I was describing two issues: One is that root user was needed for ScanOnAccess. Second was that the apparmor profile does not fit.
Basically, there should be an easy way to use ScanOnAccess with correct apparmor profile. Fanotify seems to be a basic feature in conjunction with a virus scanner (which can simply run in user space without a kernel module, still getting notified about changes in files). With the two changes I described, ScanOnAccess is working for me with root privileges and apparmor profile disabled. Therefore, it also detects Eicar testfiles. I'd suggest to make ScanOnAccess more accessible to an average user. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1404762 Title: apparmor profile usr.sbin.clamd does not allow ScanOnAccess via fanotify Status in apparmor package in Ubuntu: Confirmed Bug description: I tried to enable the ScanOnAccess option in /etc/clamav.conf to get on-access scanning. Doing so, /var/log/clamav/clamav.log tells me: ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted ScanOnAccess: clamd must be started by root Setting User to root in /etc/clamav/clamd.conf makes the clamav-daemon to fail with service clamav-daemon start * Starting ClamAV daemon clamd ERROR: initgroups() failed. I had to disable the apparmor.profile with a cd /etc/apparmor.d/disable ln -s ./../usr.sbin.clamd Then, the "ERROR: initgroups() failed." disappears. The apparmor itself came via apt-get packages. I did not edit it. Description: Ubuntu 14.04.1 LTS Release: 14.04 apt-cache policy apparmor-profiles apparmor-profiles: Installiert: (keine) Installationskandidat: 2.8.95~2430-0ubuntu5.1 Versionstabelle: 2.8.95~2430-0ubuntu5.1 0 500 http://de.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages 2.8.95~2430-0ubuntu5 0 500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: apparmor-profiles (not installed) ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11 Uname: Linux 3.13.0-43-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 Date: Mon Dec 22 01:23:04 2014 InstallationDate: Installed on 2014-11-29 (22 days ago) InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2) ProcEnviron: LANGUAGE=de_DE TERM=xterm PATH=(custom, no user) LANG=de_DE.UTF-8 SHELL=/bin/bash ProcKernelCmdline: BOOT_IMAGE=/@/boot/vmlinuz-3.13.0-43-generic root=UUID=6408c2d9-1b60-43d7-9a7f-2dceeb40de28 ro rootflags=subvol=@ quiet splash vt.handoff=7 SourcePackage: apparmor Syslog: UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1404762/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
