From 1559e309fe888449ec4ecbdb1e4a7ce146a7ff84 Mon Sep 17 00:00:00 2001 From: Jason Rothstein Date: Thu, 15 Jul 2021 00:51:34 +0000 Subject: [PATCH] Ensure that clamonacc restarts when it fails --- templates/Fedora/34/etc/clamd.d/scan.conf | 10 +++------- .../34/usr/lib/systemd/system/clamav-clamonacc.service | 1 + 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/templates/Fedora/34/etc/clamd.d/scan.conf b/templates/Fedora/34/etc/clamd.d/scan.conf index 64ed222..3dafd6a 100644 --- a/templates/Fedora/34/etc/clamd.d/scan.conf +++ b/templates/Fedora/34/etc/clamd.d/scan.conf @@ -302,36 +302,30 @@ User clamscan # ELF) and alert on them with the Broken.Executable heuristic signature. # Default: no #AlertBrokenExecutables yes -AlertBrokenExecutables yes # With this option clamav will try to detect broken media file (JPEG, # TIFF, PNG, GIF) and alert on them with a Broken.Media heuristic signature. # Default: no #AlertBrokenMedia yes -AlertBrokenMedia yes # Alert on encrypted archives _and_ documents with heuristic signature # (encrypted .zip, .7zip, .rar, .pdf). # Default: no #AlertEncrypted yes -AlertEncrypted yes # Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip, # .rar). # Default: no #AlertEncryptedArchive yes -AlertEncryptedArchive yes # Alert on encrypted archives with heuristic signature (encrypted .pdf). # Default: no #AlertEncryptedDoc yes -AlertEncryptedDoc yes # With this option enabled OLE2 files containing VBA macros, which were not # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". # Default: no #AlertOLE2Macros yes -AlertOLE2Macros yes # Alert on SSL mismatches in URLs, even if the URL isn't in the database. # This can lead to false positives. @@ -346,7 +340,6 @@ AlertOLE2Macros yes # Alert on raw DMG image files containing partition intersections # Default: no #AlertPartitionIntersection yes -AlertPartitionIntersection yes ## @@ -691,6 +684,9 @@ AlertPartitionIntersection yes # Set the exclude paths. All subdirectories are also excluded. # Default: disabled #OnAccessExcludePath /home/user +{% if quarantine_directory is defined %} +OnAccessExcludePath {{ quarantine_directory }} +{% endif %} # Modifies fanotify blocking behaviour when handling permission events. # If off, fanotify will only notify if the file scanned is a virus, diff --git a/templates/Fedora/34/usr/lib/systemd/system/clamav-clamonacc.service b/templates/Fedora/34/usr/lib/systemd/system/clamav-clamonacc.service index 7b98ccd..d43ae19 100644 --- a/templates/Fedora/34/usr/lib/systemd/system/clamav-clamonacc.service +++ b/templates/Fedora/34/usr/lib/systemd/system/clamav-clamonacc.service @@ -10,6 +10,7 @@ After=clamd@scan.service syslog.target network.target Type=simple User=root ExecStart=/usr/sbin/clamonacc -F --config-file=/etc/clamd.d/scan.conf --move={{ quarantine_directory }} --fdpass +Restart=on-failure [Install] WantedBy=multi-user.target