[Samba] vfs object virusfilter not working
lists at zxt10d.de
lists at zxt10d.de
Tue Oct 11 06:38:38 UTC 2022
Am 10.10.2022 um 21:04 schrieb Rowland Penny via samba:
>
>
> On 10/10/2022 10:58, lists--- via samba wrote:
>>
>>
>> For testing I changed these lines ... but the result is the same, and
>> put them on [global] and next try on [public]:
>>
>> vfs objects = virusfilter
>> virusfilter:scanner = clamav
>> virusfilter:socket path = /var/run/clamav/clamd.ctl
>> virusfilter:scan on open = yes
>> virusfilter:scan on close = no
>> virusfilter:max file size = 100000000
>> virusfilter:min file size = 10
>> virusfilter:connect timeout = 300000
>> virusfilter:io timeout = 600000
>> virusfilter:infected file action = rename
>> virusfilter:rename prefix = virusfilter.
>> virusfilter:rename suffix = .infected
>>
>> Restarting samba and copying the eicar.com-file again shows this in
>> the log:
>> [2022/10/10 11:13:33.573839, 2]
>> ../../source3/smbd/open.c:1611(open_file)
>> nobody opened file eicar.com read=No write=No (numopen=2)
>> [2022/10/10 11:13:33.577165, 2]
>> ../../source3/smbd/close.c:833(close_normal_file)
>> nobody closed file eicar.com (numopen=0) NT_STATUS_OK
>> [2022/10/10 11:13:33.578962, 2]
>> ../../source3/smbd/open.c:1611(open_file)
>> nobody opened file eicar.com read=No write=No (numopen=2)
>> [2022/10/10 11:13:33.581848, 2]
>> ../../source3/smbd/close.c:833(close_normal_file)
>> nobody closed file eicar.com (numopen=0) NT_STATUS_OK
>>
>> At least it should rename the file, shouldn't it?
>>
>> Starting clamscan manually on that share finds the "virus":
>> /srv/samba/public/eicar.com: Win.Test.EICAR_HDB-1 FOUND
>>
>> netstat -lnp | grep -E "clam"
>> tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN 36374/clamd
>> unix 2 [ ACC ] STREAM HÖRT 70497 36374/clamd
>> /var/run/clamav/clamd.ctl
>>
>> Cheers,
>> Torsten
>>
>
> Thinking about this, try removing 'fruit streams_xattr' from the 'vfs
> objects' line and see if it then works.
>
> Rowland
So I did, removed vfs objects one by one, and later on I added one by
one again ... but the result is/was the same.
After that I set debug level to 5, and copied the file again.
Now I can see these lines (and several others ;)) on the log:
[2022/10/11 08:33:19.466341, 5]
../../source3/smbd/dosmode.c:68(dos_mode_debug_print)
dos_mode_debug_print: fdos_mode returning (0x20): "a"
[2022/10/11 08:33:19.466456, 3]
../../source3/modules/vfs_virusfilter.c:1493(virusfilter_vfs_close)
virusfilter_vfs_close: Not scanned: File not modified:
/srv/samba/test/eicar.com
Is there a way to enhance the loglevel for vfs-objects only?
Cheers,
Torsten
More information about the samba
mailing list