Ubuntu
clamav package

clamav-daemon on access scanning

Bug #1881761 reported by mikey
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

Does on access scanning work at all in 20.04?

I tried enabling ScanOnAccess but got the warning:

  WARNING: Ignoring deprecated option ScanOnAccess at /etc/clamav/clamd.conf:2

I reverted to the config created by running:

  sudo dpkg-reconfigure clamav-daemon

Reading the info in clamav for current version they seem to say that clamonacc needs to be running as of the version in 20.04 and I can see no service for it.

  https://www.clamav.net/documents/on-access-scanning#for-versions--01020-1

Anywhichway I have been unable to get access scanning working any way that I have tried it.

Revision history for this message
mikey (abc-mikey) wrote :

I have been using https://www.eicar.org/?page_id=3950 for testing which works with a manual scan.

I am able to run clamonacc by appending to /etc/clamav/clamd.conf

  OnAccessExcludeUname clamav

Even this shows no sign of actually doing on access checks.

Revision history for this message
mikey (abc-mikey) wrote :

I was missing a path to scan:

  OnAccessIncludePath /home/user

With that and clamonacc running I get on access scans.

Which means that clamonacc should have it's own service file.

Though I think I'm about to give up on it, as after that I receive warnings about:

  ^lstat() failed on: /home/user/path/to/file

Though the clamav user is part of the user's group so should have access, I suspect apparmour is doing something to prevent access here. And it is not recommended to run clamav without apparmour or as root.

So I guess no one is actually using on access scanning with clamav-daemon in this way.

Revision history for this message
Simon Déziel (sdeziel) wrote :

Hello Mikey, I remember OnAccessIncludePath working well as long as it was coupled with clamonacc --fdpass. The FD passing allowed to sidestep problems coming from Apparmor IIRC.

It's unfortunate that the package doesn't ship a clamonacc.service but this should work:

[Unit]
Description=ClamAV On-Access Scanning
After=clamav-daemon.service
Wants=clamav-daemon.service

[Service]
ExecStart=/usr/sbin/clamonacc --foreground --fdpass
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

This should serve as a reminder for me to take the time and propose that to Debian ;)

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Hi mikey,

Thank you for reporting this bug and trying to make Ubuntu better!

My understanding here, given Simon's suggestion for the issue, is that the package is working as expected, but it would be nice to have the additional service running "clamonacc" with the proper parameters.

I am marking this bug as triaged as a wishlist bug, ideally to be fixed in Debian. Let us know if you disagree with my assessment here.

Changed in clamav (Ubuntu):
status: New → Triaged
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.