Sullivan, James (NIH/CIT)
2004-Jul-20 17:10 UTC
[Samba] Virus checker leaving "chmod of" files in samba log
Hi all, I am running a Samba 3.0.0-14.3E server on a RedHat Enterprise WS3. Here's the problem: When I am connected from my PC (Windows 2000) and run the MacAffee v4.5.1 virus scanner on the connected share, I see the following in the Samba log file (debug level=2) for what appears to be each file in the share: [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/trans2.c:call_trans2setfilepathinfo(3091) chmod of media/._media1.pov failed (Operation not permitted) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=No write=Yes (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) Note the "chmod of media/._media1.pov failed (Operation not permitted)" line. Does anyone know what the virus scanner is trying to do? -Jim
Sullivan, James (NIH/CIT)
2004-Jul-20 18:55 UTC
[Samba] Virus checker leaving "chmod of" files in samba log
I have some more information and a possible clue to what is going on here. 1) The "chmod" was only happening to files that I did not own. 2) These files were on Samba shares that I had write access to. Readonly shares did not give me this behavior on any file. Writable shares only gave me this behavior on files I did not own. This behavior was noted in the archives: http://lists.samba.org/archive/samba/2003-March/063621.html and http://lists.samba.org/archive/samba-technical/2003-November/032624.html with the first reference stating the following: ----- When the laptop user connects to the network, and starts to synchronize, the synchronization fails with "NT_STATUS_ACCESS_DENIED". A bit of tracing through debugging output show that: * Synchronization fails only on files not owned by the laptop owner * The laptop user is in the correct unix group to read and write these files, and smbd knows this. * Some packet dumping shows that the actual point of failure comes when the laptop issues a SET_FILE_INFORMATION request. It looks like XP is trying to set the mode of the files (even though it doesn't need to). Samba is "doing the right thing" and translates this into a chmod call, which fails correctly due to the file owner not being the laptop user. ----- Now I was running a Virus Scanner and not synchronizing my files (knowingly), but the behavior is the same and repeatable. I'm guessing that the virus scanner is performing a syncronization during its scanning. Anyway, it seems harmless but really clogs the logs at debug level 2! Any other pointers appreciated. It appears harmless but will be keeping my eye on it. -Jim -----Original Message----- From: Sullivan, James (NIH/CIT) Sent: Tuesday, July 20, 2004 1:09 PM To: 'samba@lists.samba.org' Subject: [Samba] Virus checker leaving "chmod of" files in samba log Hi all, I am running a Samba 3.0.0-14.3E server on a RedHat Enterprise WS3. Here's the problem: When I am connected from my PC (Windows 2000) and run the MacAffee v4.5.1 virus scanner on the connected share, I see the following in the Samba log file (debug level=2) for what appears to be each file in the share: [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/trans2.c:call_trans2setfilepathinfo(3091) chmod of media/._media1.pov failed (Operation not permitted) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=No write=Yes (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) Note the "chmod of media/._media1.pov failed (Operation not permitted)" line. Does anyone know what the virus scanner is trying to do? -Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba