... | ... |
@@ -659,17 +659,21 @@ This option allows excluding directories from on-access scanning. It can be used |
659 | 659 |
Default: disabled |
660 | 660 |
.TP |
661 | 661 |
\fBOnAccessExcludeRootUID BOOL\fR |
662 |
-With this option you can whitelist the root UID (0). Processes run under root with be able to access all files without triggering scans or permission denied events. |
|
662 |
+With this option you can whitelist the root UID (0). Processes run under root will be able to access all files without triggering scans or permission denied events. |
|
663 |
+.br |
|
664 |
+Note that if clamd cannot check the uid of the process that generated an on-access scan event (e.g., because \fBOnAccessPrevention\fR was not enabled, and the process already exited), clamd will perform a scan. Thus, setting \fBOnAccessExcludeRootUID\fR is not \fIguaranteed\fR to prevent every access by the root user from triggering a scan (unless \fBOnAccessPrevention\fR is enabled). |
|
663 | 665 |
.br |
664 | 666 |
Default: no |
665 | 667 |
.TP |
666 | 668 |
\fBOnAccessExcludeUID NUMBER\fR |
667 |
-With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files. |
|
669 |
+With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files without triggering scans or permission denied events. |
|
668 | 670 |
.br |
669 | 671 |
This option can be used multiple times (one per line). |
670 | 672 |
.br |
671 | 673 |
Note: using a value of 0 on any line will disable this option entirely. To whitelist the root UID (0) please enable the OnAccessExcludeRootUID option. |
672 | 674 |
.br |
675 |
+Also note that if clamd cannot check the uid of the process that generated an on-access scan event (e.g., because \fBOnAccessPrevention\fR was not enabled, and the process already exited), clamd will perform a scan. Thus, setting \fBOnAccessExcludeUID\fR is not \fIguaranteed\fR to prevent every access by the specified uid from triggering a scan (unless \fBOnAccessPrevention\fR is enabled). |
|
676 |
+.br |
|
673 | 677 |
Default: disabled |
674 | 678 |
.TP |
675 | 679 |
\fBOnAccessMaxFileSize SIZE\fR |
... | ... |
@@ -612,6 +612,11 @@ Example |
612 | 612 |
# With this option you can whitelist the root UID (0). Processes run under |
613 | 613 |
# root with be able to access all files without triggering scans or |
614 | 614 |
# permission denied events. |
615 |
+# Note that if clamd cannot check the uid of the process that generated an |
|
616 |
+# on-access scan event (e.g., because OnAccessPrevention was not enabled, and |
|
617 |
+# the process already exited), clamd will perform a scan. Thus, setting |
|
618 |
+# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the |
|
619 |
+# root user from triggering a scan (unless OnAccessPrevention is enabled). |
|
615 | 620 |
# Default: no |
616 | 621 |
#OnAccessExcludeRootUID no |
617 | 622 |
|
... | ... |
@@ -621,6 +626,11 @@ Example |
621 | 621 |
# This option can be used multiple times (one per line). |
622 | 622 |
# Using a value of 0 on any line will disable this option entirely. To whitelist |
623 | 623 |
# the root UID (0) please enable the OnAccessExcludeRootUID option. |
624 |
+# Also note that if clamd cannot check the uid of the process that generated an |
|
625 |
+# on-access scan event (e.g., because OnAccessPrevention was not enabled, and |
|
626 |
+# the process already exited), clamd will perform a scan. Thus, setting |
|
627 |
+# OnAccessExcludeUID is not *guaranteed* to prevent every access by the |
|
628 |
+# specified uid from triggering a scan (unless OnAccessPrevention is enabled). |
|
624 | 629 |
# Default: disabled |
625 | 630 |
#OnAccessExcludeUID -1 |
626 | 631 |
|