Re: Best AntiVirus for Fedora Core 1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2004-03-26 at 14:29, James Kosin wrote:
> Setup of samba-vscan-clamav is not too intuitive; but, it is doable.

Major pain, really.  It seems like Samba has no way to build modules
outside of the source directory.  That is just plain silly since they
are dynamically loaded.

> I'm still struggling with configuring it properly to work with ClamAV and the
> permissions on the shared files.  I think I may have to give ClamAV root
> privileges to get it working fully with samba-vscan.

clamd, or some portion of it, normally runs as root.  I didn't need to
change anything.  I installed a package which provided a recent version
of clamd with (yum install clamd) and enabled the server (chkconfig
--add clamd && service clamd start).  I believe YUM installed Dag Wieers
(http://apt.sw.be/) clamd package.


My "public" share is configured like this in /etc/samba/smb.conf:
[public]
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
comment = Public Files
path = /home/public
writeable = yes


And this is /etc/samba/vscan-clamav.conf:
[samba-vscan]
max file size = 5000000
verbose file logging = yes
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = yes
infected file action = quarantine
quarantine directory  = /home/quarantine
quarantine prefix = vir-
max lru files entries = 100
lru file entry lifetime = 5
clamd socket name = /var/clamav/clamd.socket


> By default, it will quarantine the file in the /tmp directory.  99.999% of
> the time it probably is a virus.  It also renames the file to vir-?????? ;
> so you need the logfile to tell what file.  But the logfile is very detailed
> about what happened.  Who accessed the file IP, file name, virus found /
> reported

I also added some extra auditing functions to my vscan-clamav module to
log open, unlink, rename, and rmdir.  (There have been problems where
users would rename some critical business file and not remember what
they renamed it.)  I had intended to use a variation of the audit
module.  However, Samba (2.2.7a on RHL9) doesn't support more than one
module per share.

-- 
 David Norris
  http://www.webaugur.com/dave/
  ICQ - 412039

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux