1. clamav-devel
  2. docs
  3. html
  4. node32.html
Raw Blame History 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<!--Converted with LaTeX2HTML 2008 (1.71)
original version by:  Nikos Drakos, CBLU, University of Leeds
* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>On-access Scanning</TITLE>
<META NAME="description" CONTENT="On-access Scanning">
<META NAME="keywords" CONTENT="clamdoc">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">

<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">

<LINK REL="STYLESHEET" HREF="clamdoc.css">

<LINK REL="next" HREF="node33.html">
<LINK REL="previous" HREF="node31.html">
<LINK REL="up" HREF="node29.html">
<LINK REL="next" HREF="node33.html">
</HEAD>

<BODY >

<DIV CLASS="navigation"><!--Navigation Panel-->
<A NAME="tex2html634"
  HREF="node33.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
<A NAME="tex2html630"
  HREF="node29.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html624"
  HREF="node31.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
<A NAME="tex2html632"
  HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
<BR>
<B> Next:</B> <A NAME="tex2html635"
  HREF="node33.html">Clamdtop</A>
<B> Up:</B> <A NAME="tex2html631"
  HREF="node29.html">Usage</A>
<B> Previous:</B> <A NAME="tex2html625"
  HREF="node31.html">Clamdscan</A>
 &nbsp; <B>  <A NAME="tex2html633"
  HREF="node1.html">Contents</A></B> 
<BR>
<BR></DIV>
<!--End of Navigation Panel-->

<H2><A NAME="SECTION00063000000000000000"></A><A NAME="On-access"></A>
<BR>
On-access Scanning
</H2>
    There is a special thread in <code>clamd</code> that performs on-access
    scanning under Linux and shares internal virus database
    with the daemon. By default, this thread will only notify you when
    potential threats are discovered. If you turn on prevention via
    <code>clamd.conf</code> then <SPAN  CLASS="textbf">you must follow some important rules when
    using it:</SPAN>
    
<UL>
<LI>Always stop the daemon cleanly - using the SHUTDOWN command or
	      the
<BR>
SIGTERM signal. In other case you can lose access
	      to protected files until the system is restarted.
</LI>
<LI>Never protect the directory your mail-scanner software
	      uses for attachment unpacking. Access to all infected
	      files will be automatically blocked and the scanner (including
	      <code>clamd</code>!) will not be able to detect any viruses. In the
	      result <SPAN  CLASS="textbf">all infected mails may be delivered.</SPAN>
</LI>
<LI>Watch your entire filesystem only using the <code>clamd.conf</code>
	      OnAccessMountPath option. While this will disable on-access prevention,
	      it will avoid potential system lockups caused by fanotify's blocking
	      functionality.
</LI>
<LI>Using the On-Access Scanner to watch a virtual filesystem will result
	      in undefined behaviour.
    
</LI>
</UL>
    The default configuration utilizes inotify to recursively keep track of
    directories. If you need to protect more than 8192 directories it will
    be necessary to change inotify's <code>max_user_watches</code> value.
    
<BR>
<BR>
This can be done temporarily with:
    <PRE>
    $ sysctl fs.inotify.max_user_watches=&lt;n&gt;
</PRE>
    Where <code>&lt;n&gt;</code> is the new maximum desired.
    
<BR>
<BR>
To watch your entire filesystem add the following lines to
    <code>clamd.conf</code>:
    <PRE>
	ScanOnAccess yes
	OnAccessMountPath /
</PRE>
    Similarly, to protect your home directory add the following lines to
    <code>clamd.conf</code>:
    <PRE>
	ScanOnAccess yes
	OnAccessIncludePath /home
	OnAccessExcludePath /home/user/temp/dir/of/your/mail/scanning/software
	OnAccessPrevention yes
</PRE>
    For more configuration options, type 'man clamd.conf' or reference the
    example clamd.conf.

<P>

<DIV CLASS="navigation"><HR>
<!--Navigation Panel-->
<A NAME="tex2html634"
  HREF="node33.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
<A NAME="tex2html630"
  HREF="node29.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html624"
  HREF="node31.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
<A NAME="tex2html632"
  HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
<BR>
<B> Next:</B> <A NAME="tex2html635"
  HREF="node33.html">Clamdtop</A>
<B> Up:</B> <A NAME="tex2html631"
  HREF="node29.html">Usage</A>
<B> Previous:</B> <A NAME="tex2html625"
  HREF="node31.html">Clamdscan</A>
 &nbsp; <B>  <A NAME="tex2html633"
  HREF="node1.html">Contents</A></B> </DIV>
<!--End of Navigation Panel-->
<ADDRESS>
Cisco 2017-07-13
</ADDRESS>
</BODY>
</HTML>