Your Linux-based samba file server can automatically scan for Windows viruses with clamav and svs.
I’ll show you some tips on getting this running with Debian 6!
1. Install clamav
In Debian 6, install clamav-daemon which will also pull in the other required clamav packages.
sudo apt-get install clamav-daemon
The on-access samba anti-virus scanner svs is not available via apt-get. At this time svs must be compiled manually amongst the samba sources.
2. Fetch and build samba sources
First, grab these needed packages:
$ sudo apt-get install dpkg-dev autoconf qt4-qmake libtalloc-dev libldap2-dev libkrb5-dev uuid-dev libpam-dev libtdb-dev ctdb libqt4-dev
Next, you will need the samba sources. This will fetch the samba sources to your current working directory:
$ sudo apt-get source samba
Unpack the sources with:
$ tar xvf samba_3.5.6~dfsg.orig.tar.bz2
Now change directory to the source3 directory:
$ cd samba-3.5.6/source3/
Next, (thanks to svs mailing list!) copy this text into a file called samba-configure :
./configure --cache-file=./config.cache \ --with-fhs \ --enable-shared \ --enable-static \ --prefix=/usr \ --sysconfdir=/etc \ --libdir=/usr/lib/samba \ --with-privatedir=/etc/samba \ --with-piddir=/var/run/samba \ --localstatedir=/var \ --with-rootsbindir=/sbin \ --with-pammodulesdir=/lib/security \ --with-pam \ --with-syslog \ --with-utmp \ --with-readline \ --with-pam_smbpass \ --with-libsmbclient \ --with-winbind \ --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2 \ --with-automount \ --with-ldap \ --with-ads \ --with-dnsupdate \ --without-libtdb \ --without-libnetapi \ --with-modulesdir=/usr/lib/samba \ --datarootdir=/usr/share \ --datadir=/usr/share/samba \ --with-swatdir=/usr/share/samba/swat \ --with-lockdir=/var/run/samba \ --with-statedir=/var/lib/samba \ --with-cachedir=/var/cache/samba \ --with-prepagedir=/usr/share/samba \ --enable-external-libtalloc \ --without-libtalloc \ --disable-avahi --with-ctdb --with-cluster-support=yes \ --with-acl-support \ --with-quotas \ --without-cifsmount \ --without-cifsupcall
Now run the following to build the samba sources. (Make is not needed for svs on samba 3.5.x / Debian 6.)
$ ./autogen.sh && sh samba-configure
3. Download and build SVS
Now grab the latest svs 0.1.3 stable release for the svs website:
http://svs.sourceforge.net
Assume that you download this to your home directory, ~/svs-0.1.3.tar.bz2 .
Change to the samba sources directory, then extract svs there as follows:
$ cd samba-3.5.6/
$ bzcat ~/svs-0.1.3.tar.bz2 | tar xvf -
And now change to the svs directory and build svs:
$ cd svs
$ qmake && make
4. Install svs:
32bit systems:
$ sudo cp --no-dereference libsvs*.so* /usr/lib/samba/vfs/
64bit systems:
$ sudo cp --no-dereference libsvs*.so* /usr/lib64/samba/vfs/
Also copy over the svs config file:
$ sudo cp svs.ini.example /etc/samba/svs.ini
Edit that config file if needed, though defaults are good-to-go.
$ sudo nano /etc/samba/svs.ini
5. Configure samba
For Samba, add this line to your share definition to enable on-access scanning with clamav:
vfs object = libsvs_clamav
Here is an example from the svs README:
comment = virus-protected test share path = /samba-share vfs object = libsvs_clamav valid users = @users write list = ballou, teddy, sammy, @admins read only = No browseable = Yes
And finally, restart samba:
$ sudo /etc/init.d/samba restart
Done!
outstanding guide, many thanks