Can anyone help me get the ClamAV Daemon to work for realtime protection? I've installed clamavd, but it's not working properly. I've added the following configuration to /etc/clamav/clamd.conf:
--- REAL-TIME (ON-ACCESS) ---
OnAccessPrevention
OnAccessIncludePath /www/wwwroot
OnAccessExtraScanning yes
#OnAccessQuarantine yes
However, OnAccessQuarantine won't activate (I don't know why, but it's probably because clamavd doesn't have permissions to /www/wwwroot [root 755], I don't know).
So I continued with the configuration as is to test it, and it still didn't work. So I tried running the following command:
$ sudo aa-status
apparmor module is loaded.
122 profiles are loaded.
27 profiles are in enforce mode.
/usr/bin/freshclam
/usr/bin/man
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/clamd
docker-default
lsb_release
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
plasmashell
plasmashell//QtWebEngineProcess
rsyslogd
tcpdump
ubuntu_pro_apt_news
ubuntu_pro_esm_cache
ubuntu_pro_esm_cache//apt_methods
ubuntu_pro_esm_cache//apt_methods_gpgv
ubuntu_pro_esm_cache//cloud_id
ubuntu_pro_esm_cache//dpkg
ubuntu_pro_esm_cache//ps
ubuntu_pro_esm_cache//ubuntu_distro_info
ubuntu_pro_esm_cache_systemctl
ubuntu_pro_esm_cache_systemd_detect_virt
unix-chkpwd
unprivileged_userns
4 profiles are in complain mode.
transmission-cli
transmission-daemon
transmission-gtk
transmission-qt
0 profiles are in prompt mode.
0 profiles are in kill mode.
91 profiles are in unconfined mode.
1password
Discord
MongoDB Compass
QtWebEngineProcess
balena-etcher
brave
buildah
busybox
cam
ch-checkns
ch-run
chrome
crun
devhelp
element-desktop
epiphany
evolution
firefox
flatpak
foliate
geary
github-desktop
goldendict
ipa_verify
kchmviewer
keybase
lc-compliance
libcamerify
linux-sandbox
loupe
lxc-attach
lxc-create
lxc-destroy
lxc-execute
lxc-stop
lxc-unshare
lxc-usernsexec
mmdebstrap
msedge
nautilus
notepadqq
obsidian
uncle
opera
pageedit
podman
polypane
privacy browser
qcam
qmapshack
qutebrowser
rootlesskit
rpm
rssguard
runc
sbuild
sbuild-abort
sbuild-adduser
sbuild-apt
sbuild-checkpackages
sbuild-clean
sbuild-createchroot
sbuild-destroychroot
sbuild-distupgrade
sbuild-hold
sbuild-shell
sbuild-unhold
sbuild-update
sbuild-upgrade
scide
signal-desktop
slack
slirp4netns
steam
stress-ng
surfshark
systemd-coredump
thunderbirds
toybox
trinity
whoop
tuxedo-control-center
userbindmount
uwsgi-core
vdens
virtiofsd
vivaldi-bin
vpnns
vscode
week
wpcom
3 processes have profiles defined.
3 processes are in enforcement mode.
/usr/bin/freshclam (20237)
/usr/sbin/clamd (39388)
/usr/sbin/rsyslogd (766) rsyslogd
0 processes are in complaint mode.
0 processes are in prompt mode.
0 processes are in kill mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
$ sudo journalctl -k | grep -i "apparmor.denied.clamd"
Aug 27 08:15:39 prdgenidjk01.ongit.id kernel: audit: type=1400 audit(1756282539.463:133): apparmor="DENIED" operation="capable" class="cap" profile="/usr/sbin/clamd" pid=31242 comm="clamd" capability=2 capname="dac_read_search"
Aug 27 08:42:46 prdgenidjk01.ongit.id kernel: audit: type=1400 audit(1756284166.671:136): apparmor="DENIED" operation="capable" class="cap" profile="/usr/sbin/clamd" pid=36208 comm="clamd" capability=2 capname="dac_read_search"
Can anyone help me to get the clamavd (ClamAV Realtime Protection) function working? and can quarantine files detected as threats.
All your help will be very valuable for me, thank you.
