Add regex support for OnAccessExcludePath#1314
Conversation
val-ms
left a comment
val-ms
left a comment
There was a problem hiding this comment.
It seems to work.
I did some basic tests with it using the following:
OnAccessIncludePath /home/micah/tmp
OnAccessExcludePath /home/micah/tmp/ignore.*
I started clamonacc and then touched a copy of eicar in each of tmp and tmp/ignoreme directories:
❯ touch ~/tmp/ignoreme/eicar
❯ touch ~/tmp/eicar
clamd logs:
❯ sudo /opt/sbin/clamonacc -F --ping 60 --wait --verbose
ClamClient: Connected.
ClamClient: client setup for continuous scanning
Clamonacc: daemon is local
ClamFanotif: kernel-level blocking feature disabled ...
ClamFanotif: max file size limited to 5242880 bytes
ClamScanQueue: initializing event queue consumer ... (5) threads in thread pool
Clamonacc: beginning event loops
ClamFanotif: starting fanotify event loop with process id (6931) ...
ClamInotif: starting inotify event loop ...
ClamInotif: dynamically determining directory hierarchy...
ClamScanQueue: waiting to consume events ...
ClamInotif: watching '/home/micah/tmp' (and all sub-directories)
ClamInotif: excluding '/home/micah/tmp/ignoreme' (and all sub-directories)
Excluding temp directory: /tmp
ClamInotif: NVM, didn't actually need to exclude '/tmp'
ClamMisc: $/proc/7072 vanished before UIDs could be excluded; scanning anyway
ClamFanotif: attempting to feed consumer queue
ClamWorker: performing scanning on file '/home/micah/tmp/eicar'
ClamFanotif: /home/micah/tmp/eicar skipped (excluded UID)
ClamFanotif: /home/micah/tmp/eicar skipped (excluded UID)
/home/micah/tmp/eicar: Win.Test.EICAR_HDB-1 FOUND
So I cans ee it correctly excluded ignoreme and then with my touch commands it only scans the tmp/eicar file. 👍
Can I trouble you to add some inline documentation to explain the purpose for each thing?
val-ms
left a comment
val-ms
left a comment
There was a problem hiding this comment.
Thanks. Not a lot of detail 😆 but good enough.
Thanks. Will approve and merge after the clamav 1.4.0 release.
val-ms
force-pushed
the
regex-exclude
branch
from
1840caf to
cfae6da
Compare
|
Rebased and squashed |
|
"continuous-integration/jenkins/pr-head" failed and I can't access the details URL, any thing need my fix? @micahsnyder |
|
@b1tg it always fails, because of a handful of tests that need work. In this case, it actually failed to get past our initial gitguardian stage (expired token). I forgot to check in on this though. I'm re-running it now. 🤞 |
|
Failed again😭 |
|
@b1tg Code signing on macOS broke because the developer certificate expired. I replaced it and codesign is reporting an error with the new one. AHH I will fuss with it a bit. It's possible I needed to create it as an Apple Developer cert instead of a Mac Developer cert? Previously said it was Mac... I'll get it sorted and rerun when I can. |
|
The signing issue turned out to be xcode wanting me to approve signing in the GUI. The internal tests looked good, though the Jenkins stage will show an ❌ because we have some expected test failures. |
2 participants
Fix #1074
To efficiently iterate over all watching files, I've introduced a linked list within
struct onas_htto keep track of all active buckets. Would this approach be effective for our purposes? @micahsnyder