List, we are working on implementing an antivirus solution (samba-vscan + clamav)on our samba shares. We performed the steps mentioned on some guides we found in Portuguese and things seems to be installed ok. But when we make a test and try to access a share, every file on it is not accessible (though we can mount the share) and after looking at /var/log/messages we see the following:
... Mar 11 10:56:51 rhel5 smbd_vscan-clamav[5238]: samba-vscan (vscan-clamav 0.3.6b) registered (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org Mar 11 10:56:51 rhel5 smbd_vscan-clamav[5238]: samba-vscan (vscan-clamav 0.3.6b) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org Mar 11 10:56:51 rhel5 smbd_vscan-clamav[5238]: INFO: connect to service tmp by user mauramos Mar 11 10:57:10 rhel5 smbd_vscan-clamav[5238]: ERROR: can not connect to clamd (socket: '/home/clamav/clamd.sock')! Mar 11 10:57:10 rhel5 smbd_vscan-clamav[5238]: ERROR: can not communicate to daemon - access denied Mar 11 10:57:10 rhel5 smbd_vscan-clamav[5238]: ERROR: can not connect to clamd (socket: '/home/clamav/clamd.sock')! Mar 11 10:57:10 rhel5 smbd_vscan-clamav[5238]: ERROR: can not communicate to daemon - access denied ... User mauramos takes part on "clamav" group. We put conf, log, pid, database and socket files under /home/clamav which is owned by user clamav and group clamav both with same permissions (rwx). The number 5238 indicates the os pid and it is the connection I performed to the share ... [r...@rhel5 clamav]# ps -ef | grep 5238 mauramos 5238 5228 0 10:56 ? 00:00:00 smbd -D root 5242 4873 0 10:57 pts/8 00:00:00 grep 5238 One note about clamd.conf. Parameter "User" is set to clamav to make the deamon runs and generates logs/pid files as user/group clamav and allow common users, like mauramos, that are part of the clamav group, to access all these files, including clamd.sock that is the one that is raising the error at /var/log/messages. It is said in the comments of clamd.conf that in order for this option to work, clamd must be started as root, but it does not matter if we start it with root or clamav, the result is the same. We are using a RedHat Enterprise Linux 5 server, samba 3.0.23, clamv 0.95 and samba-vscan 0.36b. Does anybody knows what could be? Can you give us a clue/help? Thanks you all! Our config files are as follows: ------------------- -- clamd.conf -- ------------------- LogFile /home/clamav/clamd.log LogTime yes PidFile /home/clamav/clamd.pid TemporaryDirectory /home/clamav/tmp DatabaseDirectory /home/clamav/database LocalSocket /home/clamav/clamd.socket TCPSocket 3310 MaxConnectionQueueLength 100 ReadTimeout 3000 CommandReadTimeout 30 User clamav ---------------------------- -- vscan-clamav.conf -- ---------------------------- [samba-vscan] max file size = 0 verbose file logging = no scan on open = yes scan on close = yes deny access on error = yes deny access on minor error = yes send warning message = yes infected file action = quarantine quarantine directory = /home/clamav/quarantine quarantine prefix = vir- max lru files entries = 100 lru file entry lifetime = 5 exclude file types = clamd socket name = /home/clamav/clamd.sock libclamav max files in archive = 1000 libclamav max archived file size = 10485760 libclamav max recursion level = 5 ---------------------------------------- -- share definition at smb.conf -- ---------------------------------------- [tmp] comment = tmp path = /tmp valid users = mauramos assouza public = yes writable = yes create mask = 0750 vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf ------------------------ -- freshclam.conf -- ------------------------ DatabaseDirectory /home/clamav/database UpdateLogFile /home/clamav/databaseUpdate.log LogFileMaxSize 20M LogTime yes PidFile /home/clamav/freshclam.pid DatabaseMirror database.clamav.net _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
