Clamav Onaccess with Protection pendrive
 

hi,
I have a problem with clamav Onaccess with mount pendrive and scan.

Clamav Onaccess effect on directories type /home . It's okay. But when I mount the memory stick to the directory /mnt Clamav Onaccess does not work. It does not detect the virus. After the restart clamd everything works .
My configuration:
System: Centos 7
kernel: 3.10.0-327.el7.x86_64
selinux disable
clamav 0.99.1
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
Configuration onaccess:
ScanOnAccess yes
OnAccessIncludePath /home
OnAccessIncludePath /mnt
OnAccessPrevention yes
OnAccessExtraScanning yes

When you mount a USB stick with the virus Onaccess does not work. Why ?

May I calmly suggest that "virus protection" software is highly overrated, and that the popular term, "virus," is a misnomer?

"Strictly IMHO," you actually expose your system to more "overall, albeit theoretical, vulnerability" by running a piece of software ... a scanner ... which you purposely "give access to everything, albeit for supposedly-sovereign purposes." Anything which a scanner can scan, a sabotaged scanner can modify.

IMHO, you should always remember that a computer system is "merely a machine ... not a biological organism." As a biological organism yourself, you can "catch" a dreadful illness merely by walking into the wrong elevator at the wrong time and breathing, unless your immune system fights it off. Computing machines are not that way.

I did the test with Virus eicar test.

The system detects (clamav +Onaccess) this virus in catalogs and blocks when trying to open . Onaccess works. The problem is at the moment when the mount pendria with the test Virus.
mount /dev/sdc1 /mnt
Onaccess not see the virus . Allows its opening.
Maybe in a bad way I mount this device?