Hi,
I'm trying to run clamav with ScanOnAccess on the / mount on a box
running selinux. I've enabled antivirus_can_scan_system in selinux but
shortly after startup clamav stops scanning reporting the following :
ERROR: ScanOnAccess: Internal error (failed to read data) ... Permission
denied
Initially I was getting no AVC events but discovered selinux dontaudit
rules, on disabling these and making the antivirus context permissive, I
can see a whole load of policy denials around access to /etc/shadow and
/var/log/audit/audit.log. I'd like to avoid writing a whole load of
custom policies around these individual files, I might be a constant
task as the so gets updated
Has anybody successfully run ScanOnAccess across the whole file system
whilst having selinux enabled?
Is there a way to tell clamav to continue after encountering a
Permission Denied? Currently it appears clamav stops it's scanning and
my box eventually grinds to a halt, I guess as the fanotify queue
continues to build
Any other suggestions on how to run the two together?
Regards
Rob
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml