5. Keeping viruses away with Samba-vscan

So we have a fully functional file server and primary domain controller now. However, you may want to add some nice additional features to it, such as antivirus support to detect and quarantine viruses in real time.

Samba-vscan is a proof-of-concept module for Samba, which uses the VFS (virtual file system) features of Samba 2.2.x/3.0 to provide an on-access Samba anti-virus. Samba-vscan currently supports several antivirus softwares, including ClamAV, which we will use as the backend antivirus engine.

We already discussed ClamAV installation and configuration in a previous document, so we won't dwell upon it now and I assume you already have a clamd daemon up and running on the file server itself or on another machine.

Compiling Samba-vscan requires the prior installation of the following packages:

As a preliminary step, we will also need to "make proto" the Samba port; therefore, go to the /usr/ports/obj/samba/w-samba-x.x.x-cups-ldap/samba-x.x.x/source/ directory and edit the autogen.sh file, by replacing the first lines after the initial comments with:

/usr/ports/obj/samba/w-samba-x.x.x-cups-ldap/samba-x.x.x/source/autogen.sh
TESTAUTOHEADER="autoheader-2.61"
TESTAUTOCONF="autoconf-2.61"

Then, still from within that directory, run:

# ./autogen.sh
[ ... ]
# ./configure
[ ... ]
# make proto
[ ... ]

Now we are ready to download, extract and compile Samba-vscan:

# tar -zxvf samba-vscan-x.x.x.tar.gz
[ ... ]
# cd samba-vscan-x.x.x/
# env LDFLAGS=-L/usr/local/lib/ CPPFLAGS=-I/usr/local/include/ ./configure \
>   --with-samba-source=/usr/ports/obj/samba/w-samba-x.x.x-cups-ldap/samba-x.x.x/source/
[ ... ]
# gmake clamav
[ ... ]
# cp vscan-clamav.so /usr/local/lib/samba/vfs/
# cp clamav/vscan-clamav.conf /etc/samba/

The configuration file for Samba-vscan (with ClamAV support) is named /etc/samba/vscan-clamav.conf:

/etc/samba/vscan-clamav.conf
[samba-vscan]
max file size = 10485760
verbose file logging = no

scan on open = yes
scan on close = yes

deny access on error = no
deny access on minor error = no

send warning message = yes
infected file action = nothing
quarantine directory  = /var/clamav/quarantine/
quarantine prefix = vir-

max lru files entries = 100
lru file entry lifetime = 5
exclude file types =
scan archives = yes

clamd socket name = /var/clamav/clamd.sock
libclamav max files in archive = 1000
libclamav max archived file size = 10485760
libclamav max recursion level = 5

The last step is updating Samba configuration to include antivirus support by adding the following lines in each section corresponding to a share you want to protect against viruses, or in the [global] section if you want to protect all of your shares.

/etc/samba/smb.conf
    vfs object = vscan-clamav
    vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

and reload Samba configuration:

# pkill -HUP smbd