[Samba] Samba Shares and Win32 Viruses
Ow Mun Heng
ow.mun.heng at wdc.com
Fri Apr 9 03:37:22 GMT 2004
Hi Collective users of Samba, (does has a nice ring to it eh?)
Recently I found a my samba server being infected by win32 viruses.
Though it does not affect the server in any way, I do find them to be
an annoyance.
I understand also that I can perform "veto" of files like *.exe in smb.conf
but find that to be a wee bit restrictive. There are some users who
stores valid executables in the shares.
http://hr.uoregon.edu/davidrl/samba-unofficial.html
"To prevent access to suspicious files (e.g., those that tend to become
infected by virus'), use the following. The last bit prevents access to
files with a CLSID in the file extension.
veto files = /*.exe/*.dll/*.pif/*.com/*.vbs/*.{*}/"
I've also read that there is a sort of a plugin for scanning samba shares
using an open-sourced virus scanner
www.openantivirus.org but upon looking at it, I noticed that development
in this stopped like 2 years ago. (based on last date of file release)
Also there is a disclaimer in the project page that asks users to not
rely on it.
So, collective users of SAMBA, what is the best way to mitigate this
issue??
I found out that the virus has even been replicated to my rsync snapshots.
:(
Cheers, .^.
Mun Heng, Ow /V\
H/M Engineering /( )\
Western Digital M'sia ^^-^^
DID : 03-7870 5168 The Linux Advocate
More information about the samba
mailing list