-
Notifications
You must be signed in to change notification settings - Fork 716
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add regex support for OnAccessExcludePath #1314
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems to work.
I did some basic tests with it using the following:
OnAccessIncludePath /home/micah/tmp
OnAccessExcludePath /home/micah/tmp/ignore.*
I started clamonacc
and then touched a copy of eicar
in each of tmp
and tmp/ignoreme
directories:
❯ touch ~/tmp/ignoreme/eicar
❯ touch ~/tmp/eicar
clamd logs:
❯ sudo /opt/sbin/clamonacc -F --ping 60 --wait --verbose
ClamClient: Connected.
ClamClient: client setup for continuous scanning
Clamonacc: daemon is local
ClamFanotif: kernel-level blocking feature disabled ...
ClamFanotif: max file size limited to 5242880 bytes
ClamScanQueue: initializing event queue consumer ... (5) threads in thread pool
Clamonacc: beginning event loops
ClamFanotif: starting fanotify event loop with process id (6931) ...
ClamInotif: starting inotify event loop ...
ClamInotif: dynamically determining directory hierarchy...
ClamScanQueue: waiting to consume events ...
ClamInotif: watching '/home/micah/tmp' (and all sub-directories)
ClamInotif: excluding '/home/micah/tmp/ignoreme' (and all sub-directories)
Excluding temp directory: /tmp
ClamInotif: NVM, didn't actually need to exclude '/tmp'
ClamMisc: $/proc/7072 vanished before UIDs could be excluded; scanning anyway
ClamFanotif: attempting to feed consumer queue
ClamWorker: performing scanning on file '/home/micah/tmp/eicar'
ClamFanotif: /home/micah/tmp/eicar skipped (excluded UID)
ClamFanotif: /home/micah/tmp/eicar skipped (excluded UID)
/home/micah/tmp/eicar: Win.Test.EICAR_HDB-1 FOUND
So I cans ee it correctly excluded ignoreme
and then with my touch commands it only scans the tmp/eicar
file. 👍
Can I trouble you to add some inline documentation to explain the purpose for each thing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Not a lot of detail 😆 but good enough.
Thanks. Will approve and merge after the clamav 1.4.0 release.
1840caf
to
cfae6da
Compare
Rebased and squashed |
"continuous-integration/jenkins/pr-head" failed and I can't access the details URL, any thing need my fix? @micahsnyder |
@b1tg it always fails, because of a handful of tests that need work. In this case, it actually failed to get past our initial gitguardian stage (expired token). I forgot to check in on this though. I'm re-running it now. 🤞 |
Failed again😭 |
@b1tg Code signing on macOS broke because the developer certificate expired. I replaced it and codesign is reporting an error with the new one. AHH I will fuss with it a bit. It's possible I needed to create it as an Apple Developer cert instead of a Mac Developer cert? Previously said it was Mac... I'll get it sorted and rerun when I can. |
The signing issue turned out to be xcode wanting me to approve signing in the GUI. The internal tests looked good, though the Jenkins stage will show an ❌ because we have some expected test failures. |
Fix #1074
To efficiently iterate over all watching files, I've introduced a linked list within
struct onas_ht
to keep track of all active buckets. Would this approach be effective for our purposes? @micahsnyder