From cf703fa1007c8f0033862b4bcbe9bba55b1b8aef Mon Sep 17 00:00:00 2001
From: Mickey Sola <msola@sourcefire.com>
Date: Thu, 17 Sep 2015 16:49:42 -0400
Subject: [PATCH] onas: changing clamd NotifyOnly option to Prevention and
 disabling Prevention option by default.

---
 clamd/onaccess_fan.c  | 2 +-
 etc/clamd.conf.sample | 4 ++--
 shared/optparser.c    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/clamd/onaccess_fan.c b/clamd/onaccess_fan.c
index 84829dd9b..ed90eb87b 100644
--- a/clamd/onaccess_fan.c
+++ b/clamd/onaccess_fan.c
@@ -146,7 +146,7 @@ void *onas_fan_th(void *arg)
 	return NULL;
     }
 
-    if (!optget(tharg->opts, "OnAccessNotifyOnly")->enabled && !optget(tharg->opts, "OnAccessMountPath")->enabled) {
+    if (optget(tharg->opts, "OnAccessPrevention")->enabled && !optget(tharg->opts, "OnAccessMountPath")->enabled) {
 	    logg("ScanOnAccess: preventing access attempts on malicious files.\n");
 	    fan_mask |= FAN_ACCESS_PERM | FAN_OPEN_PERM;
     } else {
diff --git a/etc/clamd.conf.sample b/etc/clamd.conf.sample
index d918a93ca..c525d97aa 100644
--- a/etc/clamd.conf.sample
+++ b/etc/clamd.conf.sample
@@ -593,11 +593,11 @@ Example
 #OnAccessDisableDDD yes
 
 # Modifies fanotify blocking behaviour when handling permission events.
-# If turned on, fanotify will only notify if the file scanned is a virus,
+# If off, fanotify will only notify if the file scanned is a virus,
 # and not perform any blocking.
 # (On-access scan only)
 # Default: no
-#OnAccessNotifyOnly yes
+#OnAccessPrevention yes
 
 ##
 ## Bytecode
diff --git a/shared/optparser.c b/shared/optparser.c
index ecd38891d..ed2bbafa0 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -405,7 +405,7 @@ const struct clam_option __clam_options[] = {
 
     { "OnAccessDisableDDD", "disable-ddd", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "This option toggles the dynamic directory determination system for on-access scanning (Linux only).", "no" },
 
-    { "OnAccessNotifyOnly", "notify-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "This option changes fanotify behavior to not prevent access attempts on malicious files and simply notify the user instead (On Access scan only).", "no" },
+    { "OnAccessPrevention", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "This option changes fanotify behavior to prevent access attempts on malicious files instead of simply notifying the user (On Access scan only).", "yes" },
 
     /* FIXME: mark these as private and don't output into clamd.conf/man */
     { "DevACOnly", "dev-ac-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, FLAG_HIDDEN, OPT_CLAMD | OPT_CLAMSCAN, "", "" },