[Samba] Samba Shares and Win32 Viruses

Ow Mun Heng ow.mun.heng at wdc.com
Fri Apr 9 03:37:22 GMT 2004


Hi Collective users of Samba, (does has a nice ring to it eh?)

Recently I found a my samba server being infected by win32 viruses. 
Though it does not affect the server in any way, I do find them to be
an annoyance.

I understand also that I can perform "veto" of files like *.exe in smb.conf
but find that to be a wee bit restrictive. There are some users who
stores valid executables in the shares.

http://hr.uoregon.edu/davidrl/samba-unofficial.html

"To prevent access to suspicious files (e.g., those that tend to become 
infected by virus'), use the following. The last bit prevents access to 
files with a CLSID in the file extension.

veto files = /*.exe/*.dll/*.pif/*.com/*.vbs/*.{*}/"

I've also read that there is a sort of a plugin for scanning samba shares
using an open-sourced virus scanner

www.openantivirus.org but upon looking at it, I noticed that development
in this stopped like 2 years ago. (based on last date of file release)

Also there is a disclaimer in the project page that asks users to not 
rely on it.

So, collective users of SAMBA, what is the best way to mitigate this
issue??

I found out that the virus has even been replicated to my rsync snapshots.
:(



Cheers,                                                 .^.
Mun Heng, Ow                                            /V\
H/M Engineering                                       /(   )\
Western Digital M'sia                                  ^^-^^
DID : 03-7870 5168                          The Linux Advocate

        


More information about the samba mailing list