Virus scanner for samba file server

Art Wildman wildman at mediaone.net
Fri Jan 12 06:02:00 GMT 2001 

NAI/Mcafee.com has a linux virus scanner/inserter, but I don't like the way it
behaves on winblows, so I've never had the guts to try it on a perfectly good
linux server ;) This most elegant solution appeals to me....
--
Art Wildman - wildman at mediaone.net - http:/network-this.net

------------< From Mailhelp List >--------------
On Tue, 26 Dec 2000, Charles Galpin spewed into the bitstream:

CG>This site has everything you need to set up a *general* mechanism to
CG>thwart scripting or exe viruses. The basic approach is to rename
CG>attachment, and modify scripts to prevent them from running without you
CG>manualy renaming them (or modifying the scripts). When I hear the name
CG>John Hardin, I cannot help but smile :)
CG>
CG>ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
CG>
CG>ho ho ho
CG>charles
CG>
CG>On Sat, 23 Dec 2000, scott.list wrote:
CG>
CG>> Happy Holidays guys!
CG>>
CG>> Here as of late I've been getting worn out with a virus.  It's attached in
CG>> various forms to a  message that says HaHa or Smow WHite and the Seven
CG>> Dwarfs....

Here is what I do:

:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
   :0 HB
   *^Content-Disposition: attachment;
   *filename=".*\.(vbs|shs|wsf|vbe|wsh|hta|pif|exe)"
   {
     :0 fhbw
     |/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'

     :0 c
     /tmp/vbs
   }
}

It seems to work okay... :-)

--
Chuck Mead

--
This mail is from the MailHelp mailing list. Send "unsubscribe mailhelp"
in the subject line to listar at moongroup.com to be removed. The archives
are located at http://www.moongroup.com/old/archives.php. Have a nice day!

-------- Original Message --------
Subject: RE: Virus scanner for samba file server
Date: Fri, 12 Jan 2001 10:29:12 +1100
From: "Makis Marmaridis" <I.Marmaridis at uws.edu.au>
To: "Armand Welsh" <armand at welshhome.org>
CC: <samba-ntdom at samba.org>


>well, you can have samba execute your virus scan against files when
>read/written to disk.  This is a more advanced feature, but it can be done.

With the current setup I have, this is not a necessity however it would be
interesting to know how you do this in your system. Could you pass along any
details about implementing this.

Cheers,
Makis.

More information about the samba-ntdom mailing list