<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!--Converted with LaTeX2HTML 2008 (1.71) original version by: Nikos Drakos, CBLU, University of Leeds * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan * with significant contributions from: Jens Lippmann, Marek Rouchal, Martin Wilck and others --> <HTML> <HEAD> <TITLE>On-access Scanning</TITLE> <META NAME="description" CONTENT="On-access Scanning"> <META NAME="keywords" CONTENT="clamdoc"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <META NAME="Generator" CONTENT="LaTeX2HTML v2008"> <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css"> <LINK REL="STYLESHEET" HREF="clamdoc.css"> <LINK REL="next" HREF="node33.html"> <LINK REL="previous" HREF="node31.html"> <LINK REL="up" HREF="node29.html"> <LINK REL="next" HREF="node33.html"> </HEAD> <BODY > <DIV CLASS="navigation"><!--Navigation Panel--> <A NAME="tex2html634" HREF="node33.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> <A NAME="tex2html630" HREF="node29.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> <A NAME="tex2html624" HREF="node31.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> <A NAME="tex2html632" HREF="node1.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A> <BR> <B> Next:</B> <A NAME="tex2html635" HREF="node33.html">Clamdtop</A> <B> Up:</B> <A NAME="tex2html631" HREF="node29.html">Usage</A> <B> Previous:</B> <A NAME="tex2html625" HREF="node31.html">Clamdscan</A> <B> <A NAME="tex2html633" HREF="node1.html">Contents</A></B> <BR> <BR></DIV> <!--End of Navigation Panel--> <H2><A NAME="SECTION00063000000000000000"></A><A NAME="On-access"></A> <BR> On-access Scanning </H2> There is a special thread in <code>clamd</code> that performs on-access scanning under Linux and shares internal virus database with the daemon. By default, this thread will only notify you when potential threats are discovered. If you turn on prevention via <code>clamd.conf</code> then <SPAN CLASS="textbf">you must follow some important rules when using it:</SPAN> <UL> <LI>Always stop the daemon cleanly - using the SHUTDOWN command or the <BR> SIGTERM signal. In other case you can lose access to protected files until the system is restarted. </LI> <LI>Never protect the directory your mail-scanner software uses for attachment unpacking. Access to all infected files will be automatically blocked and the scanner (including <code>clamd</code>!) will not be able to detect any viruses. In the result <SPAN CLASS="textbf">all infected mails may be delivered.</SPAN> </LI> <LI>Watch your entire filesystem only using the <code>clamd.conf</code> OnAccessMountPath option. While this will disable on-access prevention, it will avoid potential system lockups caused by fanotify's blocking functionality. </LI> <LI>Using the On-Access Scanner to watch a virtual filesystem will result in undefined behaviour. </LI> </UL> The default configuration utilizes inotify to recursively keep track of directories. If you need to protect more than 8192 directories it will be necessary to change inotify's <code>max_user_watches</code> value. <BR> <BR> This can be done temporarily with: <PRE> $ sysctl fs.inotify.max_user_watches=<n> </PRE> Where <code><n></code> is the new maximum desired. <BR> <BR> To watch your entire filesystem add the following lines to <code>clamd.conf</code>: <PRE> ScanOnAccess yes OnAccessMountPath / </PRE> Similarly, to protect your home directory add the following lines to <code>clamd.conf</code>: <PRE> ScanOnAccess yes OnAccessIncludePath /home OnAccessExcludePath /home/user/temp/dir/of/your/mail/scanning/software OnAccessPrevention yes </PRE> For more configuration options, type 'man clamd.conf' or reference the example clamd.conf. <P> <DIV CLASS="navigation"><HR> <!--Navigation Panel--> <A NAME="tex2html634" HREF="node33.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> <A NAME="tex2html630" HREF="node29.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> <A NAME="tex2html624" HREF="node31.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> <A NAME="tex2html632" HREF="node1.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A> <BR> <B> Next:</B> <A NAME="tex2html635" HREF="node33.html">Clamdtop</A> <B> Up:</B> <A NAME="tex2html631" HREF="node29.html">Usage</A> <B> Previous:</B> <A NAME="tex2html625" HREF="node31.html">Clamdscan</A> <B> <A NAME="tex2html633" HREF="node1.html">Contents</A></B> </DIV> <!--End of Navigation Panel--> <ADDRESS> Cisco 2017-07-13 </ADDRESS> </BODY> </HTML>