Hi, I am trying to configure clamd (running as user root) with ScanOnAccess enabled and "OnAccessExcludeUID 0". Basically, our web app allows the user to upload files using a WS (the web server runs as user xxxx, not root), and then a batch job processes the file. I have also enabled OnAccessPrevention, so in case of an upload with an infected file, the batch job can't access (but root user could do it, as per OnAccessExcludeUID). I have also created a script configured in VirusEvent so we are alerted when a virus is detected. The problem is that, as the file remains, the batch job is always trying to process the file, throwing errors. I have tried to move the file to a quarantine folder using the VirusEvent script, but the server completely freezes; after the tests, I have read in some webs that we shouldn't move or delete the infected file inside that script.
So, what could be a solution? How can I move the file to a quarantine folder using this configuration? Is there a better/alternative solution? # uname -a Linux xxxxxxx 3.10.0-693.11.1.el7.x86_64 #1 SMP Fri Oct 27 05:39:05 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 (Maipo) # rpm -qa | grep clam clamav-filesystem-0.99.2-8.el7.noarch clamav-server-systemd-0.99.2-8.el7.noarch clamav-update-0.99.2-8.el7.x86_64 clamav-data-0.99.2-8.el7.noarch clamav-server-0.99.2-8.el7.x86_64 clamav-scanner-0.99.2-8.el7.noarch clamav-0.99.2-8.el7.x86_64 clamav-lib-0.99.2-8.el7.x86_64 clamav-scanner-systemd-0.99.2-8.el7.noarch Thanks. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
