Regex or Wildcards cannot be used in the OnAccessExcludePath directive #1074
Comments
|
@Meloknight89 If anyone from the ClamAV Dev Community would like to work on this feature request, we will be happy to review and merge it. |
|
@rsundriyal I'd like to try this. Could you please specify the types of wildcards we should support? Are we limited to patterns like |
|
@b1tg @micahsnyder Thank you for taking this on and for providing the code for the ExcludePath. Do you have an approximate timeline for when this will be included in the latest release? |
|
@Meloknight89 Sorry I can't promise we'll work on it. Too many other things to do. I would be happy to review a PR if someone else wants to work on it though. If anyone does work on it, I think it would be helpful to have |
|
Working on it, will send out a PR this week. |
|
Hi @micahsnyder , any update for the PR review progress? |
|
I noticed this issue also duplicates #178 |
Describe the bug
Hello everyone, I'm encountering an issue with ClamAV's on-access scanning configuration on my Linux 4.18.0-516.el8.x86_64 system, running ClamAV version 0.103.10. I've defined the on-access watch path as /home and attempted to exclude the /home/*/.thunderbird path using the OnAccessExcludePath directive. However, it appears that the OnAccessExcludePath directive is only having effect, when an absolute path is defined. However, this method does not support the use of wildcards or regex, which makes it less flexible for my use case as I have multiple dynamic user directories to exclude.
Here are some details about my setup:
ClamAV Version: 0.103.10
Supported Optional Features: MEMPOOL, IPv6, AUTOIT_EA06, BZIP2, LIBXML2, PCRE2, ICONV, JSON
Platform: Linux 4.18.0-516.el8.x86_64, OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib Version: 1.2.11 (1.2.11), Compile Flags: a9
Config file: clamd.d/scan.conf
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile = "/var/log/clamd/clamd.log"
LogFileUnlock disabled
LogFileMaxSize = "20971520"
LogTime = "yes"
LogClean = "yes"
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/run/clamd.scan/clamd.sock"
LocalSocketGroup = "root"
LocalSocketMode = "660"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "200"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "16"
ReadTimeout = "120"
CommandReadTimeout = "30"
SendBufTimeout = "500"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "600"
ConcurrentDatabaseReload disabled
DisableCache disabled
VirusEvent = "/usr/local/sbin/clamd_virus_event.sh %v"
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User disabled
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "10000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "17"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "100000"
PCRERecMatchLimit = "2000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath = "/home"
OnAccessExcludePath = "/home/*/.thunderbird"
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname = "root"
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention = "yes"
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Has anyone else experienced this issue? Is there a workaround to allow wildcards or regex in directory path exclusions for on-access scanning in ClamAV? Any insights or suggestions would be greatly appreciated!
How to reproduce the problem
The text was updated successfully, but these errors were encountered: