Hi Collective users of Samba, (does has a nice ring to it eh?)
Recently I found a my samba server being infected by win32 viruses.
Though it does not affect the server in any way, I do find them to be
an annoyance.
I understand also that I can perform "veto" of files like *.exe in
smb.conf
but find that to be a wee bit restrictive. There are some users who
stores valid executables in the shares.
http://hr.uoregon.edu/davidrl/samba-unofficial.html
"To prevent access to suspicious files (e.g., those that tend to become
infected by virus'), use the following. The last bit prevents access to
files with a CLSID in the file extension.
veto files = /*.exe/*.dll/*.pif/*.com/*.vbs/*.{*}/"
Cheers, .^.
Mun Heng, Ow /V\
H/M Engineering /( )\
Western Digital M'sia ^^-^^
DID : 03-7870 5168 The Linux Advocate
Hi Collective users of Samba, (does has a nice ring to it eh?)
Recently I found a my samba server being infected by win32 viruses.
Though it does not affect the server in any way, I do find them to be
an annoyance.
I understand also that I can perform "veto" of files like *.exe in
smb.conf
but find that to be a wee bit restrictive. There are some users who
stores valid executables in the shares.
http://hr.uoregon.edu/davidrl/samba-unofficial.html
"To prevent access to suspicious files (e.g., those that tend to become
infected by virus'), use the following. The last bit prevents access to
files with a CLSID in the file extension.
veto files = /*.exe/*.dll/*.pif/*.com/*.vbs/*.{*}/"
I've also read that there is a sort of a plugin for scanning samba shares
using an open-sourced virus scanner
www.openantivirus.org but upon looking at it, I noticed that development
in this stopped like 2 years ago. (based on last date of file release)
Also there is a disclaimer in the project page that asks users to not
rely on it.
So, collective users of SAMBA, what is the best way to mitigate this
issue??
I found out that the virus has even been replicated to my rsync snapshots.
:(
Cheers, .^.
Mun Heng, Ow /V\
H/M Engineering /( )\
Western Digital M'sia ^^-^^
DID : 03-7870 5168 The Linux Advocate
Ow Mun Heng schrieb:> Hi Collective users of Samba, (does has a nice ring to it eh?) > > Recently I found a my samba server being infected by win32 viruses. > Though it does not affect the server in any way, I do find them to be > an annoyance. > > I understand also that I can perform "veto" of files like *.exe in smb.conf > but find that to be a wee bit restrictive. There are some users who > stores valid executables in the shares. > > http://hr.uoregon.edu/davidrl/samba-unofficial.html > > "To prevent access to suspicious files (e.g., those that tend to become > infected by virus'), use the following. The last bit prevents access to > files with a CLSID in the file extension. > > veto files = /*.exe/*.dll/*.pif/*.com/*.vbs/*.{*}/" > > > > Cheers, .^. > Mun Heng, Ow /V\ > H/M Engineering /( )\ > Western Digital M'sia ^^-^^ > DID : 03-7870 5168 The Linux Advocate > >the best way will be to use vfs and antivirus software on that shares
> -----Original Message----- > From: samba-bounces+ow.mun.heng=wdc.com@lists.samba.org > > Ow Mun Heng schrieb: > > > Hi Collective users of Samba, (does has a nice ring to it eh?) > > > > Recently I found a my samba server being infected by win32 viruses. > > Though it does not affect the server in any way, I do find > them to be > > an annoyance. > > > > I understand also that I can perform "veto" of files like > *.exe in smb.conf > > but find that to be a wee bit restrictive. There are some users who > > stores valid executables in the shares. > > > > http://hr.uoregon.edu/davidrl/samba-unofficial.html > > > > "To prevent access to suspicious files (e.g., those that > tend to become > > infected by virus'), use the following. The last bit > prevents access to > > files with a CLSID in the file extension. > > > > veto files = /*.exe/*.dll/*.pif/*.com/*.vbs/*.{*}/"> > > > > the best way will be to use vfs and antivirus software on that sharesAny more info other than that? I found Clam-AV and I also found samba-vscan. How do I set things up? vfs? etc.