thr3ads.net - samba - [Samba] vfs object virusfilter not working [Oct 2022]

If this information is useful, please help other people find it:
Share via:

lists at zxt10d.de

2022-Oct-10 07:27 UTC

[Samba] vfs object virusfilter not working

Good morning list :)

I have a Debian-Bullseye system running as an ad-member server, using 
Louis' 4.15 version.

Now I wanted to add the virusscan feature, but it seems it doesn't work 
proper ...

As you can see in the log-entries, vfs-object [virusfilter] get loaded 
... and eicar.com-file could be stored.
[quote]
[2022/10/10 08:17:54.119900,  3] ../../lib/util/access.c:316(allow_access)
   Allowed connection from %IP-ADRESS% (%IP-ADRESS%)
[2022/10/10 08:17:54.120147,  3] 
../../source3/smbd/service.c:610(make_connection_snum)
   make_connection_snum: Connect path is '/srv/samba/public' for service
[public]
[2022/10/10 08:17:54.120245,  3] 
../../source3/smbd/vfs.c:115(vfs_init_default)
   Initialising default vfs hooks
[2022/10/10 08:17:54.120287,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [/[Default VFS]/]
[2022/10/10 08:17:54.120331,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [virusfilter]
[2022/10/10 08:17:54.120371,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [full_audit]
[2022/10/10 08:17:54.120410,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [recycle]
[2022/10/10 08:17:54.120447,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [acl_xattr]
[2022/10/10 08:17:54.120485,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [streams_xattr]
[2022/10/10 08:17:54.120522,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [fruit]
[2022/10/10 08:17:54.121289,  2] 
../../source3/modules/vfs_acl_xattr.c:203(connect_acl_xattr)
   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
true' and 'force unknown acl user = true' for service public
[2022/10/10 08:17:54.134794,  2] 
../../source3/smbd/service.c:854(make_connection_snum)
   desktop-76igot6 (ipv4:%IP-ADRESS%:50634) connect to service public 
initially as user nobody (uid=65534, gid=65534) (pid 2047)
[2022/10/10 08:17:54.136696,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com read=No write=No (numopen=2)
[2022/10/10 08:17:54.140097,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 08:17:54.142526,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com read=No write=No (numopen=4)
[2022/10/10 08:17:54.143173,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com:Zone.Identifier read=No write=No (numopen=3)
[2022/10/10 08:17:54.146299,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com:Zone.Identifier (numopen=1) NT_STATUS_OK
[2022/10/10 08:17:54.146543,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 08:17:54.148970,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com read=No write=No (numopen=4)
[2022/10/10 08:17:54.149584,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com:Zone.Identifier read=No write=No (numopen=3)
[2022/10/10 08:17:54.152873,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com:Zone.Identifier (numopen=1) NT_STATUS_OK
[2022/10/10 08:17:54.153112,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 08:17:54.154951,  2] ../../source3/smbd/open.c:1611(open_file)
   nobody opened file eicar.com read=No write=No (numopen=2)
[2022/10/10 08:17:54.158274,  2] 
../../source3/smbd/close.c:833(close_normal_file)
   nobody closed file eicar.com (numopen=0) NT_STATUS_OK
[2022/10/10 08:18:08.709528,  2] 
../../source3/smbd/close.c:833(close_normal_file)
[/quote]

smb.conf's [global] section:

[...]
         vfs objects = fruit streams_xattr acl_xattr recycle full_audit 
virusfilter
         fruit:nfs_aces = no
         fruit:delete_empty_adfiles = yes
         fruit:wipe_intentionally_left_blank_rfork = yes
         fruit:veto_appledouble = no
         fruit:posix_rename = yes
         fruit:model = MacSamba
         fruit:metadata = stream

         virusfilter:scanner = clamav
         virusfilter:socket path = /var/run/clamav/clamd.ctl
         virusfilter:scan on open = yes
         virusfilter:scan on close = no
         virusfilter:max file size = 100000000
         virusfilter:min file size = 10
         virusfilter:connect timeout = 300000
         virusfilter:io timeout = 600000
         virusfilter:infected file action = rename
         virusfilter:rename prefix = virusfilter.
         virusfilter:rename suffix = .infected
         virusfilter:infected file command = echo -e "Found virus during 
on-access scanning of Samba share." | mail -s"Samba: Virus Found"
%EMAIL-ADRESS%
         virusfilter:scan error command = echo -e "Scan error during 
on-access scanning of Samba share." | mail -s"Samba: Scan Error" 
%EMAIL-ADRESS%
[...]

srw-rw-rw- 1 clamav clamav 0 10. Okt 07:41 /var/run/clamav/clamd.ctl

Is something missing? Or interfering?

Thanks in advance!

Cheers,
Torsten

Andrew Bartlett

2022-Oct-10 08:12 UTC

head link

[Samba] vfs object virusfilter not working

On Mon, 2022-10-10 at 09:27 +0200, lists--- via samba
wrote:> Good morning list :)
> 
> I have a Debian-Bullseye system running as an ad-member server, using 
> Louis' 4.15 version.
> 
> Now I wanted to add the virusscan feature, but it seems it doesn't work
> proper ...
> Is something missing? Or interfering?
One thing I see totally missing are any tests, even against a stub
virus scanner (say one that only recognised the test files).

I realise this information isn't much use to you, but perhaps some day
if this is to remain an important feature, tests need to be contributed
to keep things working.

Andrew Bartlett> 
-- 
Andrew Bartlett (he/him)        https://samba.org/~abartlet/
Samba Team Member (since 2001)  https://samba.org
Samba Developer, Catalyst IT    https://catalyst.net.nz/services/samba

Rowland Penny

2022-Oct-10 09:01 UTC

head link

[Samba] vfs object virusfilter not working

On 10/10/2022 08:27, lists--- via samba wrote:> Good morning list :)
> 
> I have a Debian-Bullseye system running as an ad-member server, using 
> Louis' 4.15 version.
> 
> Now I wanted to add the virusscan feature, but it seems it doesn't work
> proper ...
> 
> As you can see in the log-entries, vfs-object [virusfilter] get loaded 
> ... and eicar.com-file could be stored.
>  ??????? virusfilter:rename suffix = .infected
>  ??????? virusfilter:infected file command = echo -e "Found virus
during
> on-access scanning of Samba share." | mail -s"Samba: Virus
Found"
> %EMAIL-ADRESS%
>  ??????? virusfilter:scan error command = echo -e "Scan error during 
> on-access scanning of Samba share." | mail -s"Samba: Scan
Error"
> %EMAIL-ADRESS%
> [...]
> 
> Is something missing? Or interfering?
> 
> Thanks in advance!
> 
> Cheers,
> Torsten
> 
I do not use the virus scanner, but could this be something as simple as 
you having to use the full path for 'echo' or do you have to run a 
script as in the example that samba provides ?

Rowland

samba - Oct 2022 - vfs object virusfilter not working

[Samba] vfs object virusfilter not working

[Samba] vfs object virusfilter not working

[Samba] vfs object virusfilter not working