On 10/10/2022 08:27, lists--- via samba wrote:> Good morning list :) > > I have a Debian-Bullseye system running as an ad-member server, using > Louis' 4.15 version. > > Now I wanted to add the virusscan feature, but it seems it doesn't work > proper ... > > As you can see in the log-entries, vfs-object [virusfilter] get loaded > ... and eicar.com-file could be stored.> ??????? virusfilter:rename suffix = .infected > ??????? virusfilter:infected file command = echo -e "Found virus during > on-access scanning of Samba share." | mail -s"Samba: Virus Found" > %EMAIL-ADRESS% > ??????? virusfilter:scan error command = echo -e "Scan error during > on-access scanning of Samba share." | mail -s"Samba: Scan Error" > %EMAIL-ADRESS% > [...] > > Is something missing? Or interfering? > > Thanks in advance! > > Cheers, > Torsten >I do not use the virus scanner, but could this be something as simple as you having to use the full path for 'echo' or do you have to run a script as in the example that samba provides ? Rowland
Am 10.10.2022 um 11:01 schrieb Rowland Penny via samba:> > > On 10/10/2022 08:27, lists--- via samba wrote: >> Good morning list :) >> >> I have a Debian-Bullseye system running as an ad-member server, using >> Louis' 4.15 version. >> >> Now I wanted to add the virusscan feature, but it seems it doesn't >> work proper ... >> >> As you can see in the log-entries, vfs-object [virusfilter] get loaded >> ... and eicar.com-file could be stored. > >> ???????? virusfilter:rename suffix = .infected >> ???????? virusfilter:infected file command = echo -e "Found virus >> during on-access scanning of Samba share." | mail -s"Samba: Virus >> Found" %EMAIL-ADRESS% >> ???????? virusfilter:scan error command = echo -e "Scan error during >> on-access scanning of Samba share." | mail -s"Samba: Scan Error" >> %EMAIL-ADRESS% >> [...] >> >> Is something missing? Or interfering? >> >> Thanks in advance! >> >> Cheers, >> Torsten >> > > I do not use the virus scanner, but could this be something as simple as > you having to use the full path for 'echo' or do you have to run a > script as in the example that samba provides ? > > RowlandFor testing I changed these lines ... but the result is the same, and put them on [global] and next try on [public]: vfs objects = virusfilter virusfilter:scanner = clamav virusfilter:socket path = /var/run/clamav/clamd.ctl virusfilter:scan on open = yes virusfilter:scan on close = no virusfilter:max file size = 100000000 virusfilter:min file size = 10 virusfilter:connect timeout = 300000 virusfilter:io timeout = 600000 virusfilter:infected file action = rename virusfilter:rename prefix = virusfilter. virusfilter:rename suffix = .infected Restarting samba and copying the eicar.com-file again shows this in the log: [2022/10/10 11:13:33.573839, 2] ../../source3/smbd/open.c:1611(open_file) nobody opened file eicar.com read=No write=No (numopen=2) [2022/10/10 11:13:33.577165, 2] ../../source3/smbd/close.c:833(close_normal_file) nobody closed file eicar.com (numopen=0) NT_STATUS_OK [2022/10/10 11:13:33.578962, 2] ../../source3/smbd/open.c:1611(open_file) nobody opened file eicar.com read=No write=No (numopen=2) [2022/10/10 11:13:33.581848, 2] ../../source3/smbd/close.c:833(close_normal_file) nobody closed file eicar.com (numopen=0) NT_STATUS_OK At least it should rename the file, shouldn't it? Starting clamscan manually on that share finds the "virus": /srv/samba/public/eicar.com: Win.Test.EICAR_HDB-1 FOUND netstat -lnp | grep -E "clam" tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN 36374/clamd unix 2 [ ACC ] STREAM H?RT 70497 36374/clamd /var/run/clamav/clamd.ctl Cheers, Torsten
Sorry for messaging you directly, Rowland!
Am 10.10.2022 um 11:01 schrieb Rowland Penny via samba:
>
>
> On 10/10/2022 08:27, lists--- via samba wrote:
>> Good morning list ?
>>
>> I have a Debian-Bullseye system running as an ad-member server,
using Louis' 4.15 version.
>>
>> Now I wanted to add the virusscan feature, but it seems it doesn't
work proper ...
>>
>> As you can see in the log-entries, vfs-object [virusfilter] get
loaded ... and eicar.com-file could be stored.
>
>> virusfilter:rename suffix = .infected
>> virusfilter:infected file command = echo -e "Found virus
during on-access scanning of Samba share." | mail -s"Samba: Virus
Found"
%EMAIL-ADRESS%
>> virusfilter:scan error command = echo -e "Scan error
during
on-access scanning of Samba share." | mail -s"Samba: Scan Error"
%EMAIL-ADRESS%
>> [...]
>>
>> Is something missing? Or interfering?
>>
>> Thanks in advance!
>>
>> Cheers,
>> Torsten
>>
>
> I do not use the virus scanner, but could this be something as simple
as you having to use the full path for 'echo' or do you have to run a
script as in the example that samba provides ?
>
> Rowland
For testing I changed these lines ... but the result is the same, and
put them on [global] and next try on [public]:
?vfs objects = virusfilter
?virusfilter:scanner = clamav
?virusfilter:socket path = /var/run/clamav/clamd.ctl
?virusfilter:scan on open = yes
?virusfilter:scan on close = no
?virusfilter:max file size = 100000000
?virusfilter:min file size = 10
?virusfilter:connect timeout = 300000
?virusfilter:io timeout = 600000
?virusfilter:infected file action = rename
?virusfilter:rename prefix = virusfilter.
?virusfilter:rename suffix = .infected
Restarting samba and copying the eicar.com-file again shows this in the log:
[2022/10/10 11:13:33.573839, 2] ../../source3/smbd/open.c:1611(open_file)
nobody opened file eicar.com read=No write=No (numopen=2)
[2022/10/10 11:13:33.577165, 2]
../../source3/smbd/close.c:833(close_normal_file)
nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 11:13:33.578962, 2] ../../source3/smbd/open.c:1611(open_file)
nobody opened file eicar.com read=No write=No (numopen=2)
[2022/10/10 11:13:33.581848, 2]
../../source3/smbd/close.c:833(close_normal_file)
nobody closed file eicar.com (numopen=0) NT_STATUS_OK
At least it should rename the file, shouldn't it?
Starting clamscan manually on that share finds the "virus":
/srv/samba/public/eicar.com: Win.Test.EICAR_HDB-1 FOUND
netstat -lnp | grep -E "clam"
tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN
36374/clamd
unix 2 [ ACC ] STREAM H?RT 70497 36374/clamd
/var/run/clamav/clamd.ctl
Cheers,
Torsten