Comment 7 for bug 1404762

I was describing two issues: One is that root user was needed for ScanOnAccess. Second was that the apparmor profile does not fit.

Basically, there should be an easy way to use ScanOnAccess with correct apparmor profile.

Fanotify seems to be a basic feature in conjunction with a virus scanner (which can simply run in user space without a kernel module, still getting notified about changes in files).

With the two changes I described, ScanOnAccess is working for me with root privileges and apparmor profile disabled. Therefore, it also detects Eicar testfiles.

I'd suggest to make ScanOnAccess more accessible to an average user.