Vscan Samba Installation

Step 1

rpm -qa | grep samba

To ckeck current samba 1st.

Step 2

rpm -ivh clamav-0.97-1.el5.rf.i386.rpm
rpm -ivh clamav-db-0.97-1.el5.rf.i386.rpm
rpm -ivh clamd-0.97-1.el5.rf.i386.rpm
rpm -ivh clamav-devel-0.97-1.el5.rf.i386.rpm

vi /etc/clamd.conf
User root

crontab -e
0 0 * * * /usr/bin/freshclam &> /dev/null

/etc/init.d/clamd start
chkconfig clamd on

Install latest Clamav

Step 3

wget http://us1.samba.org/samba/ftp/stable/samba-3.0.33.tar.gz
wget http://www.openantivirus.org/download/samba-vscan-0.3.6c-beta5.tar.gz
tar zxvf samba-3.0.33.tar.gz
tar zxvf samba-vscan-0.3.6c-beta5.tar.gz
mv samba-vscan-0.3.6c-beta5 samba-3.0.33/examples/VFS

cd samba-3.0.33/source
make headers

cd ../examples/VFS/samba-vscan-0.3.6c-beta5

cp vscan-clamav.so /usr/lib/samba/vfs
cp vscan-clamav.so /usr/lib64/samba/vfs

cp clamav/vscan-clamav.conf /etc/samba

vi /etc/samba/vscan-clamav.conf
infected file action = delete
clamd socket name = /var/run/clamav/clamd.sock
## P.S "clamd socket name" must as same as /etc/clamd.conf

vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

/etc/init.d/smb restart

To download and compile samba-vscan

Step 3

Test it using "eicar.com" to ckeck it is work or not.
You can see it in /var/log/messages, like as :

Mar 30 17:27:02 newfile clamd[19079]: /home/Public/eicar.com: Eicar-Test-Signatu re FOUND


If you get this bug :

Mar 30 17:04:30 newfile smbd_vscan-clamav[19100]: ERROR: file .//eicar.com not f ound, not readable or an error occured
Mar 30 17:04:30 newfile clamd[19079]: lstat() failed on: .//eicar.com

It is related to full path bug , You need modify in vscan_open and vscan_close of "/root/samba-3.0.33/examples/VFS/samba-vscan-0.3.6c-beta5/clamav/vscan-clamav.c"
static int vscan_open(struct connection_struct *conn, PROTOTYPE_CONST
char *fname, int flags, mode_t mode)
        SMB_STRUCT_STAT stat_buf;
        pstring filepath;

        /* Assemble complete file path */
        #if (SMB_VFS_INTERFACE_VERSION >= 21)
-                pstrcpy(filepath, handle->conn->connectpath);
+               pstrcpy(filepath, handle->conn->origpath);
                pstrcpy(filepath, conn->connectpath);
Then recompile and copy "vscan-clamav.so" file again :

cp -p /root/samba-3.0.33/examples/VFS/samba-vscan-0.3.6c-beta5/vscan-clamav.so /usr/lib64/samba/vfs
/etc/init.d/smb restart

Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.