Clamonacc is running according to systemd & htop, but accessing eicar test file doesn't do anything

Hello! My first post so please go easy on my n00bness

Running Linux 6.15.9-2-MANJARO, i3 community image, I have a problem with clamonacc not triggering the virus event notification, or logging anything in clamonacc.log, even thoug I open eicar.com.txt file ($ wget https://secure.eicar.org/eicar.com.txt) with mousepad, cat it on the erminal or just copy/paste it anywhere in filemanager or with cp command.

Running clamscan detects eicar test file(s).
Running clamdscan detects eicar test file(s) and triggers notification, which I configured according to Arch Wiki (ClamAV, section 2.1.1 (can’t post links yet ))

Some statuses, logs & configs:

$ grep -v \# /etc/clamav/clamd.conf | awk NF

AlertExceedsMax yes
LogFile /var/log/clamav/clamd.log
LogFileUnlock yes
LogFileMaxSize 3M
LogTime yes
LogRotate yes
ExtendedDetectionInfo yes
PidFile /run/clamav/clamd.pid
TemporaryDirectory /tmp
FailIfCvdOlderThan 7
LocalSocket /run/clamav/clamd.ctl
MaxThreads 16
MaxQueue 384
MaxDirectoryRecursion 33
FollowDirectorySymlinks yes
FollowFileSymlinks yes
CrossFilesystems yes
SelfCheck 900
VirusEvent /etc/clamav/virus-event.bash
User clamav
DetectPUA yes
HeuristicAlerts yes
AlertBrokenExecutables yes
AlertBrokenMedia yes
AlertOLE2Macros yes
AlertPartitionIntersection yes
MaxScanTime 240000
MaxScanSize 800M
MaxFileSize 200M
MaxRecursion 20
MaxFiles 20000
MaxPartitions 128
OnAccessMountPath /
OnAccessExcludeUname clamav
OnAccessExtraScanning yes
OnAccessMaxThreads 8

$ systemctl status clamav-daemon.service

● clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/etc/systemd/system/clamav-daemon.service; enabled; preset: disabled)
     Active: active (running) since Sun 2025-08-17 18:10:37 CEST; 45min ago
 Invocation: ea8619a1f1cd47f3a711d93ad2483d27
TriggeredBy: ● clamav-daemon.socket
       Docs: man:clamd(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
   Main PID: 1113 (clamd)
      Tasks: 3 (limit: 75975)
     Memory: 1.5G (peak: 2.9G)
        CPU: 51.911s
     CGroup: /system.slice/clamav-daemon.service
             └─1113 /usr/sbin/clamd --foreground=true

avg 17 18:50:51 MACHINE clamd[1113]: Sun Aug 17 18:50:51 2025 -> /home/user/Downloads/clamav.test: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND
avg 17 18:50:51 MACHINE sudo[11923]:   clamav : PWD=/ ; USER=user ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus PATH=/usr/bin ; COMMAND=/usr/bin/notify-send -c virus_event -a ClamAV 'Eicar-Test-Signature found in' /home/user/Downloads/eicar.com>
avg 17 18:50:51 MACHINE sudo[11923]: pam_unix(sudo:session): session opened for user user(uid=1000) by (uid=64)
avg 17 18:50:51 MACHINE sudo[11923]: pam_unix(sudo:session): session closed for user user
avg 17 18:50:51 MACHINE clamd[1113]: Sun Aug 17 18:50:51 2025 -> /home/user/Downloads/eicar.com.txt: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND
avg 17 18:50:51 MACHINE sudo[11930]:   clamav : PWD=/ ; USER=user ; ENV=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus PATH=/usr/bin ; COMMAND=/usr/bin/notify-send -c virus_event -a ClamAV 'Eicar-Test-Signature found in' /home/user/Downloads/eicar.com>
avg 17 18:50:51 MACHINE sudo[11930]: pam_unix(sudo:session): session opened for user user(uid=1000) by (uid=64)
avg 17 18:50:51 MACHINE sudo[11930]: pam_unix(sudo:session): session closed for user user
avg 17 18:50:51 MACHINE clamd[1113]: Sun Aug 17 18:50:51 2025 -> /home/user/Downloads/eicar.com.txt.1: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND
avg 17 18:56:06 MACHINE clamd[1113]: Sun Aug 17 18:56:06 2025 -> SelfCheck: Database status OK.

$ systemctl status clamav-daemon.service

● clamav-clamonacc.service - ClamAV On-Access Scanner
     Loaded: loaded (/etc/systemd/system/clamav-clamonacc.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/clamav-clamonacc.service.d
             └─override.conf
     Active: active (running) since Sun 2025-08-17 18:10:37 CEST; 53min ago
 Invocation: b37dfc26d3b4498197288712d5723509
       Docs: man:clamonacc(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
   Main PID: 1261 (clamonacc)
      Tasks: 10 (limit: 75975)
     Memory: 45.1M (peak: 47.1M)
        CPU: 3.568s
     CGroup: /system.slice/clamav-clamonacc.service
             └─1261 /usr/sbin/clamonacc -F --fdpass --config-file=/etc/clamav/clamd.conf --log=/var/log/clamav/clamonacc.log

avg 17 18:10:37 MACHINE systemd[1]: Starting ClamAV On-Access Scanner...
avg 17 18:10:37 MACHINE systemd[1]: Started ClamAV On-Access Scanner.
avg 17 18:10:37 MACHINE clamonacc[1261]: --------------------------------------

# cat /var/log/clamav/clamd.log

Sun Aug 17 18:40:58 2025 -> SelfCheck: Database status OK.
Sun Aug 17 18:50:51 2025 -> /home/user/Downloads/clamav.test: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND
Sun Aug 17 18:50:51 2025 -> /home/user/Downloads/eicar.com.txt: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND
Sun Aug 17 18:50:51 2025 -> /home/user/Downloads/eicar.com.txt.1: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND
Sun Aug 17 18:56:06 2025 -> SelfCheck: Database status OK.
Sun Aug 17 19:11:29 2025 -> SelfCheck: Database status OK.

# cat /var/log/clamav/clamonacc.log

--------------------------------------
--------------------------------------
--------------------------------------
ClamMisc: Unexpected issue; Daemon failed to scan: /usr/lib/python3.13/__pycache__/shutil.cpython-313.pyc
--------------------------------------
ClamMisc: Unexpected issue; Daemon failed to scan: /usr/lib32/libXau.so.6.0.0
ClamMisc: Unexpected issue; Daemon failed to scan: /usr/lib32/libc.so.6
ERROR: ClamClient: Connection to clamd failed, Could not connect to server.
ClamClient: Connection to clamd re-established.
--------------------------------------

Additionally, running
# aa-complain clamd & # aa-complain clamonacc results in Profile for /usr/bin/clamd not found, skipping & Profile for /usr/bin/clamonacc not found, skipping.

Reinstalling clamav package doesn’t help, and I’m at a loss as to what to try next

Also, I noticed that $ zgrep CONFIG_LSM= /proc/config.gz returns
CONFIG_LSM="landlock,lockdown,yama,integrity,bpf",
while $ cat /sys/kernel/security/lsm returns
capability,landlock,lockdown,yama,bpf,apparmor.

Is it normal for integrity to be missing from active modules even though it’s listed in kernel’s configured module list?

Abandoned topic