mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
150 lines
5 KiB
HTML
150 lines
5 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
|
|
<!--Converted with LaTeX2HTML 2008 (1.71)
|
|
original version by: Nikos Drakos, CBLU, University of Leeds
|
|
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
|
|
* with significant contributions from:
|
|
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>On-access Scanning</TITLE>
|
|
<META NAME="description" CONTENT="On-access Scanning">
|
|
<META NAME="keywords" CONTENT="clamdoc">
|
|
<META NAME="resource-type" CONTENT="document">
|
|
<META NAME="distribution" CONTENT="global">
|
|
|
|
<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
|
|
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
|
|
|
|
<LINK REL="STYLESHEET" HREF="clamdoc.css">
|
|
|
|
<LINK REL="next" HREF="node33.html">
|
|
<LINK REL="previous" HREF="node31.html">
|
|
<LINK REL="up" HREF="node29.html">
|
|
<LINK REL="next" HREF="node33.html">
|
|
</HEAD>
|
|
|
|
<BODY >
|
|
|
|
<DIV CLASS="navigation"><!--Navigation Panel-->
|
|
<A NAME="tex2html634"
|
|
HREF="node33.html">
|
|
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
|
|
<A NAME="tex2html630"
|
|
HREF="node29.html">
|
|
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
|
|
<A NAME="tex2html624"
|
|
HREF="node31.html">
|
|
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
|
|
<A NAME="tex2html632"
|
|
HREF="node1.html">
|
|
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
|
|
<BR>
|
|
<B> Next:</B> <A NAME="tex2html635"
|
|
HREF="node33.html">Clamdtop</A>
|
|
<B> Up:</B> <A NAME="tex2html631"
|
|
HREF="node29.html">Usage</A>
|
|
<B> Previous:</B> <A NAME="tex2html625"
|
|
HREF="node31.html">Clamdscan</A>
|
|
<B> <A NAME="tex2html633"
|
|
HREF="node1.html">Contents</A></B>
|
|
<BR>
|
|
<BR></DIV>
|
|
<!--End of Navigation Panel-->
|
|
|
|
<H2><A NAME="SECTION00063000000000000000"></A><A NAME="On-access"></A>
|
|
<BR>
|
|
On-access Scanning
|
|
</H2>
|
|
There is a special thread in <code>clamd</code> that performs on-access
|
|
scanning under Linux and shares internal virus database
|
|
with the daemon. By default, this thread will only notify you when
|
|
potential threats are discovered. If you turn on prevention via
|
|
<code>clamd.conf</code> then <SPAN CLASS="textbf">you must follow some important rules when
|
|
using it:</SPAN>
|
|
|
|
<UL>
|
|
<LI>Always stop the daemon cleanly - using the SHUTDOWN command or
|
|
the
|
|
<BR>
|
|
SIGTERM signal. In other case you can lose access
|
|
to protected files until the system is restarted.
|
|
</LI>
|
|
<LI>Never protect the directory your mail-scanner software
|
|
uses for attachment unpacking. Access to all infected
|
|
files will be automatically blocked and the scanner (including
|
|
<code>clamd</code>!) will not be able to detect any viruses. In the
|
|
result <SPAN CLASS="textbf">all infected mails may be delivered.</SPAN>
|
|
</LI>
|
|
<LI>Watch your entire filesystem only using the <code>clamd.conf</code>
|
|
OnAccessMountPath option. While this will disable on-access prevention,
|
|
it will avoid potential system lockups caused by fanotify's blocking
|
|
functionality.
|
|
</LI>
|
|
<LI>Using the On-Access Scanner to watch a virtual filesytem will result
|
|
in undefined behaviour.
|
|
|
|
</LI>
|
|
</UL>
|
|
The default configuration utilizes inotify to recursively keep track of
|
|
directories. If you need to protect more than 8192 directories it will
|
|
be necessary to change inotify's <code>max_user_watches</code> value.
|
|
|
|
<BR>
|
|
<BR>
|
|
This can be done temporarily with:
|
|
<PRE>
|
|
$ sysctl fs.inotify.max_user_watches=<n>
|
|
</PRE>
|
|
Where <code><n></code> is the new maximum desired.
|
|
|
|
<BR>
|
|
<BR>
|
|
To watch your entire filesystem add the following lines to
|
|
<code>clamd.conf</code>:
|
|
<PRE>
|
|
ScanOnAccess yes
|
|
OnAccessMountPath /
|
|
</PRE>
|
|
Similarly, to protect your home directory add the following lines to
|
|
<code>clamd.conf</code>:
|
|
<PRE>
|
|
ScanOnAccess yes
|
|
OnAccessIncludePath /home
|
|
OnAccessExcludePath /home/user/temp/dir/of/your/mail/scanning/software
|
|
OnAccessPrevention yes
|
|
</PRE>
|
|
For more configuration options, type 'man clamd.conf' or reference the
|
|
example clamd.conf.
|
|
|
|
<P>
|
|
|
|
<DIV CLASS="navigation"><HR>
|
|
<!--Navigation Panel-->
|
|
<A NAME="tex2html634"
|
|
HREF="node33.html">
|
|
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
|
|
<A NAME="tex2html630"
|
|
HREF="node29.html">
|
|
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
|
|
<A NAME="tex2html624"
|
|
HREF="node31.html">
|
|
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
|
|
<A NAME="tex2html632"
|
|
HREF="node1.html">
|
|
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
|
|
<BR>
|
|
<B> Next:</B> <A NAME="tex2html635"
|
|
HREF="node33.html">Clamdtop</A>
|
|
<B> Up:</B> <A NAME="tex2html631"
|
|
HREF="node29.html">Usage</A>
|
|
<B> Previous:</B> <A NAME="tex2html625"
|
|
HREF="node31.html">Clamdscan</A>
|
|
<B> <A NAME="tex2html633"
|
|
HREF="node1.html">Contents</A></B> </DIV>
|
|
<!--End of Navigation Panel-->
|
|
<ADDRESS>
|
|
Cisco 2018-02-28
|
|
</ADDRESS>
|
|
</BODY>
|
|
</HTML>
|