SAMBA/LDAP
Postfix Mail Server
HA Clustering
Warning: Parameter 3 to mb_videobot() expected to be a reference, value given in /home/www/virtual/susethailand.com/htdocs/libraries/joomla/event/dispatcher.php on line 136
Samba + ClamAV
Written by Mr. Sontaya Photibut Saturday, 02 May 2009 14:46
ติดตั้ง Samba Server และ Clamav Antivirus
- Install Software (YaST)
samba, samba-vscan
clamav
$ yast sw_single
- Updata Clamav to version 0.94.2-0.1 (clamav-0.94.2-0.1.i586.rpm)
$ rpm -Fvh clamav-0.94.2-0.1.i586.rpm
$ rpm -Fvh amavisd-new-2.4.3-11.1.i586.rpm
$ rpm -ivh amavisd-new-debuginfo-2.4.3-11.1.i586.rpm
- Config samba-vscan
$ cp /usr/share/doc/packages/samba-vscan/vscan-clamav.conf /etc/samba
$ mkdir /var/run/clamd
$ chown vscan:vscan /var/run/clamd
$ mkdir /var/lib/clamav/quarantine
$ chown vscan /var/lib/clamav/quarantine
$ vi /etc/samba/vscan-clamav.conf
max file size = 0
verbose file logging = yes
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = yes
infected file action = quarantine
quarantine directory = /var/lib/clamav/quarantine
quarantine prefix = vir-
clamd socket name = /var/lib/clamav/clamd-socket
$ vi /etc/clamd.conf
LogFile /var/log/clamd
LogFileUnlock
LogSyslog
LogFacility LOG_MAIL
LogVerbose
PidFile /var/lib/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
FixStaleSocket
User vscan
$ vi /etc/samba/smb.conf
[backup]
comment = backup (virus-protected)
path = /backup/
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
browseable = Yes
inherit acls = Yes
read only = No
[data]
comment = data (virus-protected)
path = /data/
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
browseable = Yes
inherit acls = Yes
read only = No
$ rcsmb restart
$ rcclamd restart
Test:
$ cd /backup
$ wget http://www.eicar.org/download/eicar_com.zip
$ unzip eicar_com.zip
$ smbclient //localhost/backup
Enter root's password:
Domain=[BCSERIT01] OS=[Unix] Server=[Samba 3.0.28-0.5-1657-SUSE-CODE10]
smb: \> ls
smb: \> get eicar.com
NT_STATUS_ACCESS_DENIED opening remote file \eicar.com
smb: \> exit
Checking Log:
$ tail -f /var/log/messages
Dec 28 10:58:05 bcserit01 smbd_vscan-clamav[20553]: samba-vscan (vscan-clamav 0.3.6c beta4) registered (Sa mba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Dec 28 10:58:05 bcserit01 smbd_vscan-clamav[20553]: samba-vscan (vscan-clamav 0.3.6c beta4) connected (Sam ba 3.0), (c) by Rainer Link, OpenAntiVirus.org
Dec 28 10:58:05 bcserit01 smbd_vscan-clamav[20553]: INFO: connect to service backup by user root
Dec 28 10:58:55 bcserit01 smbd_vscan-clamav[20553]: INFO: Scanning file : '/backup/eicar.com'
Dec 28 10:58:55 bcserit01 smbd_vscan-clamav[20553]: ALERT - Scan result: '/backup/eicar.com' infected with virus 'Eicar-Test-Signature', client: '127.0.0.1'
Dec 28 10:58:55 bcserit01 smbd_vscan-clamav[20553]: INFO: quarantining file '/backup/eicar.com' to '/var/lib/clamav/quarantine/vir-Ua2aTf' was successful
Dec 28 11:04:17 bcserit01 smbd_vscan-clamav[20627]: INFO: disconnected
$ cd /var/lib/clamav/quarantine
เสร็จแล้วครับ เท่านี้คุณก็หมดห่วงเรื่อง Virus แล้วครับ สำหรับการแชร์ไฟล์.
Subscribe to this comment's feed
