[Samba] vfs object virusfilter not working

[Rowland Penny]

On 10/10/2022 10:58, lists--- via samba wrote:
> 
> 
> 
> 
> For testing I changed these lines ... but the result is the same, and 
> put them on [global] and next try on [public]:
> 
>   vfs objects = virusfilter
>   virusfilter:scanner = clamav
>   virusfilter:socket path = /var/run/clamav/clamd.ctl
>   virusfilter:scan on open = yes
>   virusfilter:scan on close = no
>   virusfilter:max file size = 100000000
>   virusfilter:min file size = 10
>   virusfilter:connect timeout = 300000
>   virusfilter:io timeout = 600000
>   virusfilter:infected file action = rename
>   virusfilter:rename prefix = virusfilter.
>   virusfilter:rename suffix = .infected
> 
> Restarting samba and copying the eicar.com-file again shows this in the 
> log:
> [2022/10/10 11:13:33.573839,  2] ../../source3/smbd/open.c:1611(open_file)
>    nobody opened file eicar.com read=No write=No (numopen=2)
> [2022/10/10 11:13:33.577165,  2] 
> ../../source3/smbd/close.c:833(close_normal_file)
>    nobody closed file eicar.com (numopen=0) NT_STATUS_OK
> [2022/10/10 11:13:33.578962,  2] ../../source3/smbd/open.c:1611(open_file)
>    nobody opened file eicar.com read=No write=No (numopen=2)
> [2022/10/10 11:13:33.581848,  2] 
> ../../source3/smbd/close.c:833(close_normal_file)
>    nobody closed file eicar.com (numopen=0) NT_STATUS_OK
> 
> At least it should rename the file, shouldn't it?
> 
> Starting clamscan manually on that share finds the "virus":
> /srv/samba/public/eicar.com: Win.Test.EICAR_HDB-1 FOUND
> 
> netstat -lnp | grep -E "clam"
> tcp        0      0 0.0.0.0:3310            0.0.0.0:* LISTEN      
> 36374/clamd
> unix  2      [ ACC ]     STREAM     HÖRT         70497    36374/clamd 
>        /var/run/clamav/clamd.ctl
> 
> Cheers,
> Torsten
> 

Thinking about this, try removing 'fruit streams_xattr' from the 'vfs 
objects' line and see if it then works.

Rowland