K12LTSP Samba Home folders OnAccess virus scanning

From K12LTSP Wiki

Jump to: navigation, search

The following how to is for setting up samba-vscan-clamav to integrate with Samba shares for your users home folders.This is for Samba-3.0.23c which ships with EL5 / K12LTSP El5.

samba-vscan-clamav for version 3.0.23c of Samba

Intall , configuration, testing for samba-vcsan-clamav for Samba on-access virus scanning. This module has been compiled for version Samba-3.0.23c. It may/probably will work on a couple versions earlier or later of Samba as well. The difference being the VFS module version that is used in your version of Samba.( This is the default version that ships with EL5 Redhat). ________________________________________________________________

Install:

1. Copy the vscan-clamav.so to /usr/lib/samba/vfs ( you should see several other .so files in this directory)

2. Copy the vscan-clmav.conf file to /etc/samba

3. Copy the contents of samba-vscan-smbconf and paste this into the bottm of your existing smb.conf file.

DONE

______________________________________________________________

Test:

1. Restart Samba - service smb restart

2. Run testparm,just to make sure you don't habe any syntax errors in your smb.conf file.

3. Copy eicar.com to /tmp

4. Run the smbclient to verify samba-vscan-clamav is functioning as it should.

smbclient //localhost/vscan

At the smbclient command line try to retrieve eicar.com

- get eicar.com

-> access should be denied!!!

everything should be logged via syslog

5. After succesfully doing your testing you should add the following two line to either each of your samba share directories,or to the global section of your smb.conf to scan ALL of your samba share directories; vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

Troubleshoot:

1. If once you perform all this and you can not connect to your Samba shares most likely this module is not compatable with your version of Samba due to the VFS version used. Look in your syslog for" This version ofsamba-vscan is compiled with VFS v.123 and you have VFS v.456".

2.If this is the case simply comment out the [vscan} share you setup in smb.conf.and 'service smb restart' ,You are back to original smb.conf

3. In your vscan-clamav.conf file you copied to /etc/samba dir you may have to edit the path of; clamd socket name = /var/run/clamav/clamd.sock to clamd socket name = /tmp/clamd.socket if you are using default rpm install of all clamav components.. This will shoe up in syslog obvious on what to adjust to.

DONE

Below is a link to a precompiled samba-vscan-clamav module that work with Samba-3.0.23c which ships with El5 K12LTSP EL5. This may/probabkly will work on a couple older and newer versions of Samba. the diffrence being what version of VFS your version of Samba was built with. Note: The zip file contains the eicar.com test virus,so you will undoubtly get a virus detected when downloading the zip file.

[1] - samba-vscan-clamav_3.0.23c.zip

Retrieved from "http://www.k12ltsp.org/mediawiki/index.php/K12LTSP_Samba_Home_folders_OnAccess_virus_scanning"
Personal tools