[Samba] Samba + Antivirus
Maurício Ramos
Mauricio.Ramos at wedotechnologies.com
Thu Mar 11 09:36:29 MST 2010
List, we are working on implementing an antivirus solution (samba-vscan + clamav)on our samba shares. We performed the steps mentioned on some guides we found in Portuguese and things seems to be installed ok. But when we make a test and try to access a share, every file on it is not accessible (though we can mount the share) and after looking at /var/log/messages we see the following:
...
Mar 11 10:56:51 rhel5 smbd_vscan-clamav[5238]: samba-vscan (vscan-clamav 0.3.6b) registered (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Mar 11 10:56:51 rhel5 smbd_vscan-clamav[5238]: samba-vscan (vscan-clamav 0.3.6b) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Mar 11 10:56:51 rhel5 smbd_vscan-clamav[5238]: INFO: connect to service tmp by user mauramos
Mar 11 10:57:10 rhel5 smbd_vscan-clamav[5238]: ERROR: can not connect to clamd (socket: '/home/clamav/clamd.sock')!
Mar 11 10:57:10 rhel5 smbd_vscan-clamav[5238]: ERROR: can not communicate to daemon - access denied
Mar 11 10:57:10 rhel5 smbd_vscan-clamav[5238]: ERROR: can not connect to clamd (socket: '/home/clamav/clamd.sock')!
Mar 11 10:57:10 rhel5 smbd_vscan-clamav[5238]: ERROR: can not communicate to daemon - access denied
...
User mauramos takes part on "clamav" group. We put conf, log, pid, database and socket files under /home/clamav which is owned by user clamav and group clamav both with same permissions (rwx).
The number 5238 indicates the os pid and it is the connection I performed to the share ...
[root at rhel5 clamav]# ps -ef | grep 5238
mauramos 5238 5228 0 10:56 ? 00:00:00 smbd -D
root 5242 4873 0 10:57 pts/8 00:00:00 grep 5238
One note about clamd.conf. Parameter "User" is set to clamav to make the deamon runs and generates logs/pid files as user/group clamav and allow common users, like mauramos, that are part of the clamav group, to access all these files, including clamd.sock that is the one that is raising the error at /var/log/messages. It is said in the comments of clamd.conf that in order for this option to work, clamd must be started as root, but it does not matter if we start it with root or clamav, the result is the same.
We are using a RedHat Enterprise Linux 5 server, samba 3.0.23, clamv 0.95 and samba-vscan 0.36b.
Does anybody knows what could be? Can you give us a clue/help? Thanks you all!
Our config files are as follows:
-------------------
-- clamd.conf --
-------------------
LogFile /home/clamav/clamd.log
LogTime yes
PidFile /home/clamav/clamd.pid
TemporaryDirectory /home/clamav/tmp
DatabaseDirectory /home/clamav/database
LocalSocket /home/clamav/clamd.socket
TCPSocket 3310
MaxConnectionQueueLength 100
ReadTimeout 3000
CommandReadTimeout 30
User clamav
----------------------------
-- vscan-clamav.conf --
----------------------------
[samba-vscan]
max file size = 0
verbose file logging = no
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = yes
infected file action = quarantine
quarantine directory = /home/clamav/quarantine
quarantine prefix = vir-
max lru files entries = 100
lru file entry lifetime = 5
exclude file types =
clamd socket name = /home/clamav/clamd.sock
libclamav max files in archive = 1000
libclamav max archived file size = 10485760
libclamav max recursion level = 5
----------------------------------------
-- share definition at smb.conf --
----------------------------------------
[tmp]
comment = tmp
path = /tmp
valid users = mauramos assouza
public = yes
writable = yes
create mask = 0750
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
------------------------
-- freshclam.conf --
------------------------
DatabaseDirectory /home/clamav/database
UpdateLogFile /home/clamav/databaseUpdate.log
LogFileMaxSize 20M
LogTime yes
PidFile /home/clamav/freshclam.pid
DatabaseMirror database.clamav.net
More information about the samba
mailing list