mirror/clamav
1
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2026-05-01 20:26:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

bb11978 - onas: document limitations of OnAccessExcludeRootUID and

Browse Source 
OnAccessExcludeUID.
This commit is contained in:
James Ralston
2017-12-13 16:56:30 -05:00
committed by Mickey Sola
parent 15596b1060
commit 39bd083cbc
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/man/clamd.conf.5.in
View File

@@ -659,17 +659,21 @@ This option allows excluding directories from on-access scanning. It can be used
Default: disabled
.TP
\fBOnAccessExcludeRootUID BOOL\fR
With this option you can whitelist the root UID (0). Processes run under root with be able to access all files without triggering scans or permission denied events.
With this option you can whitelist the root UID (0). Processes run under root will be able to access all files without triggering scans or permission denied events.
.br
Note that if clamd cannot check the uid of the process that generated an on-access scan event (e.g., because \fBOnAccessPrevention\fR was not enabled, and the process already exited), clamd will perform a scan. Thus, setting \fBOnAccessExcludeRootUID\fR is not \fIguaranteed\fR to prevent every access by the root user from triggering a scan (unless \fBOnAccessPrevention\fR is enabled).
.br
Default: no
.TP
\fBOnAccessExcludeUID NUMBER\fR
With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files.
With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files without triggering scans or permission denied events.
.br
This option can be used multiple times (one per line).
.br
Note: using a value of 0 on any line will disable this option entirely. To whitelist the root UID (0) please enable the OnAccessExcludeRootUID option.
.br
Also note that if clamd cannot check the uid of the process that generated an on-access scan event (e.g., because \fBOnAccessPrevention\fR was not enabled, and the process already exited), clamd will perform a scan. Thus, setting \fBOnAccessExcludeUID\fR is not \fIguaranteed\fR to prevent every access by the specified uid from triggering a scan (unless \fBOnAccessPrevention\fR is enabled).
.br
Default: disabled
.TP
\fBOnAccessMaxFileSize SIZE\fR

10
etc/clamd.conf.sample
View File

@@ -612,6 +612,11 @@ Example
# With this option you can whitelist the root UID (0). Processes run under
# root with be able to access all files without triggering scans or
# permission denied events.
# Note that if clamd cannot check the uid of the process that generated an
# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
# the process already exited), clamd will perform a scan. Thus, setting
# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
# root user from triggering a scan (unless OnAccessPrevention is enabled).
# Default: no
#OnAccessExcludeRootUID no
@@ -621,6 +626,11 @@ Example
# This option can be used multiple times (one per line).
# Using a value of 0 on any line will disable this option entirely. To whitelist
# the root UID (0) please enable the OnAccessExcludeRootUID option.
# Also note that if clamd cannot check the uid of the process that generated an
# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
# the process already exited), clamd will perform a scan. Thus, setting
# OnAccessExcludeUID is not *guaranteed* to prevent every access by the
# specified uid from triggering a scan (unless OnAccessPrevention is enabled).
# Default: disabled
#OnAccessExcludeUID -1