Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#961884: add init script / systemd unit for clamonacc background scanner
201 views
Skip to first unread message
Patrick Schleizer
May 30, 2020, 4:00:03 PM5/30/20
to
Package: clamav-daemon
Severity: normal
X-Debbugs-CC: whonix...@whonix.org
Dear maintainer,
package clamav-daemon ships a file /usr/bin/clamonacc which is a
background virus scaning guard / real-time protection. It's currently
non-trivial to use.
sudo clamonacc
ERROR: Clamonacc: at least one of OnAccessExcludeUID,
OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ... it
is reccomended you exclude the clamd instance UID or uname to prevent
infinite event scanning loops
May I suggest adding an init script / systemd unit file which runs the
clamonacc background scanner?
Cheers,
Patrick
Severity: normal
X-Debbugs-CC: whonix...@whonix.org
Dear maintainer,
package clamav-daemon ships a file /usr/bin/clamonacc which is a
background virus scaning guard / real-time protection. It's currently
non-trivial to use.
sudo clamonacc
ERROR: Clamonacc: at least one of OnAccessExcludeUID,
OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ... it
is reccomended you exclude the clamd instance UID or uname to prevent
infinite event scanning loops
May I suggest adding an init script / systemd unit file which runs the
clamonacc background scanner?
Cheers,
Patrick
Sebastian Andrzej Siewior
Jun 29, 2021, 4:30:04 PM6/29/21
to
On 2020-05-30 19:53:49 [+0000], Patrick Schleizer wrote:
> package clamav-daemon ships a file /usr/bin/clamonacc which is a
> background virus scaning guard / real-time protection. It's currently
> non-trivial to use.
>
> sudo clamonacc
>
> ERROR: Clamonacc: at least one of OnAccessExcludeUID,
> OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ... it
> is reccomended you exclude the clamd instance UID or uname to prevent
> infinite event scanning loops
>
> May I suggest adding an init script / systemd unit file which runs the
> clamonacc background scanner?
The config file has to be touched manually to configure it properly. In
> package clamav-daemon ships a file /usr/bin/clamonacc which is a
> background virus scaning guard / real-time protection. It's currently
> non-trivial to use.
>
> sudo clamonacc
>
> ERROR: Clamonacc: at least one of OnAccessExcludeUID,
> OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ... it
> is reccomended you exclude the clamd instance UID or uname to prevent
> infinite event scanning loops
>
> May I suggest adding an init script / systemd unit file which runs the
> clamonacc background scanner?
the past this was part of clamd and people managed to lockup / deadlock
their systems. Therefore I hesitate to add an initscript here.
However I agree that even with proper configuration an initscript would
be nice here since there is no need to over complicate it.
Feel free to post something (by someone who is actually using it),
otherwise I try to add something later on.
> Cheers,
> Patrick
Sebastian
Patrick Schleizer
Jun 30, 2021, 2:00:03 AM6/30/21
to
Perhaps a disabled by default $initscript?
Sébastien Villemot
Jan 18, 2023, 4:12:43 PM1/18/23
to
clamonacc, so it looks like this issue has been addressed.
However, the unit is enabled by default. This looks like a bug, because
the service fails to start with the default configuration.
--
⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁ Debian Developer
⢿⡄⠘⠷⠚⠋⠀ https://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀ https://www.debian.org
Stefan Hornburg (Racke)
Jan 19, 2023, 2:50:03 AM1/19/23
to
Most common use of ClamAV is to scan emails.
Regards
Racke
--
Automation expert - Ansible and friends
Linux administrator & Debian maintainer
Perl Dancer & conference hopper
vmxev...@gmail.com
Jan 19, 2023, 3:00:05 AM1/19/23
to
I use it to quell my paranoid mode to scan my debian laptop
Tim McConnell
Mar 7, 2023, 2:20:05 PM3/7/23
to
I used ClamTK to schedule a scan every night at 23:00.
I would have thought it would be no problem. I also get those messages
from clamonacc. Which leaves me with 2 questions, 1. Shouldn't ClamTK
auto-exclude the needed directories? 2. How long is normal for scanning
a 91GB Home dir? To test if I could run the scan from Clamtk at all I
started a scan at 20:30 and left it to run. I came back at 11:30 AM and
it was still going. Just how long can I expect these to take? And is
there a way to exclude directories?
Thanks!
--
Tim McConnell <tmccon...@gmail.com>
I would have thought it would be no problem. I also get those messages
from clamonacc. Which leaves me with 2 questions, 1. Shouldn't ClamTK
auto-exclude the needed directories? 2. How long is normal for scanning
a 91GB Home dir? To test if I could run the scan from Clamtk at all I
started a scan at 20:30 and left it to run. I came back at 11:30 AM and
it was still going. Just how long can I expect these to take? And is
there a way to exclude directories?
Thanks!
--
Tim McConnell <tmccon...@gmail.com>
Rob Fantini
Sep 11, 2023, 5:30:04 PM9/11/23
to
Hello
I got the following init clamonacc script from https://www.chaddevops.com/2020/02/ubuntu-1804-installing-clamav-with.html
#
/etc/systemd/system/clamonacc.service
[Unit]
Description=ClamAV On Access Scanner
Requires=clamav-daemon.service
After=clamav-daemon.service syslog.target network.target
[Service]
Type=simple
User=root
ExecStart=/usr/sbin/clamonacc -F --log=/var/log/clamav/clamonacc --move=/root/quarantine
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=multi-user.target
[Unit]
Description=ClamAV On Access Scanner
Requires=clamav-daemon.service
After=clamav-daemon.service syslog.target network.target
[Service]
Type=simple
User=root
ExecStart=/usr/sbin/clamonacc -F --log=/var/log/clamav/clamonacc --move=/root/quarantine
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=multi-user.target
added this to
/etc/clamav/clamd.conf .
OnAccessMaxFileSize
5M
OnAccessMountPath /home
OnAccessIncludePath /home
OnAccessExcludeUname root
OnAccessPrevention true
OnAccessExtraScanning false
VirusEvent /etc/clamav/detected.sh
OnAccessExcludeRootUID yes
OnAccessRetryAttempts 3
OnAccessMountPath /home
OnAccessIncludePath /home
OnAccessExcludeUname root
OnAccessPrevention true
OnAccessExtraScanning false
VirusEvent /etc/clamav/detected.sh
OnAccessExcludeRootUID yes
OnAccessRetryAttempts 3
and did these
mkdir
/root/quarantine
added
/etc/clamav/detected.sh :
#!/bin/bash
#/etc/clamav/detected.sh
#modify reply and to addresses
PATH=/usr/bin
alert="Signature detected: $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME"
logtail="$(tail -n 50 /var/log/clamav/clamav.log | tac)"
# send email
export HOME=/root
/usr/bin/printf "Host: $HOSTNAME.\n$alert\n\ntail -n 50 /var/log/clamav/clamav.log\n\n\n$logtail" | /usr/bin/mailx -s "VIRUS ALERT - $HOSTNAME" -r
RE...@YOURDOMAIN.COM "ALE...@YOURDOMNAIN.COM"
# Send the alert to systemd logger if exist, othewise to /var/log
if [[ -z $(command -v systemd-cat) ]]; then
echo "$(date) - $alert" >> /var/log/clamav/detections.log
else
echo "$alert" | /usr/bin/systemd-cat -t clamav -p emerg
fi
#!/bin/bash
#/etc/clamav/detected.sh
#modify reply and to addresses
PATH=/usr/bin
alert="Signature detected: $CLAM_VIRUSEVENT_VIRUSNAME in $CLAM_VIRUSEVENT_FILENAME"
logtail="$(tail -n 50 /var/log/clamav/clamav.log | tac)"
# send email
export HOME=/root
/usr/bin/printf "Host: $HOSTNAME.\n$alert\n\ntail -n 50 /var/log/clamav/clamav.log\n\n\n$logtail" | /usr/bin/mailx -s "VIRUS ALERT - $HOSTNAME" -r
RE...@YOURDOMAIN.COM "ALE...@YOURDOMNAIN.COM"
# Send the alert to systemd logger if exist, othewise to /var/log
if [[ -z $(command -v systemd-cat) ]]; then
echo "$(date) - $alert" >> /var/log/clamav/detections.log
else
echo "$alert" | /usr/bin/systemd-cat -t clamav -p emerg
fi
Note , we still have
apparmor issues so I disabled clamonacc for now.
0 new messages