I was describing two issues: One is that root user was needed for ScanOnAccess. Second was that the apparmor profile does not fit.
Basically, there should be an easy way to use ScanOnAccess with correct apparmor profile. Fanotify seems to be a basic feature in conjunction with a virus scanner (which can simply run in user space without a kernel module, still getting notified about changes in files). With the two changes I described, ScanOnAccess is working for me with root privileges and apparmor profile disabled. Therefore, it also detects Eicar testfiles. I'd suggest to make ScanOnAccess more accessible to an average user. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1404762 Title: apparmor profile usr.sbin.clamd does not allow ScanOnAccess via fanotify To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1404762/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
