Samba + Antivirus
in [Samba]
|
From: Alexander on 12 Mar 2010 04:00 2010/3/11 MaurÃcio Ramos Mauricio.Ramos(a)wedotechnologies.com > > -- clamd.conf -- > LocalSocket /home/clamav/clamd.socket > > -- vscan-clamav.conf -- > clamd socket name = /home/clamav/clamd.sock Looks like you've got a discrepancy/typo in your clamav and samba-vscan config files that is causing that. cheers, Alexander -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Maurício Ramos on 12 Mar 2010 09:50 Hello Alexander, List⦠Yes that´s the mistake! Now things are working just fine!! We are using the âEicar Test Virusâ in 2 files. Both are not allowed access and the others are ok. Mar 12 11:00:51 rhel5 smbd_vscan-clamav[29609]: samba-vscan (vscan-clamav 0.3.6c beta5) registered (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org Mar 12 11:00:51 rhel5 smbd_vscan-clamav[29609]: samba-vscan (vscan-clamav 0.3.6c beta5) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org Mar 12 11:00:51 rhel5 smbd_vscan-clamav[29609]: INFO: connect to service tmp by user mauramos Mar 12 11:01:30 rhel5 smbd_vscan-clamav[29609]: ALERT - Scan result: '/tmp/teste_clamav.txt' infected with virus 'Eicar-Test-Signature', client: '172.26.129.129' Mar 12 11:01:30 rhel5 smbd_vscan-clamav[29609]: ERROR: quarantining file '/tmp/teste_clamav.txt' to '/home/clamav/quarantine/vir-ao7wgD' failed, reason: Operação não permitida Mar 12 11:02:17 rhel5 smbd_vscan-clamav[29609]: ALERT - Scan result: '/tmp/teste_antivirus_samba_clamav.txt' infected with virus 'Eicar-Test-Signature', client: '172.26.129.129' Mar 12 11:02:17 rhel5 smbd_vscan-clamav[29609]: ERROR: quarantining file '/tmp/teste_antivirus_samba_clamav.txt' to '/home/clamav/quarantine/vir-kmBxUg' failed, reason: Operação não permitida [root(a)rhel5 tmp]# more teste_clamav.txt X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* [root(a)rhel5 tmp]# more teste_antivirus_samba_clamav.txt X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* File clamd.log records the detected vÃrus⦠[root(a)rhel5 clamav]# tail -f clamd.log Fri Mar 12 10:57:40 2010 -> Algorithmic detection enabled. Fri Mar 12 10:57:40 2010 -> Portable Executable support enabled. Fri Mar 12 10:57:40 2010 -> ELF support enabled. Fri Mar 12 10:57:40 2010 -> Mail files support enabled. Fri Mar 12 10:57:40 2010 -> OLE2 support enabled. Fri Mar 12 10:57:40 2010 -> PDF support enabled. Fri Mar 12 10:57:40 2010 -> HTML support enabled. Fri Mar 12 10:57:40 2010 -> Self checking every 600 seconds. Fri Mar 12 11:01:30 2010 -> /tmp/teste_clamav.txt: Eicar-Test-Signature FOUND Fri Mar 12 11:02:17 2010 -> /tmp/teste_antivirus_samba_clamav.txt: Eicar-Test-Signature FOUND ⦠and they are moved to quarantine [root(a)rhel5 clamav]# ls -la /home/clamav/quarantine/ total 8 drwxrwx--- 2 clamav clamav 4096 Mar 12 11:02 . drwxrwx--- 7 clamav clamav 4096 Mar 12 10:57 .. -rw------- 1 mauramos users 0 Mar 12 11:01 vir-ao7wgD -rw------- 1 mauramos users 0 Mar 12 11:02 vir-kmBxUg Thanks a lot for the help. Below I reproduce the steps to configure all the environment: 1) Install and configure samba 2) Install and configure clamav 3) Download, â./configureâ and âmake protoâ the source of the running samba server 4) Download samba-vscan, â./configure --with-samba-source=<path to samba source âsourceâ dir>â and âmake clamavâ 5) Copy âvscan-clamav.soâ to â/usr/lib/samba/vfsâ (this path can vary) 6) Copy âvscan-clamav.confâ from â<samba-vscan-source-dir>clamavâ to â/etc/sambaâ 7) Configure smb.conf at each share to be protected with lines like vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf 8) Update clamav database using freshclam 9) Start everything 10) Create a text file with the following content inside a protected share (harmless eicar test virus) X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* We are using, now, samba 3.0.33 and this version needs samba-vscan0.3.6c. the previous version of samba we were using (3.0.23c) needed samba-vscan0.3.6b. Again, thaks you all for the support! Mauricio. From: Alexander [mailto:forsmbg(a)googlemail.com] Sent: sexta-feira, 12 de março de 2010 05:56 To: samba(a)lists.samba.org; MaurÃcio Ramos Subject: Re: [Samba] Samba + Antivirus 2010/3/11 MaurÃcio Ramos Mauricio.Ramos(a)wedotechnologies.com<mailto:Mauricio.Ramos(a)wedotechnologies.com> -- clamd.conf -- LocalSocket /home/clamav/clamd.socket -- vscan-clamav.conf -- clamd socket name = /home/clamav/clamd.sock Looks like you've got a discrepancy/typo in your clamav and samba-vscan config files that is causing that. cheers, Alexander -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] removing roaming profiles. Next: 3.4.6 slow access to shares [SOLVED] |