... | ... |
@@ -84,7 +84,14 @@ static int onas_fan_scanfile(int fan_fd, const char *fname, struct fanotify_even |
84 | 84 |
else |
85 | 85 |
logg("ScanOnAccess: %s: %s FOUND\n", fname, virname); |
86 | 86 |
virusaction(fname, virname, tharg->opts); |
87 |
- res.response = FAN_DENY; |
|
87 |
+ |
|
88 |
+ if(!optget(tharg->opts, "OnAccessPreventRead")->enabled && fmd->mask & FAN_ACCESS_PERM) { |
|
89 |
+ res.response = FAN_ALLOW; |
|
90 |
+ } else if(!optget(tharg->opts, "OnAccessPreventOpen")->enabled && fmd->mask & FAN_OPEN_PERM) { |
|
91 |
+ res.response = FAN_ALLOW; |
|
92 |
+ } else { |
|
93 |
+ res.response = FAN_DENY; |
|
94 |
+ } |
|
88 | 95 |
} |
89 | 96 |
|
90 | 97 |
if(fmd->mask & FAN_ALL_PERM_EVENTS) { |
... | ... |
@@ -144,6 +151,22 @@ void *onas_fan_th(void *arg) |
144 | 144 |
return NULL; |
145 | 145 |
} |
146 | 146 |
|
147 |
+ if (optget(tharg->opts, "OnAccessPreventRead")->enabled) { |
|
148 |
+ logg("ScanOnAccess: preventing read attempts on malicious files.\n"); |
|
149 |
+ fan_mask |= FAN_ACCESS_PERM; |
|
150 |
+ } else { |
|
151 |
+ logg("ScanOnAccess: notifying for read attempts.\n"); |
|
152 |
+ fan_mask |= FAN_ACCESS; |
|
153 |
+ } |
|
154 |
+ |
|
155 |
+ if (optget(tharg->opts, "OnAccessPreventOpen")->enabled) { |
|
156 |
+ logg("ScanOnAccess: preventing open attempts on malicious files.\n"); |
|
157 |
+ fan_mask |= FAN_OPEN_PERM; |
|
158 |
+ } else { |
|
159 |
+ logg("ScanOnAccess: notifying for open attempts.\n"); |
|
160 |
+ fan_mask |= FAN_OPEN; |
|
161 |
+ } |
|
162 |
+ |
|
147 | 163 |
if (!optget(tharg->opts, "OnAccessDisableDDD")->enabled) { |
148 | 164 |
do { |
149 | 165 |
if(pthread_attr_init(&ddd_attr)) break; |
... | ... |
@@ -584,6 +584,17 @@ Example |
584 | 584 |
# Default: no |
585 | 585 |
#OnAccessDisableDDD yes |
586 | 586 |
|
587 |
+# Modifies fanotify blocking behaviour when handling read permission events. |
|
588 |
+# If turned on, fanotify will prevent any read attempt if the file is a virus. |
|
589 |
+# (On-access scan only) |
|
590 |
+# Default: yes |
|
591 |
+#OnAccessPreventRead no |
|
592 |
+ |
|
593 |
+# Modifies fanotify blocking behaviour when handling open permission events. |
|
594 |
+# If turned on, fanotify will prevent any open attempt if the file is a virus. |
|
595 |
+# (On-access scan only) |
|
596 |
+# Default: yes |
|
597 |
+#OnAccessPreventOpen no |
|
587 | 598 |
|
588 | 599 |
## |
589 | 600 |
## Bytecode |
... | ... |
@@ -394,7 +394,7 @@ const struct clam_option __clam_options[] = { |
394 | 394 |
|
395 | 395 |
{ "OnAccessIncludePath", "on-access-include", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option specifies a directory (including all files and directories\ninside it), which should be scanned on access. This option can\nbe used multiple times.", "/home\n/students" }, |
396 | 396 |
|
397 |
- { "OnAccessExcludePath", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option allows excluding directories from on-access scanning. It can\nbe used multiple times.", "/home/bofh\n/root" }, |
|
397 |
+ { "OnAccessExcludePath", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option allows excluding directories from on-access scanning. It can\nbe used multiple times. Only works with DDD system.", "/home/bofh\n/root" }, |
|
398 | 398 |
|
399 | 399 |
{ "OnAccessExcludeUID", NULL, 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "With this option you can whitelist specific UIDs. Processes with these UIDs\nwill be able to access all files.\nThis option can be used multiple times (one per line).", "0" }, |
400 | 400 |
|
... | ... |
@@ -402,6 +402,10 @@ const struct clam_option __clam_options[] = { |
402 | 402 |
|
403 | 403 |
{ "OnAccessDisableDDD", "disable-ddd", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "This option toggles the dynamic directory determination system for on-access scanning (Linux only)", "no" }, |
404 | 404 |
|
405 |
+ { "OnAccessPreventRead", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "This option specifies is fanotify will prevent read attempts on malicious files (Linux only)", "yes" }, |
|
406 |
+ |
|
407 |
+ { "OnAccessPreventOpen", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "This option specifies if fanotify will prevent open attempts for malicious files (Linux only)", "yes" }, |
|
408 |
+ |
|
405 | 409 |
/* FIXME: mark these as private and don't output into clamd.conf/man */ |
406 | 410 |
{ "DevACOnly", "dev-ac-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, FLAG_HIDDEN, OPT_CLAMD | OPT_CLAMSCAN, "", "" }, |
407 | 411 |
|