www.LinuxHowtos.org howtos, tips&tricks and tutorials for linux

from small one page howto to huge articles all in one place

Other .linuxhowtos.org sites:gentoo.linuxhowtos.org

Last additions:

using iotop to find disk usage hogs

words:

887

views:

209612

userrating:

May 25th. 2007:

Words

486

Views

258612

why adblockers are bad

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

149912

userrating:

April, 26th. 2006:

Words

Views

107387

New subdomain: toolsntoys.linuxhowtos.org

You are here: manpages

Clam O-Access Scanner

Section: Clam AntiVirus (8)
Updated: July 29, 2020
Index Return to Main Contents

NAME

clamonacc - an anti-virus on-access scanning daemon and clamd client

SYNOPSIS

clamonacc [options]

DESCRIPTION

The clamonacc daemon registers for file access notifications from the Linux kernel and in response, submits scans to the clamd scanning daemon for a verdict. O-Access is only available on Linux systems. On Linux, O-Access requires a kernel version >= 3.8. This is because it leverages a kernel api called fanotify to block processes from attempting to access malicious files. This prevention occurs in kerne-space, and thus offers stronger protection than a purely use-space solution.

OPTIONS

-h, --help: Output help information and exit.
-V, --version: Print the version number and exit.
-v, --verbose: Be verbose.
-l FILE, --log=FILE: Save the scan report to FILE.
-F, --foreground: Run in foreground; do not daemonize.
-W FILE, --watch-list=FILE: Watch directories from FILE.
-e FILE, --exclude-list=FILE: Exclude directories from FILE.
-p A[:I], --ping A[:I]: Ping clamd up to [A] times at optional interval [I] until it responds.
-w, --wait: Wait up to 30 seconds for clamd to start. Optionally use alongside ping to set attempts [A] and interval [I] to check clamd.
--remove: Remove infected files. Be careful.
--move=DIRECTORY: Move infected files into DIRECTORY.
--copy=DIRECTORY: Copy infected files into DIRECTORY.
-c FILE, --config-file=FILE: Read configuration from FILE.
--allmatch: Continue scanning within file after finding a match.
--fdpass: Pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. Only available if connected to clamd via local(unix) socket.
--stream: Forces file streaming to clamd. This is generally not needed as clamdscan detects automatically if streaming is required. This option only exists for debugging and testing purposes, in all other cases --fdpass is preferred.