On Fri, 2004-03-26 at 14:29, James Kosin wrote: > Setup of samba-vscan-clamav is not too intuitive; but, it is doable. Major pain, really. It seems like Samba has no way to build modules outside of the source directory. That is just plain silly since they are dynamically loaded. > I'm still struggling with configuring it properly to work with ClamAV and the > permissions on the shared files. I think I may have to give ClamAV root > privileges to get it working fully with samba-vscan. clamd, or some portion of it, normally runs as root. I didn't need to change anything. I installed a package which provided a recent version of clamd with (yum install clamd) and enabled the server (chkconfig --add clamd && service clamd start). I believe YUM installed Dag Wieers (http://apt.sw.be/) clamd package. My "public" share is configured like this in /etc/samba/smb.conf: [public] vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf comment = Public Files path = /home/public writeable = yes And this is /etc/samba/vscan-clamav.conf: [samba-vscan] max file size = 5000000 verbose file logging = yes scan on open = yes scan on close = yes deny access on error = yes deny access on minor error = yes send warning message = yes infected file action = quarantine quarantine directory = /home/quarantine quarantine prefix = vir- max lru files entries = 100 lru file entry lifetime = 5 clamd socket name = /var/clamav/clamd.socket > By default, it will quarantine the file in the /tmp directory. 99.999% of > the time it probably is a virus. It also renames the file to vir-?????? ; > so you need the logfile to tell what file. But the logfile is very detailed > about what happened. Who accessed the file IP, file name, virus found / > reported I also added some extra auditing functions to my vscan-clamav module to log open, unlink, rename, and rmdir. (There have been problems where users would rename some critical business file and not remember what they renamed it.) I had intended to use a variation of the audit module. However, Samba (2.2.7a on RHL9) doesn't support more than one module per share. -- David Norris http://www.webaugur.com/dave/ ICQ - 412039
Attachment:
signature.asc
Description: This is a digitally signed message part
