Samba 防毒 (samba-virusfilter)

 

 

 

apt-get install clamav arj unzoo lha clamav-freshclam clamav-daemon clamav-testfiles build-essential

clamscan -ir /usr/share/clamav-testfiles

 


 

apt-get install dpkg-dev
apt-get source samba
apt-get build-dep samba

./debian/rules

 clamav
 
run ./configure in<samba-source>/source

 your vendor uses it's own version (e.g. 3.0-vendor) please use
--with-samba-version=VERSION to set the version correctly.

apt-get install  libmagic-dev libpcre3-dev
#regexp-exclude support

./configure --with-samba-source=/usr/src/samba-3.6.3/source3

** Configuration summary for samba-vscan 0.3.6c beta5 :

 Compile samba-vscan for Samba      : "3.6.3"
 Compile samba-vscan with sources in: /usr/src/samba-3.6.3/source3
 Compile samba-vscan backends       : oav sophos fprotd fsav trend icap mksd kavp clamav nai antivir
 Use GLOBAL_LIBS                    :
 Use libmksd as                     : builtin
 Use libkavdc as                    : builtin

# 只找立一種 backend (clamav)
 
make clamav

make install

 

P.S.

* samba-vscan does not support Samba 3.2 and later.
 


 

samba-virusfilter

 

samba-vscan 已死, 它的後續就是 samba-virusfilter 了

  • Support: Samba 3.5.x and 3.6.x
  • Support: ClamAV clamd, F-Secure AV fsavd , Sophos AV savdid

官網:

https://github.com/fumiyas/samba-virusfilter

 

安裝

在有 samba-vscan 背景下

  $ ./configure --with-samba-source=/usr/src/samba-3.6.3/source3 --prefix=/usr

 

Configuration summary for samba-virusfilter 0.1.3:

Samba:
  Source directory:             /usr/src/samba-3.6.3/source3
  Version:                      3.6.3
  VFS interface version:        28
  Install prefix:               /usr

Anti-Virus daemons:
  ClamAV clamd:                 /usr/sbin/clamd
  F-Secure AV fsavd:            /opt/f-secure/fssp/sbin/fsavd
  Sophos AV savdid:             /usr/local/bin/savdid

 

  $ make

  $ make test
  ...
  # su -
  Password: xxxxxxxx

  # make install

Creating directory /usr/lib/vfs
Installing file svf-fsav.so into /usr/lib/vfs
Installing file svf-sophos.so into /usr/lib/vfs
Installing file svf-clamav.so into /usr/lib/vfs

Creating directory /usr/share/samba/bin
Installing file svf-notify.cmd into /usr/share/samba/bin

 

設定:

cp /usr/lib/vfs/* /usr/lib/samba/vfs/

cp etc/smb.svf-clamav.conf.example /etc/samba/smb.svf-clamav.conf

 

在 /etc/smb/smb.conf 內加入

vfs objects = ... svf-clamav ...

# 多行 vfs objects 會無效 !!

include = /etc/samba/smb.svf-clamav.conf

 

檔案 smb.svf-clamav.conf:

svf-clamav:scan on open = yes
svf-clamav:scan on close = no
# 單位 byte
svf-clamav:max file size = 100000000
svf-clamav:min file size = 0

# nothing, delete
svf-clamav:infected file action = quarantine
svf-clamav:quarantine directory  = /home/quarantine
svf-clamav:quarantine prefix = vir-
;svf-clamav:infected file command = /usr/share/samba/bin/svf-notify --mail-to virusmaster@example.com --cc "%U@example.com" --from samba@example.com --subject-prefix "Samba: Infected File: "
;svf-clamav:scan error command = /usr/share/samba/bin/svf-notify --mail-to virusmaster@example.com --from samba@example.com --subject-prefix "Samba: Scan Error: "

 

測試:

 

 

依賴:

ksh
smbclient

3.6.3-2ubuntu2.3
/usr/share/samba/bin/svf-notify