[Samba] On access scanning with samba-vscan
rory.vieira at gmail.com
Sat Sep 2 10:43:55 GMT 2006
> I am trying to configure Samba as blocking virus transfer so that shares can be
> safe. I am using redhat el3 and fc4. I want to install samba-vscan, clamd. I
> have tried to install it from tar packages but i couldn't succeed it.
My colleage has been using the rpm's from samba.org on fc4 without a glitch.
I've been using clamav as my samba scanner on SuSE for quite some time
now, with nice results. It does have it's impact though...
On your share go:
vfs objects = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
; run-time configuration for vscan-samba using
; all options are set to default values
; do not scan files larger than X bytes. If set to 0 (default),
; this feature is disable (i.e. all files are scanned)
max file size = 10485760
; log all file access (yes/no). If set to yes, every access will
; be logged. If set to no (default), only access to infected files
; will be logged
verbose file logging = no
; if set to yes (default), a file will be scanned while opening
scan on open = yes
; if set to yes, a file will be scanned while closing (default is yes)
scan on close = yes
; if communication to clamd fails, should access to file denied?
; (default: yes)
deny access on error = no
; if daemon failes with a minor error (corruption, etc.),
; should access to file denied?
; (default: yes)
deny access on minor error = no
; send a warning message via Windows Messenger service
; when virus is found?
; (default: yes)
send warning message = yes
; what to do with an infected file
; quarantine: try to move to quantine directory
; delete: delete infected file
; nothing: do nothing (default)
infected file action = quarantine
; where to put infected files - you really want to change this!
quarantine directory = /opt/clamav/quarantine
; prefix for files in quarantine
quarantine prefix = vir-
; as Windows tries to open a file multiple time in a (very) short time
; of period, samba-vscan use a last recently used file mechanism to avoid
; multiple scans of a file. This setting specified the maximum number of
; elements of the last recently used file list. (default: 100)
max lru files entries = 100
; an entry is invalidad after lru file entry lifetime (in seconds).
; (Default: 5)
lru file entry lifetime = 5
; exclude files from being scanned based on the MIME-type! Semi-colon
; seperated list (default: empty list). Use this with care!
exclude file types =
; socket name of clamd (default: /var/run/clamd). Setting will be ignored if
; libclamav is used
clamd socket name = /tmp/clamd
; limits, if vscan-clamav was build for using the clamav library (libclamav)
; instead of clamd
; maximum number of files in archive (default: 1000)
libclamav max files in archive = 1000
; maximum archived file size, in bytes (default: 10 MB)
libclamav max archived file size = 5242880
; maximum recursion level (default: 5)
libclamav max recursion level = 5
This should do the trick quite nicely I think...
Obviously you need a running clam daemon for this to work.
Note that this is a working example for me using ClamAV.
You *should* have some examples on your system
(/usr/share/doc/somewhere) that target other scanners too... You
should be able to use any of them.
I'm currently working on making Norman AV working with Samba :)
Hope this helps,
rory dot vieira at gmail dot com
More information about the samba