Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
ClamAV
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Real-time file scanning === {{Update section|date=December 2023|reason=based on old versions}} In older [[Linux]] application versions, ClamAV did support [[Real time protection|real-time protection]] via the [[Fanotify]] add-on for the Linux kernel (version 3.8 and later.)<ref>{{Cite web|url=https://blog.clamav.net/2016/03/configuring-on-access-scanning-in-clamav.html|title=Configuring On-Access Scanning in ClamAV|first=Mickey|last=Sola}}</ref> Alternatively, one could use ClamFS (for any [[Unix-like]] [[operating system]] supporting [[Filesystem in Userspace|FUSE]]). Nowadays, the Real-Time Protection in Linux Systems, is provided through ClamAV's ClamOnAcc application (under the name of "''On-Access Scanning''") β which uses ''Clamd'' to provide real-time protection by scanning files when they are accessed.<ref name=":1">{{Cite web |title=Scanning β ClamAV Documentation |url=https://docs.clamav.net/manual/Usage/Scanning.html#on-access-scanning |access-date=2024-05-02 |website=docs.clamav.net}}</ref> In other words, the ''On-Access Scanner'' can detect and prevent access to malicious files based on the verdict received from ''Clamd''.<ref name=":1" /> By default, it operates in "''notify-only mode''", alerting users of any threats detected without actively blocking file access.<ref name=":1" /> Enabling "''prevention mode''" can considerably impact performance, especially in commonly accessed directories, so it is advised to use it judiciously.<ref name=":1" /> In order to use ClamOnAcc, users need to first run clamd and then start the On-Access Scanner as root (to leverage its kernel event detection and intervention capabilities).<ref name=":1" /> Configuration for On-Access Scanning is primarily done through ''clamd.conf,'' with additional options available in the On-Access Scanning User Guide.<ref name=":1" /> Users can run multiple instances of ClamOnAcc simultaneously with different configurations, allowing for customized protection settings for various directories.<ref name=":1" /> ''ClamOnAcc'' (v0.102+) is a client application that operates alongside clamd (the ClamAV daemon), to perform On-Access Scanning.<ref name=":1" /> Regarding previous versions that were meant for [[Microsoft Windows]], a free, open-source app called Clam Sentinel did use to detect file changes and scanned modified files using ClamWin.<ref>{{cite web | url=http://cyberpillar.com/dirsver/1/mainsite/techns/bhndscen/protsoft/antimalw/antivir/avmswin/clamwin/mkclmwrt/mkclmwrt.htm | title=Clam Sentinel β Making ClamWin Be Used In Real-Time | author=Cyber Pillar | access-date=2014-09-01 | archive-date=2014-08-19 | archive-url=https://web.archive.org/web/20140819161847/http://cyberpillar.com/dirsver/1/mainsite/techns/bhndscen/protsoft/antimalw/antivir/avmswin/clamwin/mkclmwrt/mkclmwrt.htm | url-status=dead }}</ref> It did work with Windows 98 and later. In addition to on-access scanning, it used to feature optional system change messages and proactive heuristic protection.<ref name="ClamSentinel">{{cite web|url=http://sourceforge.net/projects/clamsentinel/ |title=Clam Sentinel |access-date = 2014-06-19}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)