alanpaterson
IS-IT--Management
Not too sure if I'll get any responses on this -- trying to set up ClamAV to scan my Samba shares as files are opened,
Have downloaded Clam AV 0.80 stable and ran freshclam -- got this:
ClamAV update process started at Fri Jan 21 11:46:25 2005
main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek)
daily.cvd is up to date (version: 676, sigs: 499, f-level: 3, builder: tomek)
so all ok there..
ran clamd at prompt and got little pause and away it went and it shows up in the ps ax list of process ok, so I'm guessing that's ok.
Downloaded and set up Samba Vscan and followed all the instructions adding these 'vfs' lines to my smb.conf
[dpsl]
comment = "The two 80GB SATA drive as one volume"
guest ok = yes
path = /dpsl/
browseable = yes
writeable = yes
create mask = 02775
directory mask = 02775
inherit permissions = Yes
vfs object = /usr/lib/samba/vfs/vscan-clamav.so
vfs options = config-file=/etc/samba/vscan-clamav.conf
but when these are added, and smbd restarted I get this in the samba log:
smbd version 3.0.4-SUSE started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/01/21 11:40:53, 0] param/loadparm.c:map_parameter(2424)
Unknown parameter encountered: "vfs options"
[2005/01/21 11:40:53, 0] param/loadparm.c:lp_do_parameter(3114)
Ignoring unknown parameter "vfs options"
[2005/01/21 11:40:54, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [/usr/lib/samba/vfs/vscan-clamav.so]
[2005/01/21 11:40:54, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for /usr/lib/samba/vfs/vscan-clamav.so
[2005/01/21 11:40:54, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service dpsl
[2005/01/21 11:40:54, 0] smbd/vfs.c:smb_register_vfs(184)
VFS module vscan-clamav already loaded!
[2005/01/21 11:40:54, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [/usr/lib/samba/vfs/vscan-clamav.so]
[2005/01/21 11:40:54, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for /usr/lib/samba/vfs/vscan-clamav.so
[2005/01/21 11:40:54, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service dpsl
[2005/01/21 11:40:54, 0] smbd/vfs.c:smb_register_vfs(184)
VFS module vscan-clamav already loaded!
[2005/01/21 11:40:54, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [/usr/lib/samba/vfs/vscan-clamav.so]
[2005/01/21 11:40:54, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for /usr/lib/samba/vfs/vscan-clamav.so
[2005/01/21 11:40:54, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service dpsl
here is my vscan-clamav.conf file:
; send a warning message via Windows Messenger service
; when virus is found?
; (default: yes)
send warning message = no
; what to do with an infected file
; quarantine: try to move to quantine directory; delete it if moving fails
; delete: delete infected file
; nothing: do nothing (default)
infected file action = quarantine
; where to put infected files - you really want to change this!
quarantine directory = /tmp
; prefix for files in quarantine
quarantine prefix = vir-
; as Windows tries to open a file multiple time in a (very) short time
; of period, samba-vscan use a last recently used file mechanism to avoid
; multiple scans of a file. This setting specified the maximum number of
; elements of the last recently used file list. (default: 100)
max lru files entries = 100
; an entry is invalidad after lru file entry lifetime (in seconds).
; (Default: 5)
lru file entry lifetime = 5
; exclude files from being scanned based on the MIME-type! Semi-colon
; seperated list (default: empty list). Use this with care!
exclude file types =
; socket name of clamd (default: /var/run/clamd). Setting will be ignored if
; libclamav is used
clamd socket name = /var/run/clamd
; limits, if vscan-clamav was build for using the clamav library (libclamav)
; instead of clamd
; maximum number of files in archive (default: 1000)
libclamav max files in archive = 1000
; maximum archived file sitze, in bytes (default: 10 MB)
libclamav max archived file size = 10 * 1048576
; maximum recursion level (default: 5)
libclamav max recursion level = 5
"vscan-clamav.conf" 75L, 2427C
--------------------------------------------------
Am I missing something daft?
Alan
Have downloaded Clam AV 0.80 stable and ran freshclam -- got this:
ClamAV update process started at Fri Jan 21 11:46:25 2005
main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek)
daily.cvd is up to date (version: 676, sigs: 499, f-level: 3, builder: tomek)
so all ok there..
ran clamd at prompt and got little pause and away it went and it shows up in the ps ax list of process ok, so I'm guessing that's ok.
Downloaded and set up Samba Vscan and followed all the instructions adding these 'vfs' lines to my smb.conf
[dpsl]
comment = "The two 80GB SATA drive as one volume"
guest ok = yes
path = /dpsl/
browseable = yes
writeable = yes
create mask = 02775
directory mask = 02775
inherit permissions = Yes
vfs object = /usr/lib/samba/vfs/vscan-clamav.so
vfs options = config-file=/etc/samba/vscan-clamav.conf
but when these are added, and smbd restarted I get this in the samba log:
smbd version 3.0.4-SUSE started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/01/21 11:40:53, 0] param/loadparm.c:map_parameter(2424)
Unknown parameter encountered: "vfs options"
[2005/01/21 11:40:53, 0] param/loadparm.c:lp_do_parameter(3114)
Ignoring unknown parameter "vfs options"
[2005/01/21 11:40:54, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [/usr/lib/samba/vfs/vscan-clamav.so]
[2005/01/21 11:40:54, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for /usr/lib/samba/vfs/vscan-clamav.so
[2005/01/21 11:40:54, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service dpsl
[2005/01/21 11:40:54, 0] smbd/vfs.c:smb_register_vfs(184)
VFS module vscan-clamav already loaded!
[2005/01/21 11:40:54, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [/usr/lib/samba/vfs/vscan-clamav.so]
[2005/01/21 11:40:54, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for /usr/lib/samba/vfs/vscan-clamav.so
[2005/01/21 11:40:54, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service dpsl
[2005/01/21 11:40:54, 0] smbd/vfs.c:smb_register_vfs(184)
VFS module vscan-clamav already loaded!
[2005/01/21 11:40:54, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [/usr/lib/samba/vfs/vscan-clamav.so]
[2005/01/21 11:40:54, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for /usr/lib/samba/vfs/vscan-clamav.so
[2005/01/21 11:40:54, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service dpsl
here is my vscan-clamav.conf file:
; send a warning message via Windows Messenger service
; when virus is found?
; (default: yes)
send warning message = no
; what to do with an infected file
; quarantine: try to move to quantine directory; delete it if moving fails
; delete: delete infected file
; nothing: do nothing (default)
infected file action = quarantine
; where to put infected files - you really want to change this!
quarantine directory = /tmp
; prefix for files in quarantine
quarantine prefix = vir-
; as Windows tries to open a file multiple time in a (very) short time
; of period, samba-vscan use a last recently used file mechanism to avoid
; multiple scans of a file. This setting specified the maximum number of
; elements of the last recently used file list. (default: 100)
max lru files entries = 100
; an entry is invalidad after lru file entry lifetime (in seconds).
; (Default: 5)
lru file entry lifetime = 5
; exclude files from being scanned based on the MIME-type! Semi-colon
; seperated list (default: empty list). Use this with care!
exclude file types =
; socket name of clamd (default: /var/run/clamd). Setting will be ignored if
; libclamav is used
clamd socket name = /var/run/clamd
; limits, if vscan-clamav was build for using the clamav library (libclamav)
; instead of clamd
; maximum number of files in archive (default: 1000)
libclamav max files in archive = 1000
; maximum archived file sitze, in bytes (default: 10 MB)
libclamav max archived file size = 10 * 1048576
; maximum recursion level (default: 5)
libclamav max recursion level = 5
"vscan-clamav.conf" 75L, 2427C
--------------------------------------------------
Am I missing something daft?
Alan
( and tried what you said, and yes, DPSL share is working, the av seems to be working also, it denies access to infected files, no read or execute allowed. I get this in the log.smbd file on SMBD startup though: