samba - Jun 2024 - Apparent conflict between shadow_copy and virusfilter modules??

Hello

I'm having a problem using the virusfilter and shadow_copy2 modules which,
unless I'm mistaken, seems like a conflict between these modules. If I use
the virusfilter, acl_xattr, recycle, shadow_copy2 and full_audit modules
together, everything works perfectly, if I use the NOTHING, RENAME or
DELETE actions of the virusfilter module. If I choose to use the QUARANTINE
action for the virusfilter module, I lose access to my shares and the
following messages appear in the logs:

[2024/06/12 07:49:27.549438,  0]
source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat)
  shadow_copy2_stat() failed to get vfs_handle->data!
[2024/06/12 07:49:27.549795,  0]
source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat)
  shadow_copy2_stat() failed to get vfs_handle->data!
[2024/06/12 07:49:27.550885,  0]
source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat)
  shadow_copy2_stat() failed to get vfs_handle->data!
[2024/06/12 07:49:27.551026,  0]
source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat)
  shadow_copy2_stat() failed to get vfs_handle->data!
[2024/06/12 07:49:27.552212,  0]
source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat)
  shadow_copy2_stat() failed to get vfs_handle->data!
[2024/06/12 07:49:27.552344,  0]
source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat)
  shadow_copy2_stat() failed to get vfs_handle->data!
[2024/06/12 07:49:27.553955,  0]
source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat)
  shadow_copy2_stat() failed to get vfs_handle->data!
[2024/06/12 07:49:27.554074,  0]
source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat)
  shadow_copy2_stat() failed to get vfs_handle->data!

If I keep the virusfilter module using the QUARANTINE action, keep the
acl_xattr, recycle and full_audit modules and remove the shadow_copy2
module, everything works perfectly again.

If I keep the shadow_copy2, acl_xattr, recycle and full_audit modules and
remove the virusfilter module (QUARANTINE action), everything works
perfectly again.

If I keep all the virusfilter, acl_xattr, recycle, shadow_copy2 and
full_audit modules and change the virusfilter module action to NOTHING,
RENAME or DELETE everything works perfectly again.

As I was unable to solve the problem, nor did I find references on the
internet or in books, I read the source code of the virusfilter and
shadow_copy modules, but, as the log messages were very inconclusive for
me, even using logs at level 10, I just I managed to understand that the
log message comes from line 1180 of shadow_copy2.

I'm using Debian 12.5 with Samba 4.20.1 (backports), but I've already
tested the same settings in other versions of Samba and the problem repeats
itself.

Below are the settings I'm using for Samba.

[global]
security = ADS
server role = member server
netbios name = fileserver
netbios aliases = fileserver
workgroup = EXAMPLE
realm = EXAMPLE.ADLAN

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab

log file = /var/log/samba/%h.log
max log size = 2048
log level = 2

idmap config *:backend = tdb
idmap config *:range = 3000-7999

idmap config EXAMPLE:backend = rid
idmap config EXAMPLE:range = 1000000-1999999
idmap config EXAMPLE:base_rid = 0
idmap config EXAMPLE:unix_primary_group = yes
idmap config EXAMPLE:unix_nss_info = no

winbind refresh tickets = yes

winbind use default domain = yes

template shell = /bin/bash
template homedir = /home/%D/%U

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

vfs objects = virusfilter acl_xattr recycle shadow_copy2 full_audit

map acl inherit = yes

sync always = yes
strict sync = yes

access based share enum = yes
hide unreadable = yes
hide dot files = yes
hide special files = yes
hide files = /*.ntx/*.tmp/*.log/

veto files
/*.exe/*.run/*.bin/*.msi/*.php/*.asp/*.aspx/*.js/*.java/*.c/*.cpp/*.sh/*.bat/*.dll/*.{*}/
delete veto files = no

recycle:keeptree = yes
recycle:versions = yes
recycle:repository = /srv/data/shares/lixeira/%U
recycle:directory_mode = 0770
recycle:exclude = *.dll, *.tmp, *.log, *.bak, *.obj, *.old, ~*.*, *.~*
recycle:exclude_dir = cache, temp, tmp, TEMP, TMP

## virusfilter module settings - Action NOTHING - WORKS PERFECTLY
#
#virusfilter:scanner = clamav
#virusfilter:socket path = /run/clamav/clamd.ctl
##virusfilter:socket path = /run/clamd.scan/clamd.sock
#virusfilter:scan on open = yes
#virusfilter:scan on close = yes
#virusfilter:max file size = 100000000
#virusfilter:min file size = 1
#virusfilter:infected file action = nothing
#virusfilter:infected file command = /usr/sbin/createWarningFile.sh %U
NOTHING
#virusfilter:scan error command = /usr/bin/python3 /usr/sbin/alert.pyc
ERROR %h

## virusfilter module settings - Action QUARANTINE - CONFLICT WITH
SHADOW_COPY2 MODULE
#
virusfilter:scanner = clamav
virusfilter:socket path = /run/clamav/clamd.ctl
#virusfilter:socket path = /run/clamd.scan/clamd.sock
virusfilter:scan on open = yes
virusfilter:scan on close = yes
virusfilter:max file size = 100000000
virusfilter:min file size = 1
virusfilter:infected file action = quarantine
virusfilter:quarantine directory = /srv/data/shares/quarantine/
virusfilter:quarantine prefix virusfilter:quarantine suffix
virusfilter:quarantine keep tree = no
virusfilter:quarantine keep name = yes
virusfilter:infected file errno on open = EACCES
virusfilter:infected file errno on close = EACCES
virusfilter:infected file command = /usr/sbin/createWarningFile.sh %U
QUARANTINE
virusfilter:scan error command = /usr/bin/python3 /usr/sbin/alert.pyc ERROR
%h

## virusfilter module settings - Action RENAME - WORKS PERFECTLY
#
#virusfilter:scanner = clamav
#virusfilter:socket path = /run/clamav/clamd.ctl
#virusfilter:scan on open = yes
#virusfilter:scan on close = yes
#virusfilter:max file size = 100000000
#virusfilter:min file size = 1
#virusfilter:infected file action = rename
#virusfilter:infected file command = /usr/sbin/createWarningFile.sh %U
RENAME
#virusfilter:scan error command = /usr/bin/python3 /usr/sbin/alert.pyc
ERROR %h

## virusfilter module settings - Action DELETE - WORKS PERFECTLY
#
#virusfilter:scanner = clamav
#virusfilter:socket path = /run/clamav/clamd.ctl
#virusfilter:scan on open = yes
#virusfilter:scan on close = yes
#virusfilter:max file size = 100000000
#virusfilter:min file size = 1
#virusfilter:infected file action = delete
#virusfilter:infected file errno on open = EACCES
#virusfilter:infected file errno on close = EACCES
#virusfilter:infected file command = /usr/sbin/createWarningFile.sh %U
DELETE
#virusfilter:scan error command = /usr/bin/python3 /usr/sbin/alert.pyc
ERROR %h

shadow:basedir = /srv/data/shares
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:format = UTC-3-%Y.%m.%d-%H.%M.%S
shadow:localtime = yes

full_audit:prefix = %U|%I|%S
full_audit:success = fchmod fchown lchown mkdirat open read renameat write
full_audit:failure = all !open
full_audit:facility = LOCAL7
full_audit:priority = ALERT

[public_share]
   path = /srv/data/shares/public_share
   read only = no
   acl_xattr:ignore system acl = yes

[trash]
   path = /srv/data/shares/trash/%U
   read only = no
   browseable = no
   root preexec = /usr/sbin/create_user_dir.sh /srv/data/shares/trash %U
   vfs objects = virusfilter acl_xattr full_audit

[quarantine]
   path = /srv/data/shares/quarantine
   read only = no
   vfs objects = acl_xattr full_audit

I appreciate the help. Thanks.