... | ... |
@@ -106,7 +106,7 @@ void *onas_fan_th(void *arg) |
106 | 106 |
short int scan; |
107 | 107 |
int sizelimit = 0, extinfo; |
108 | 108 |
STATBUF sb; |
109 |
- uint64_t fan_mask = FAN_ACCESS_PERM | FAN_OPEN_PERM | FAN_EVENT_ON_CHILD; |
|
109 |
+ uint64_t fan_mask = FAN_EVENT_ON_CHILD; |
|
110 | 110 |
fd_set rfds; |
111 | 111 |
char buf[4096]; |
112 | 112 |
ssize_t bread; |
... | ... |
@@ -145,26 +145,17 @@ void *onas_fan_th(void *arg) |
145 | 145 |
return NULL; |
146 | 146 |
} |
147 | 147 |
|
148 |
- if (optget(tharg->opts, "OnAccessPreventRead")->enabled) { |
|
149 |
- logg("ScanOnAccess: preventing read attempts on malicious files.\n"); |
|
150 |
- fan_mask |= FAN_ACCESS_PERM; |
|
148 |
+ if (!optget(tharg->opts, "OnAccessNotifyOnly")->enabled && !optget(tharg->opts, "OnAccessMountPath")->enabled) { |
|
149 |
+ logg("ScanOnAccess: preventing access attempts on malicious files.\n"); |
|
150 |
+ fan_mask |= FAN_ACCESS_PERM | FAN_OPEN_PERM; |
|
151 | 151 |
} else { |
152 |
- logg("ScanOnAccess: notifying for read attempts.\n"); |
|
153 |
- fan_mask |= FAN_ACCESS; |
|
154 |
- } |
|
155 |
- |
|
156 |
- if (optget(tharg->opts, "OnAccessPreventOpen")->enabled) { |
|
157 |
- logg("ScanOnAccess: preventing open attempts on malicious files.\n"); |
|
158 |
- fan_mask |= FAN_OPEN_PERM; |
|
159 |
- } else { |
|
160 |
- logg("ScanOnAccess: notifying for open attempts.\n"); |
|
161 |
- fan_mask |= FAN_OPEN; |
|
152 |
+ logg("ScanOnAccess: notifying only for access attempts.\n"); |
|
153 |
+ fan_mask |= FAN_ACCESS | FAN_OPEN; |
|
162 | 154 |
} |
163 | 155 |
|
164 | 156 |
if ((pt = optget(tharg->opts, "OnAccessMountPath"))->enabled) { |
165 | 157 |
while(pt) { |
166 |
- if(fanotify_mark(onas_fan_fd, FAN_MARK_ADD | FAN_MARK_MOUNT, |
|
167 |
- FAN_OPEN | FAN_ACCESS | FAN_EVENT_ON_CHILD, onas_fan_fd, pt->strarg) != 0) { |
|
158 |
+ if(fanotify_mark(onas_fan_fd, FAN_MARK_ADD | FAN_MARK_MOUNT, fan_mask, onas_fan_fd, pt->strarg) != 0) { |
|
168 | 159 |
logg("!ScanOnAccess: Can't include mountpoint '%s'\n", pt->strarg); |
169 | 160 |
return NULL; |
170 | 161 |
} else |
... | ... |
@@ -592,17 +592,12 @@ Example |
592 | 592 |
# Default: no |
593 | 593 |
#OnAccessDisableDDD yes |
594 | 594 |
|
595 |
-# Modifies fanotify blocking behaviour when handling read permission events. |
|
596 |
-# If turned on, fanotify will prevent any read attempt if the file is a virus. |
|
595 |
+# Modifies fanotify blocking behaviour when handling permission events. |
|
596 |
+# If turned on, fanotify will only notify if the file scanned is a virus, |
|
597 |
+# and not perform any blocking. |
|
597 | 598 |
# (On-access scan only) |
598 |
-# Default: yes |
|
599 |
-#OnAccessPreventRead no |
|
600 |
- |
|
601 |
-# Modifies fanotify blocking behaviour when handling open permission events. |
|
602 |
-# If turned on, fanotify will prevent any open attempt if the file is a virus. |
|
603 |
-# (On-access scan only) |
|
604 |
-# Default: yes |
|
605 |
-#OnAccessPreventOpen no |
|
599 |
+# Default: no |
|
600 |
+#OnAccessNotifyOnly yes |
|
606 | 601 |
|
607 | 602 |
## |
608 | 603 |
## Bytecode |
... | ... |
@@ -404,9 +404,7 @@ const struct clam_option __clam_options[] = { |
404 | 404 |
|
405 | 405 |
{ "OnAccessDisableDDD", "disable-ddd", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "This option toggles the dynamic directory determination system for on-access scanning (Linux only).", "no" }, |
406 | 406 |
|
407 |
- { "OnAccessPreventRead", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "This option specifies is fanotify will prevent read attempts on malicious files (Linux only)", "yes" }, |
|
408 |
- |
|
409 |
- { "OnAccessPreventOpen", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD, "This option specifies if fanotify will prevent open attempts for malicious files (Linux only)", "yes" }, |
|
407 |
+ { "OnAccessNotifyOnly", "notify-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "This option changes fanotify behavior to not prevent access attempts on malicious files and simply notify the user instead (On Access scan only).", "no" }, |
|
410 | 408 |
|
411 | 409 |
/* FIXME: mark these as private and don't output into clamd.conf/man */ |
412 | 410 |
{ "DevACOnly", "dev-ac-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, FLAG_HIDDEN, OPT_CLAMD | OPT_CLAMSCAN, "", "" }, |