samba-vscan-0.3.6b-84, clamav-0.88.7-1.

1 (Anti Virus for Samba)

Tested on 2 Feb 2007 on openSUSE10.2 Samba Vscan is a module for Samba, which uses the VFS (virtual file system) features of Samba 3.0 to provide an on-access Samba anti-virus.

Install
At least, you need following RPMs, so install them by YaST
samba-client-3.0.23d-6 samba-doc-3.0.23d-6 samba-vscan-0.3.6b-84 samba-3.0.23d-6 clamav-0.88.7-1.1 clamav-db-0.88.6-9

Configure
Edit /etc/samba/smb.conf and add the bold lines to your configuration.
[global] workgroup = HOGE server string = HOGE-ADMIN security = SHARE map to guest = Bad User socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No printcap name = cups logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile wins support = Yes ldap ssl = no usershare allow guests = Yes cups options = raw include = /etc/samba/dhcp.conf # Virus Scanning Definition #################################################### vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf [share] comment = Shared Folder path = /srv/ftp read only = No create mask = 0666 guest ok = Yes browseable = Yes

Copy the original configuration file for vscan-clamav, but use it only for reference.
# cp /usr/share/doc/packages/samba-vscan/vscan-clamav.conf /etc/samba # cd /etc/samba # mv vscan-clamav.conf vscan-clamav.conf.bak

Create /etc/samba/vscan-clamav.conf from a scratch.

[samba-vscan] max file size = 0 verbose file logging = yes scan on open = yes scan on close = yes deny access on error = yes deny access on minor error = yes send warning message = yes infected file action = quarantine quarantine directory = /var/lib/clamav/quarantine quarantine prefix = virmax lru files entries = 100 lru file entry lifetime = 5 exclude file types = clamd socket name = /var/run/clamd/clamd libclamav max files in archive = 1000 libclamav max archived file size = 10 * 1048576 libclamav max recursion level = 5

Backup the oricinal clamd.conf

# cd /etc/ # mv clamd.conf clamd.conf.bak

Create /etc/clamd.conf from a scratch.

LogFile /var/log/clamd LogFileUnlock LogSyslog LogFacility LOG_MAIL LogVerbose PidFile /var/lib/clamav/clamd.pid DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamd/clamd FixStaleSocket User vscan Foreground Debug ScanRAR

Create a clamd socket directory, and quarantine directory.

# # # # mkdir chown mkdir chown /var/run/clamd vscan:vscan /var/run/clamd /var/lib/clamav/quarantine vscan /var/lib/clamav/quarantine

Start daemons, and make them start on boot.

# # # # # # # # /etc/init.d/smb restart /etc/init.d/nmb restart /etc/init.d/clamd restart /etc/init.d/freshclam restart chkconfig smb on chkconfig nmb on chkconfig clamd on chkconfig freshclam on

Scan your file system periodically. Create /etc/cron.weekly/clam.crom

/usr/bin/nice /usr/bin/clamscan -r -i --exclude=/sys/ /

If your ClamAV is outdated, you will see this message. So update it.
LibClamAV LibClamAV LibClamAV LibClamAV Warning: Warning: Warning: Warning: ******************************************************** *** This version of the ClamAV engine is outdated. *** *** DON'T PANIC! Read http://www.clamav.net/faq.html *** ********************************************************

To update the latest ClamAV RPM for SuSE, download from ftp://ftp.suse.com/pub/projects/clamav/

Virus Test
We test virus file using a testing virus file which is only for a test, and safe. From a Windows machine, disable its anti-virus software. Download testing virus files from http://www.eicar.org/anti_virus_test_file.htm. These are safe. Copy them into the samba shared folder. When you try to access these files, these files are locked and can not access. You would see this message box.

Open a log file on the Linux machine at /var/log/clamav/conf. You would see as below.
... /srv/ftp/tmp/eicar.com: Eicar-Test-Signature FOUND

Back

Web

www.grape-info.com