ClamAV On-Access Scanning For Samba Shares

By | 2011/09/06

Your Linux-based samba file server can automatically scan for Windows viruses with clamav and svs.

I’ll show you some tips on getting this running with Debian 6!


1. Install clamav

In Debian 6, install clamav-daemon which will also pull in the other required clamav packages.

sudo apt-get install clamav-daemon



The on-access samba anti-virus scanner svs is not available via apt-get. At this time svs must be compiled manually amongst the samba sources.

2. Fetch and build samba sources

First, grab these needed packages:

$ sudo apt-get install dpkg-dev autoconf qt4-qmake libtalloc-dev libldap2-dev libkrb5-dev uuid-dev libpam-dev libtdb-dev ctdb libqt4-dev

Next, you will need the samba sources. This will fetch the samba sources to your current working directory:

$ sudo apt-get source samba

Unpack the sources with:

$ tar xvf samba_3.5.6~dfsg.orig.tar.bz2


Now change directory to the source3 directory:

$ cd samba-3.5.6/source3/

Next, (thanks to svs mailing list!) copy this text into a file called samba-configure :

./configure
		--cache-file=./config.cache \
		--with-fhs \
		--enable-shared \
		--enable-static \
		--prefix=/usr \
		--sysconfdir=/etc \
		--libdir=/usr/lib/samba \
		--with-privatedir=/etc/samba \
		--with-piddir=/var/run/samba \
		--localstatedir=/var \
		--with-rootsbindir=/sbin \
		--with-pammodulesdir=/lib/security \
		--with-pam \
		--with-syslog \
		--with-utmp \
		--with-readline \
		--with-pam_smbpass \
		--with-libsmbclient \
		--with-winbind \
		--with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2 \
		--with-automount \
		--with-ldap \
		--with-ads \
		--with-dnsupdate \
		--without-libtdb \
		--without-libnetapi \
		--with-modulesdir=/usr/lib/samba \
		--datarootdir=/usr/share \
		--datadir=/usr/share/samba \
		--with-swatdir=/usr/share/samba/swat \
		--with-lockdir=/var/run/samba \
		--with-statedir=/var/lib/samba \
		--with-cachedir=/var/cache/samba \
		--with-prepagedir=/usr/share/samba \
		--enable-external-libtalloc \
		--without-libtalloc \
		--disable-avahi
		--with-ctdb 
		--with-cluster-support=yes \
		--with-acl-support \
		--with-quotas \
		--without-cifsmount \
		--without-cifsupcall  

Now run the following to build the samba sources. (Make is not needed for svs on samba 3.5.x / Debian 6.)

$ ./autogen.sh && sh samba-configure


3. Download and build SVS

Now grab the latest svs 0.1.3 stable release for the svs website:

http://svs.sourceforge.net

Assume that you download this to your home directory, ~/svs-0.1.3.tar.bz2 .

Change to the samba sources directory, then extract svs there as follows:

$ cd samba-3.5.6/

$ bzcat ~/svs-0.1.3.tar.bz2 | tar xvf -

And now change to the svs directory and build svs:

$ cd svs

$ qmake && make

4. Install svs:

32bit systems:

$ sudo cp --no-dereference libsvs*.so* /usr/lib/samba/vfs/

64bit systems:

$ sudo cp --no-dereference libsvs*.so* /usr/lib64/samba/vfs/

Also copy over the svs config file:

$ sudo cp svs.ini.example /etc/samba/svs.ini

Edit that config file if needed, though defaults are good-to-go.

$ sudo nano /etc/samba/svs.ini

5. Configure samba

For Samba, add this line to your share definition to enable on-access scanning with clamav:

vfs object = libsvs_clamav

Here is an example from the svs README:


        comment = virus-protected test share
        path = /samba-share
        vfs object = libsvs_clamav
        valid users = @users
        write list = ballou, teddy, sammy, @admins
        read only = No
        browseable = Yes

And finally, restart samba:

$ sudo /etc/init.d/samba restart

Done!

Be sure to read the svs FAQs for important info.

2 thoughts on “ClamAV On-Access Scanning For Samba Shares

  1. Nithin

    Hi,
    If I set infectAction to delete, it’s not getting deleted. There is no error logged, but the scan is happening.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.