Hello, I got the help that solved the problems from folks at samba list. Below is reproduced the text. Thanks you all for the support.
Mauricio. ----------------------------------------------> From: Alexander [mailto:fors...@googlemail.com] Sent: sexta-feira, 12 de março de 2010 05:56 To: sa...@lists.samba.org; Maurício Ramos Subject: Re: [Samba] Samba + Antivirus 2010/3/11 Maurício Ramos mauricio.ra...@wedotechnologies.com -- clamd.conf -- LocalSocket /home/clamav/clamd.socket -- vscan-clamav.conf -- clamd socket name = /home/clamav/clamd.sock Looks like you've got a discrepancy/typo in your clamav and samba-vscan config files that is causing that. cheers, Alexander <---------------------------------------------- ----------------------------------------------> Hello Alexander, List... Yes that´s the mistake! Now things are working just fine!! We are using the "Eicar Test Virus" in 2 files. Both are not allowed access and the others are ok. Mar 12 11:00:51 rhel5 smbd_vscan-clamav[29609]: samba-vscan (vscan-clamav 0.3.6c beta5) registered (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org Mar 12 11:00:51 rhel5 smbd_vscan-clamav[29609]: samba-vscan (vscan-clamav 0.3.6c beta5) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org Mar 12 11:00:51 rhel5 smbd_vscan-clamav[29609]: INFO: connect to service tmp by user mauramos Mar 12 11:01:30 rhel5 smbd_vscan-clamav[29609]: ALERT - Scan result: '/tmp/teste_clamav.txt' infected with virus 'Eicar-Test-Signature', client: '172.26.129.129' Mar 12 11:01:30 rhel5 smbd_vscan-clamav[29609]: ERROR: quarantining file '/tmp/teste_clamav.txt' to '/home/clamav/quarantine/vir-ao7wgD' failed, reason: Operação não permitida Mar 12 11:02:17 rhel5 smbd_vscan-clamav[29609]: ALERT - Scan result: '/tmp/teste_antivirus_samba_clamav.txt' infected with virus 'Eicar-Test-Signature', client: '172.26.129.129' Mar 12 11:02:17 rhel5 smbd_vscan-clamav[29609]: ERROR: quarantining file '/tmp/teste_antivirus_samba_clamav.txt' to '/home/clamav/quarantine/vir-kmBxUg' failed, reason: Operação não permitida [r...@rhel5 tmp]# more teste_clamav.txt x5o...@ap[4\pzx54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* [r...@rhel5 tmp]# more teste_antivirus_samba_clamav.txt x5o...@ap[4\pzx54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* File clamd.log records the detected vírus... [r...@rhel5 clamav]# tail -f clamd.log Fri Mar 12 10:57:40 2010 -> Algorithmic detection enabled. Fri Mar 12 10:57:40 2010 -> Portable Executable support enabled. Fri Mar 12 10:57:40 2010 -> ELF support enabled. Fri Mar 12 10:57:40 2010 -> Mail files support enabled. Fri Mar 12 10:57:40 2010 -> OLE2 support enabled. Fri Mar 12 10:57:40 2010 -> PDF support enabled. Fri Mar 12 10:57:40 2010 -> HTML support enabled. Fri Mar 12 10:57:40 2010 -> Self checking every 600 seconds. Fri Mar 12 11:01:30 2010 -> /tmp/teste_clamav.txt: Eicar-Test-Signature FOUND Fri Mar 12 11:02:17 2010 -> /tmp/teste_antivirus_samba_clamav.txt: Eicar-Test-Signature FOUND ... and they are moved to quarantine [r...@rhel5 clamav]# ls -la /home/clamav/quarantine/ total 8 drwxrwx--- 2 clamav clamav 4096 Mar 12 11:02 . drwxrwx--- 7 clamav clamav 4096 Mar 12 10:57 .. -rw------- 1 mauramos users 0 Mar 12 11:01 vir-ao7wgD -rw------- 1 mauramos users 0 Mar 12 11:02 vir-kmBxUg Thanks a lot for the help. Below I reproduce the steps to configure all the environment: 1) Install and configure samba 2) Install and configure clamav 3) Download, "./configure" and "make proto" the source of the running samba server 4) Download samba-vscan, "./configure --with-samba-source=<path to samba source "source" dir>" and "make clamav" 5) Copy "vscan-clamav.so" to "/usr/lib/samba/vfs" (this path can vary) 6) Copy "vscan-clamav.conf" from "<samba-vscan-source-dir>clamav" to "/etc/samba" 7) Configure smb.conf at each share to be protected with lines like vfs object = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf 8) Update clamav database using freshclam 9) Start everything 10) Create a text file with the following content inside a protected share (harmless eicar test virus) x5o...@ap[4\pzx54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* We are using, now, samba 3.0.33 and this version needs samba-vscan0.3.6c. the previous version of samba we were using (3.0.23c) needed samba-vscan0.3.6b. Again, thaks you all for the support! Mauricio. <---------------------------------------------- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
