Clamav setup OnAccessScan

I am using NixOS on my Desktop for a while, but I am not an experienced user. Now, I am playing around with clamav, which is easy to set up as an on demand scanner. Unfortunately, I need something which scans my folders automatically for viruses. Thankfully, I found in the Arch wiki a guide I tried to implement on NixOS.
Therefore, I configured the clamav daemon in the /etc/nixos/configuration.nix with:

#edit sudoers
  security.sudo.extraConfig  =
     clamav ALL = (ALL) NOPASSWD: SETENV: /run/current-system/sw/bin/notify-send
  services.clamav.updater.enable = true;
  services.clamav.daemon.enable = true;
  services.clamav.daemon.settings = {
    OnAccessMountPath = "/home/user/Downloads";
    OnAccessPrevention = false;
    OnAccessExtraScanning = true;
    OnAccessExcludeUname =  "clamav";
    VirusEvent = "/etc/clamav/virus-event.bash";
    User = "clamav";

and created the file /etc/clamav/virus-event.bash with the content

touch /tmp/virus
# Send an alert to all graphical users.
for ADDRESS in /run/user/*; do
    sudo -u "#$USERID" DBUS_SESSION_BUS_ADDRESS="unix:path=$ADDRESS/bus" \
        notify-send -i dialog-warning "Virus found!" "$ALERT"

I can rebuild NixOS without error. Then I tested the system with a virus test file which I copied to the download folder. It gets recognized by clamscan if I run it manually, but not by the daemon. I assume this, because no /tmp/virus file is created, which I defined in the /etc/clamav/virus-event.bash file. Oh, and if I run the /etc/clamav/virus-event.bash script manually, it is doing its job. So what am I doing wrong on setting up the clamav daemon?
Thanks for your support

1 Like

Thanks for the nice notification script! Your setup was missing the fact that the clam on access scanner is not in the default nixos setup. I was surprised as well, so some enhancements there would be nice.

I created a module that includes on-access scanning plus periodic scanning here:

:face_holding_back_tears: Nix is just so beautiful. Thank you both for the hard work, and thank you for this module! Just what I was looking for.