"Real time scan" in Clamav ?! Please help !
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2016

    "Real time scan" in Clamav ?! Please help !

    Hi. Till 2 days ago, my data was that Clamav has no real time scan ability.

    Two days ago I found this official Clamav link:

    Please I need explanation to the following points, point by point:

    1) is this mean that Clamav has real time scan options ? I conclude - but not sure - that on access scan mean real time scan, isn't it ?

    2) if answer of point (1) above is "Yes", then does the 1st profile example in link:

    Watch entire filesystem
    ScanOnAccess yes
    OnAccessMountPath /
    OnAccessExcludeUID 0

    Details: This will set fanotify to watch the entire filesystem in real-time and trigger ClamAV to run scans on any files opened, accessed, or closed except by the root user. While clamd will report any viruses found during this scanning, fanotify will not perform any blocking or prevention.
    is the profile which equivalent to real time scan of anti-viruses on Windows OS ??

    3) regarding 1st profile example that I already quoted in point (2) above, I feel that what I put in RED COLOR point to something bad like: fanotify is disabled from give protection block against dangerous files (infected file) so as to allow Clamav scan all system ???!!!!

    While clamd will report any viruses found during this scanning, fanotify will not perform any blocking or prevention.
    It seem to me like the case when a user for Android phone or tablet break it's Android device by making "ROOT" so as to remove already build-in protection to replace it by protection of firewall program she/he installed from Google play, which is a very bad practice. Is what I conclude about this is correct ?

    4) does "fanotify" give BUILD-IN antivirus protection for Linux ? If yes, then does it is already enabled by default in Fedora ?

    5) can you, kindly, give me more explanations about "fanotify" & "inotify", please.
    Fedora 28 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  2. #2
    Join Date
    Aug 2011

    Re: "Real time scan" in Clamav ?! Please help !

    Didn't know about fanotify. Interesting stuff.

    The on-access and real-time terms refer to the same thing, I think on-access is the preferred term. So yes, clamav more or less appears to support on-access scanning. For the report-only thing: they probably went the easy way didn't implement blocking. Maybe the fanotify api is not mature enough yet.

    Fanotify is just an api for file system events, it is similar to inotify but appears to be more aimed at access control with the ability for user-space to intercept events and make decisions (e.g., block access to a file for an ). Of course it does not provide build-in virus protection. The kernel will never get such a thing. These apis can be used by tools to see what is happening on the file system (e.g., what files are accessed by other processes and with fanotify). They are building blocks which can potentially be used for providing antivirus functionality. For the high-level overview: I only quickly glanced at these apis but I think that 1) inotify is only meant for getting notifications on certain file system evens while 2) fanotify is for intercepting certain file system events where user-space can then decide whether to allow or block.

    Fedora has fanotify enabled by default.

Similar Threads

  1. Brother scanner "Failed to scan"
    By PonyExpress in forum Hardware & Laptops
    Replies: 4
    Last Post: 18th March 2013, 06:14 PM
  2. How to get a "real" quake-style terminal in gnome with Compiz
    By ElTimo in forum Guides & Solutions (Not For Questions)
    Replies: 6
    Last Post: 25th November 2009, 07:54 AM
  3. "Open with" dialogue in firefox for real player
    By Zigzagcom in forum Using Fedora
    Replies: 3
    Last Post: 15th September 2005, 12:25 PM
  4. Replies: 0
    Last Post: 23rd May 2005, 04:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts