Best AntiVirus for Fedora Core 1
David L Norris
dave at webaugur.com
Fri Mar 26 15:08:25 UTC 2004
On Fri, 2004-03-26 at 14:29, James Kosin wrote:
> Setup of samba-vscan-clamav is not too intuitive; but, it is doable.
Major pain, really. It seems like Samba has no way to build modules
outside of the source directory. That is just plain silly since they
are dynamically loaded.
> I'm still struggling with configuring it properly to work with ClamAV and the
> permissions on the shared files. I think I may have to give ClamAV root
> privileges to get it working fully with samba-vscan.
clamd, or some portion of it, normally runs as root. I didn't need to
change anything. I installed a package which provided a recent version
of clamd with (yum install clamd) and enabled the server (chkconfig
--add clamd && service clamd start). I believe YUM installed Dag Wieers
(http://apt.sw.be/) clamd package.
My "public" share is configured like this in /etc/samba/smb.conf:
[public]
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
comment = Public Files
path = /home/public
writeable = yes
And this is /etc/samba/vscan-clamav.conf:
[samba-vscan]
max file size = 5000000
verbose file logging = yes
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = yes
infected file action = quarantine
quarantine directory = /home/quarantine
quarantine prefix = vir-
max lru files entries = 100
lru file entry lifetime = 5
clamd socket name = /var/clamav/clamd.socket
> By default, it will quarantine the file in the /tmp directory. 99.999% of
> the time it probably is a virus. It also renames the file to vir-?????? ;
> so you need the logfile to tell what file. But the logfile is very detailed
> about what happened. Who accessed the file IP, file name, virus found /
> reported
I also added some extra auditing functions to my vscan-clamav module to
log open, unlink, rename, and rmdir. (There have been problems where
users would rename some critical business file and not remember what
they renamed it.) I had intended to use a variation of the audit
module. However, Samba (2.2.7a on RHL9) doesn't support more than one
module per share.
--
David Norris
http://www.webaugur.com/dave/
ICQ - 412039
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040326/c27a2a57/attachment-0001.sig>
More information about the fedora-list
mailing list