Talk:ClamAV

From ArchWiki
Jump to: navigation, search

Should instructions for standalone (non-daemon) operation be added here or on its own page? --papabean 22:56, 11 October 2009 (EDT)


The new procedure of enabling and starting clamav with systemd goes something along the lines of:

  1. systemctl enable freshclamd
  2. systemctl start freshclamd
    • Once freshclam has finished downloading the database to /var/lib/clamav:
  3. systemctl enable clamd
  4. systemctl start clamd

I suspect there's a better way to do this so I haven't updated the article myself.--Kit (talk) 18:56, 16 October 2012 (UTC)

OnAccess Scanning

It would be great it the page could also contain a section on how to configure OnAccess scanning - how to set up directories, the permissions, how virus findings are reported, ... Mephinet (talk) 19:17, 22 August 2016 (UTC)


Is it possibile to enable the 'OnAccessScan' editing the /etc/clamav/clamd.conf and add this options:

/etc/clamav/clamd.conf
# Enable scan on access, required clamd service running
ScanOnAccess true 
# Set the mount point where to perform the scan,
# this could be every path o multiple path (one line for path)
# / for all
OnAccessMount /
# block all operation for the file during the scan
OnAccessPrevention false
# perform scans on newly created, moved, or renamed files
OnAccessExtraScanning true
# check UID and pid
OnAccessExclude UID 0
# action to perform when detects a malicious file (is possibile to specify a script path)
# in headless server
VirusEvents "echo $(date) - ${CLAM_VIRUSEVENT_VIRUSNAME}: ${CLAM_VIRUSEVENT_FILENAME} | wall"
# client with libnotify
# notify-send "Virus Found ${CLAM_VIRUSEVENT_VIRUSNAME}" "${CLAM_VIRUSEVENT_FILENAME} detected"
# is also possible to delete the file with 'rm $CLAM_VIRUSEVENT_FILENAME'

# clamd should run as root
User root

If you are using AppArmor it is necessary to allow clamd to run as root:

$ sudo aa-complain clamd


Source: http://blog.clamav.net/2016/03/configuring-on-access-scanning-in-clamav.html

Dodo (talk) 04:00, 14 March 2017 (UTC)Edoz90