[global]
workgroup = HOGE
server string = HOGE-ADMIN
security = SHARE
map to guest = Bad User
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
printcap name = cups
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
wins support = Yes
ldap ssl = no
usershare allow guests = Yes
cups options = raw
include = /etc/samba/dhcp.conf
# Virus Scanning Definition
####################################################
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[share]
comment = Shared Folder
path = /srv/ftp
read only = No
create mask = 0666
guest ok = Yes
browseable = Yes
Copy the original configuration file for vscan-clamav, but use it only for reference.
# cp /usr/share/doc/packages/samba-vscan/vscan-clamav.conf /etc/samba # cd /etc/samba # mv vscan-clamav.conf vscan-clamav.conf.bak
Create /etc/samba/vscan-clamav.conf from a scratch.
[samba-vscan] max file size = 0 verbose file logging = yes scan on open = yes scan on close = yes deny access on error = yes deny access on minor error = yes send warning message = yes infected file action = quarantine quarantine directory = /var/lib/clamav/quarantine quarantine prefix = vir- max lru files entries = 100 lru file entry lifetime = 5 exclude file types = clamd socket name = /var/run/clamd/clamd libclamav max files in archive = 1000 libclamav max archived file size = 10 * 1048576 libclamav max recursion level = 5
Backup the oricinal clamd.conf
# cd /etc/ # mv clamd.conf clamd.conf.bak
Create /etc/clamd.conf from a scratch.
LogFile /var/log/clamd LogFileUnlock LogSyslog LogFacility LOG_MAIL LogVerbose PidFile /var/lib/clamav/clamd.pid DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamd/clamd FixStaleSocket User vscan Foreground Debug ScanRAR
Create a clamd socket directory, and quarantine directory.
# mkdir /var/run/clamd # chown vscan:vscan /var/run/clamd # mkdir /var/lib/clamav/quarantine # chown vscan /var/lib/clamav/quarantine
Start daemons, and make them start on boot.
# /etc/init.d/smb restart # /etc/init.d/nmb restart # /etc/init.d/clamd restart # /etc/init.d/freshclam restart # chkconfig smb on # chkconfig nmb on # chkconfig clamd on # chkconfig freshclam on
Scan your file system periodically. Create /etc/cron.weekly/clam.crom
/usr/bin/nice /usr/bin/clamscan -r -i --exclude=/sys/ /
If your ClamAV is outdated, you will see this message. So update it.
LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ********************************************************
To update the latest ClamAV RPM for SuSE, download from ftp://ftp.suse.com/pub/projects/clamav/
Virus Test
We test virus file using a testing virus file which is only for a test, and safe. From a Windows machine, disable its anti-virus software.
Download testing virus files from http://www.eicar.org/anti_virus_test_file.htm. These are safe. Copy them into the samba shared folder.
When you try to access these files, these files are locked and can not access. You would see this message box.
Open a log file on the Linux machine at /var/log/clamav/conf. You would see as below.
... /srv/ftp/tmp/eicar.com: Eicar-Test-Signature FOUND
Back