While hardening a Linux file server, you decide to deploy ClamAV's on-access malware protection so that every file is scanned before an application can read it. You install the clamonacc utility and start it as root, but it immediately exits with the message:
ERROR: On-access scanning is not supported: fanotify_init failed (Function not implemented)
Which kernel feature is clamonacc trying to use-and therefore must be available and enabled-for on-access anti-malware protection to work?
clamonacc implements on-access scanning by registering with the Linux kernel's fanotify API (available from kernel 3.8 onward). fanotify allows a user-space process to be notified and to block I/O until it decides whether to permit or deny access, which is essential for real-time malware prevention. If the running kernel is built without fanotify support, clamonacc cannot initialize and exits with the error shown.
inotify only reports events after they occur and cannot block access.
auditd provides security auditing but does not interpose on file access.
seccomp filters system calls for a single process and is unrelated to file event interception.
Therefore, ensuring a kernel that includes and enables fanotify is the prerequisite for ClamAV's on-access scanning.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the fanotify API and why is it important for ClamAV's on-access scanning?
Open an interactive chat with Bash
How does inotify differ from fanotify in terms of functionality?
Open an interactive chat with Bash
What steps should be taken to enable fanotify support in the Linux kernel?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access