- bookworm 2:4.17.12+dfsg-0+deb12u1
VFS_VIRUSFILTER(8) | System Administration tools | VFS_VIRUSFILTER(8) |
NAME¶
vfs_virusfilter - On access virus scanner
SYNOPSIS¶
vfs objects = virusfilter
DESCRIPTION¶
This is a set of various Samba VFS modules to scan and filter virus files on Samba file services with an anti-virus scanner.
This module is stackable.
OPTIONS¶
virusfilter:scanner
virusfilter:socket path = PATH
If this option is not set, the default path depends on the configured AV scanning engine.
For the sophos backend the default is /var/run/savdi/sssp.sock.
For the fsav backend the default is /tmp/.fsav-0.
For the clamav backend the default is /var/run/clamav/clamd.ctl.
virusfilter:connect timeout = 30000
If this option is not set, the default is 30000.
virusfilter:io timeout = 60000
If this option is not set, the default is 60000.
virusfilter:scan on open = yes
If this option is not set, the default is yes.
virusfilter:scan on close = no
If this option is not set, the default is no.
virusfilter:max file size = 100000000
If this option is not set, the default is 100MB.
virusfilter:min file size = 10
If this option is not set, the default is 10.
virusfilter:infected file action = nothing
If this option is not set, the default is nothing.
virusfilter:infected file errno on open = EACCES
If this option is not set, the default is EACCES.
virusfilter:infected file errno on close = 0
If this option is not set, the default is 0.
virusfilter:quarantine directory = PATH
If this option is not set, the default is ".quarantine" relative to the share path.
virusfilter:quarantine prefix = virusfilter.
If this option is not set, the default is "virusfilter.".
virusfilter:quarantine suffix = .infected
If this option is not set, the default is ".infected".
virusfilter:rename prefix = virusfilter.
If this option is not set, the default is "virusfilter.".
virusfilter:rename suffix = .infected
If this option is not set, the default is ".infected".
virusfilter:quarantine keep tree = yes
If this option is not set, the default is yes.
virusfilter:quarantine keep name = yes
If this option is not set, the default is yes.
virusfilter:infected file command = @SAMBA_DATADIR@/bin/virusfilter-notify --mail-to virusmaster@example.com --cc "%U@example.com" --from samba@example.com --subject-prefix "Samba: Infected File: "
If this option is not set, the default is none.
virusfilter:scan archive = true
Sophos and F-Secure support this and it defaults to false.
virusfilter:max nested scan archive = 1
The Sophos and F-Secure support this and it defaults to 1.
virusfilter:scan mime = true
Only the fsavscanner supports this option and defaults to false.
virusfilter:scan error command = @SAMBA_DATADIR@/bin/virusfilter-notify --mail-to virusmaster@example.com --from samba@example.com --subject-prefix "Samba: Scan Error: "
If this option is not set, the default is none.
virusfilter:exclude files = empty
If this option is not set, the default is empty.
virusfilter:infected files = empty
If this option is not set, the default is empty.
virusfilter:block access on error = false
If this option is not set, the default is false.
virusfilter:scan error errno on open = EACCES
If this option is not set, the default is EACCES.
virusfilter:scan error errno on close = 0
If this option is not set, the default is 0.
virusfilter:cache entry limit = 100
If this option is not set, the default is 100.
virusfilter:cache time limit = 10
If this option is not set, the default is 10.
virusfilter:quarantine directory mode = 0755
If this option is not set, the default is 0755 or S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH.
Permissions must be such that all users can read and search. I.E. don't mess with this unless you really know what you are doing.
virusfilter:block suspected file = false
If this option is not set, the default is false.
NOTES¶
This module can scan other than default streams, if the alternative datastreams are each backed as separate files, such as with the vfs module streams_depot.
For proper operation the streams support module must be before the virusfilter module in your vfs objects list (i.e. streams_depot must be called before virusfilter module).
This module is intended for security in depth by providing virus scanning capability on the server. It is not intended to be used in lieu of proper client based security. Other modules for security may exist and may be desirable for security in depth on the server.
AUTHOR¶
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
06/20/2024 | Samba 4.8 |