL="next" HREF="node33.html">
<LINK REL="previous" HREF="node31.html">
<LINK REL="up" HREF="node29.html">
<LINK REL="next" HREF="node33.html">
</HEAD>
<BODY >
<DIV CLASS="navigation"><!--Navigation Panel-->
<A NAME="tex2html634"
HREF="node33.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html630"
HREF="node29.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html624"
HREF="node31.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html632"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html635"
HREF="node33.html">Clamdtop</A>
<B> Up:</B> <A NAME="tex2html631"
HREF="node29.html">Usage</A>
<B> Previous:</B> <A NAME="tex2html625"
HREF="node31.html">Clamdscan</A>
&nbsp; <B> <A NAME="tex2html633"
HREF="node1.html">Contents</A></B>
<BR>
<BR></DIV>
<!--End of Navigation Panel-->
<H2><A NAME="SECTION00063000000000000000"></A><A NAME="On-access"></A>
<BR>
On-access Scanning
</H2>
There is a special thread in <code>clamd</code> that performs on-access
scanning under Linux and shares internal virus database
with the daemon. By default, this thread will only notify you when
potential threats are discovered. If you turn on prevention via
<code>clamd.conf</code> then <SPAN CLASS="textbf">you must follow some important rules when
using it:</SPAN>
<UL>
<LI>Always stop the daemon cleanly - using the SHUTDOWN command or
the
<BR>
SIGTERM signal. In other case you can lose access
to protected files until the system is restarted.
</LI>
<LI>Never protect the directory your mail-scanner software
uses for attachment unpacking. Access to all infected
files will be automatically blocked and the scanner (including
<code>clamd</code>!) will not be able to detect any viruses. In the
result <SPAN CLASS="textbf">all infected mails may be delivered.</SPAN>
</LI>
<LI>Watch your entire filesystem only using the <code>clamd.conf</code>
OnAccessMountPath option. While this will disable on-access prevention,
it will avoid potential system lockups caused by fanotify's blocking
functionality.
</LI>
<LI>Using the On-Access Scanner to watch a virtual filesytem will result
in undefined behaviour.
</LI>
</UL>
The default configuration utilizes inotify to recursively keep track of
directories. If you need to protect more than 8192 directories it will
be necessary to change inotify's <code>max_user_watches</code> value.
<BR>
<BR>
This can be done temporarily with:
<PRE>
$ sysctl fs.inotify.max_user_watches=&lt;n&gt;
</PRE>
Where <code>&lt;n&gt;</code> is the new maximum desired.
<BR>
<BR>
To watch your entire filesystem add the following lines to
<code>clamd.conf</code>:
<PRE>
ScanOnAccess yes
OnAccessMountPath /
</PRE>
Similarly, to protect your home directory add the following lines to
<code>clamd.conf</code>:
<PRE>
ScanOnAccess yes
OnAccessIncludePath /home
OnAccessExcludePath /home/user/temp/dir/of/your/mail/scanning/software
OnAccessPrevention yes
</PRE>
For more configuration options, type 'man clamd.conf' or reference the
example clamd.conf.
<P>
<DIV CLASS="navigation"><HR>
<!--Navigation Panel-->
<A NAME="tex2html634"
HREF="node33.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html630"
HREF="node29.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html624"
HREF="node31.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html632"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html635"
HREF="node33.html">Clamdtop</A>
<B> Up:</B> <A NAME="tex2html631"
HREF="node29.html">Usage</A>
<B> Previous:</B> <A NAME="tex2html625"
HREF="node31.html">Clamdscan</A>
&nbsp; <B> <A NAME="tex2html633"
HREF="node1.html">Contents</A></B> </DIV>
<!--End of Navigation Panel-->
<ADDRESS>
Cisco 2018-02-28
</ADDRESS>
</BODY>
</HTML>