Simple OnAccess Scan Solution For Clamav in Redhat

Clamav is powerfull antivir solution for linux. But if you wantto add onaccess scan functionality of clamav you maus re-compile your kernel with DazukoFS. I think it is quite diffucult process for running systems.

There is another alternative for this with inotify tools. Here is the steps;

1. Instal ClamAv for linux.

2.Install intotify tools for linux

2.1. wget http://sourceforge.net/projects/inotify-tools/files/inotify-tools/3.13/inotify-tools-3.13.tar.gz/download

2.2 goto inotify source inotifywait.c line 310

2.3 add this lines before " fflush( NULL );" atom

static char * scanfiles;

nasprintf( &scanfiles, "%s%s",inotifytools_filename_from_wd( event->wd ), event->name );

char command[1000];

strcpy (command,"/usr/local/clamav/bin/clamscan -r --remove ");

strcat (command,scanfiles);

system(command);

2.4 goto instalation dir of inotify tools

2.5 run

./configure

make

make install

2.6 goto rc.local add this line

nohup /usr/local/bin/inotifywait -qq -r -m -e create,close_write /watch_folder_name/ > /dev/null &

also you can add these parameters before folder name , if you have joomla or another application

--exclude "refTableSQL/* --exclude "cache/*" (quotas must be include)

and that's it. When new file created or replaced , or whatever event ocuured, clamav scan these files.

I hope that this is helpfull for anyone.