[Samba] vfs object virusfilter not working

lists at zxt10d.de lists at zxt10d.de
Mon Oct 10 07:27:15 UTC 2022 

Good morning list :)

I have a Debian-Bullseye system running as an ad-member server, using 
Louis' 4.15 version.

Now I wanted to add the virusscan feature, but it seems it doesn't work 
proper ...

As you can see in the log-entries, vfs-object [virusfilter] get loaded 
... and eicar.com-file could be stored.
[quote]
[2022/10/10 08:17:54.119900,  3] ../../lib/util/access.c:316(allow_access)
   Allowed connection from %IP-ADRESS% (%IP-ADRESS%)
[2022/10/10 08:17:54.120147,  3] 
../../source3/smbd/service.c:610(make_connection_snum)
   make_connection_snum: Connect path is '/srv/samba/public' for service 
[public]
[2022/10/10 08:17:54.120245,  3] 
../../source3/smbd/vfs.c:115(vfs_init_default)
   Initialising default vfs hooks
[2022/10/10 08:17:54.120287,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [/[Default VFS]/]
[2022/10/10 08:17:54.120331,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [virusfilter]
[2022/10/10 08:17:54.120371,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [full_audit]
[2022/10/10 08:17:54.120410,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [recycle]
[2022/10/10 08:17:54.120447,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [acl_xattr]
[2022/10/10 08:17:54.120485,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [streams_xattr]
[2022/10/10 08:17:54.120522,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [fruit]
[2022/10/10 08:17:54.121289,  2] 
../../source3/modules/vfs_acl_xattr.c:203(connect_acl_xattr)
   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
true' and 'force unknown acl user = true' for service public
[2022/10/10 08:17:54.134794,  2] 
../../source3/smbd/service.c:854(make_connection_snum)
   desktop-76igot6 (ipv4:%IP-ADRESS%:50634) connect to service public 
initially as user nobody (uid=65534, gid=65534) (pid 2047)
[2022/10/10 08:17:54.136696,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com read=No write=No (numopen=2)
[2022/10/10 08:17:54.140097,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 08:17:54.142526,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com read=No write=No (numopen=4)
[2022/10/10 08:17:54.143173,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com:Zone.Identifier read=No write=No (numopen=3)
[2022/10/10 08:17:54.146299,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com:Zone.Identifier (numopen=1) NT_STATUS_OK
[2022/10/10 08:17:54.146543,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 08:17:54.148970,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com read=No write=No (numopen=4)
[2022/10/10 08:17:54.149584,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com:Zone.Identifier read=No write=No (numopen=3)
[2022/10/10 08:17:54.152873,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com:Zone.Identifier (numopen=1) NT_STATUS_OK
[2022/10/10 08:17:54.153112,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 08:17:54.154951,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com read=No write=No (numopen=2)
[2022/10/10 08:17:54.158274,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 08:18:08.709528,  2] 
../../source3/smbd/close.c:833(close_normal_file)
[/quote]

smb.conf's [global] section:

[...]
         vfs objects = fruit streams_xattr acl_xattr recycle full_audit 
virusfilter
         fruit:nfs_aces = no
         fruit:delete_empty_adfiles = yes
         fruit:wipe_intentionally_left_blank_rfork = yes
         fruit:veto_appledouble = no
         fruit:posix_rename = yes
         fruit:model = MacSamba
         fruit:metadata = stream

         virusfilter:scanner = clamav
         virusfilter:socket path = /var/run/clamav/clamd.ctl
         virusfilter:scan on open = yes
         virusfilter:scan on close = no
         virusfilter:max file size = 100000000
         virusfilter:min file size = 10
         virusfilter:connect timeout = 300000
         virusfilter:io timeout = 600000
         virusfilter:infected file action = rename
         virusfilter:rename prefix = virusfilter.
         virusfilter:rename suffix = .infected
         virusfilter:infected file command = echo -e "Found virus during 
on-access scanning of Samba share." | mail -s"Samba: Virus Found" 
%EMAIL-ADRESS%
         virusfilter:scan error command = echo -e "Scan error during 
on-access scanning of Samba share." | mail -s"Samba: Scan Error" 
%EMAIL-ADRESS%
[...]

srw-rw-rw- 1 clamav clamav 0 10. Okt 07:41 /var/run/clamav/clamd.ctl

Is something missing? Or interfering?

Thanks in advance!

Cheers,
Torsten

More information about the samba mailing list