You are not logged in.
- Topics: Active | Unanswered
#1 2025-09-21 10:49:56
- zoltix
- Member
- Registered: 2019-09-06
- Posts: 20
ClamAV — Excluding specific files/folders doesn’t work on Arch Linux
Hi,
I’m trying to exclude some files and folders from ClamAV On-Access scanning, but despite my configuration changes, those files are still being scanned (and sometimes even quarantined).
**Environment:**
* Distribution: Arch Linux x86\_64
* ClamAV version: ClamAV 1.4.3/27769/Sun Sep 21 10:26:20 2025
* Service: `clamd` with OnAccess enabled
**Configuration (`/etc/clamav/clamd.conf` without comments):**
LogFile /var/log/clamav/clamd.log
LogTime yes
ExtendedDetectionInfo yes
PidFile /run/clamav/clamd.pid
TemporaryDirectory /tmp
LocalSocket /run/clamav/clamd.ctl
LocalSocket /run/clamav/clamd.ctl
LocalSocketMode 666
StreamMaxLength 25M
MaxThreads 20
ReadTimeout 500
CommandReadTimeout 30
MaxQueue 300
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/usr/share/webapps/wikili/
ExcludePath ^/var/lib/mastodon/
MaxDirectoryRecursion 25
VirusEvent /etc/clamav/virus-event.bash
User clamav
DetectPUA yes
HeuristicAlerts no
AlertBrokenExecutables yes
AlertBrokenMedia yes
AlertEncrypted yes
AlertEncryptedArchive yes
AlertEncryptedDoc yes
AlertPartitionIntersection yes
ScanHTML yes
ScanArchive yes
MaxFileSize 40M
OnAccessIncludePath /home
OnAccessIncludePath /etc
OnAccessExcludePath /usr/share/webapps/wikili
OnAccessExcludePath /var/lib/mastodon
OnAccessExtraScanning yes
OnAccessExcludeUname clamav
Bytecode yes
VirusEvent /etc/clamav/virus-event.bash**What I’ve tried:**
* Verified that this file is loaded by clamd (systemd service uses the default path).
* Restarted the service after each config change.
* Checked logs in `/var/log/clamav/clamd.log` and via `journalctl`.
**What I observe:**
* ClamAV keeps scanning (and triggering alerts) on paths that should be excluded (e.g. `/usr/share/webapps/wikili/...`, `/var/lib/mastodon/...`).
* The `virus-event.bash` script is still triggered for excluded files.
**Question:**
Am I misunderstanding how `ExcludePath` and `OnAccessExcludePath` work?
Are there known limitations (e.g. with `OnAccessMountPath`, or interactions between Include/Exclude) that might cause this behavior?
Any guidance or examples would be greatly appreciated. Thanks!
Last edited by zoltix (2025-09-21 10:51:08)
Offline
#2 2025-09-24 07:06:25
- zoltix
- Member
- Registered: 2019-09-06
- Posts: 20
Re: ClamAV — Excluding specific files/folders doesn’t work on Arch Linux
no body have an idea ? you recommend me to disable it ?
Offline
#3 2025-09-24 10:57:34
- Lone_Wolf
- Administrator
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 14,291
Re: ClamAV — Excluding specific files/folders doesn’t work on Arch Linux
Have you tried the reverse approach by only including folders you want to be scanned ?
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline