'\" t .\" Title: vfs_virusfilter .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 04/07/2024 .\" Manual: System Administration tools .\" Source: Samba 4.8 .\" Language: English .\" .TH "VFS_VIRUSFILTER" "8" "04/07/2024" "Samba 4\&.8" "System Administration tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" vfs_virusfilter \- On access virus scanner .SH "SYNOPSIS" .HP \w'\ 'u vfs objects = virusfilter .SH "DESCRIPTION" .PP This is a set of various Samba VFS modules to scan and filter virus files on Samba file services with an anti\-virus scanner\&. .PP This module is stackable\&. .SH "OPTIONS" .PP virusfilter:scanner .RS 4 The antivirus scan\-engine\&. .RS .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIsophos\fR, the Sophos AV scanner .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIfsav\fR, the F\-Secure AV scanner .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIclamav\fR, the ClamAV scanner .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fIdummy\fR, dummy scanner used in tests\&. Checks against the \fIinfected files\fR parameter and flags any name that matches as infected\&. .RE .sp .RE .RE .PP virusfilter:socket path = PATH .RS 4 Path of local socket for the virus scanner\&. .sp If this option is not set, the default path depends on the configured AV scanning engine\&. .sp For the \fIsophos\fR backend the default is \fI/var/run/savdi/sssp\&.sock\fR\&. .sp For the \fIfsav\fR backend the default is \fI/tmp/\&.fsav\-0\fR\&. .sp For the \fIclamav\fR backend the default is \fI/var/run/clamav/clamd\&.ctl\fR\&. .RE .PP virusfilter:connect timeout = 30000 .RS 4 Controls how long to wait on connecting to the virus scanning process before timing out\&. Value is in milliseconds\&. .sp If this option is not set, the default is 30000\&. .RE .PP virusfilter:io timeout = 60000 .RS 4 Controls how long to wait on communications with the virus scanning process before timing out\&. Value is in milliseconds\&. .sp If this option is not set, the default is 60000\&. .RE .PP virusfilter:scan on open = yes .RS 4 This option controls whether files are scanned on open\&. .sp If this option is not set, the default is yes\&. .RE .PP virusfilter:scan on close = no .RS 4 This option controls whether files are scanned on close\&. .sp If this option is not set, the default is no\&. .RE .PP virusfilter:max file size = 100000000 .RS 4 This is the largest sized file, in bytes, which will be scanned\&. .sp If this option is not set, the default is 100MB\&. .RE .PP virusfilter:min file size = 10 .RS 4 This is the smallest sized file, in bytes, which will be scanned\&. .sp If this option is not set, the default is 10\&. .RE .PP virusfilter:infected file action = nothing .RS 4 What to do with an infected file\&. The options are nothing, quarantine, rename, delete\&. .sp If this option is not set, the default is nothing\&. .RE .PP virusfilter:infected file errno on open = EACCES .RS 4 What errno to return on open if the file is infected\&. .sp If this option is not set, the default is EACCES\&. .RE .PP virusfilter:infected file errno on close = 0 .RS 4 What errno to return on close if the file is infected\&. .sp If this option is not set, the default is 0\&. .RE .PP virusfilter:quarantine directory = PATH .RS 4 Where to move infected files\&. This path must be an absolute path\&. .sp If this option is not set, the default is "\&.quarantine" relative to the share path\&. .RE .PP virusfilter:quarantine prefix = virusfilter\&. .RS 4 Prefix for quarantined files\&. .sp If this option is not set, the default is "virusfilter\&."\&. .RE .PP virusfilter:quarantine suffix = \&.infected .RS 4 Suffix for quarantined files\&. This option is only used if keep name is true\&. Otherwise it is ignored\&. .sp If this option is not set, the default is "\&.infected"\&. .RE .PP virusfilter:rename prefix = virusfilter\&. .RS 4 Prefix for infected files\&. .sp If this option is not set, the default is "virusfilter\&."\&. .RE .PP virusfilter:rename suffix = \&.infected .RS 4 Suffix for infected files\&. .sp If this option is not set, the default is "\&.infected"\&. .RE .PP virusfilter:quarantine keep tree = yes .RS 4 If keep tree is set, the directory structure relative to the share is maintained in the quarantine directory\&. .sp If this option is not set, the default is yes\&. .RE .PP virusfilter:quarantine keep name = yes .RS 4 Should the file name be left unmodified other than adding a suffix and/or prefix and a random suffix name as defined in virusfilter:rename prefix and virusfilter:rename suffix\&. .sp If this option is not set, the default is yes\&. .RE .PP virusfilter:infected file command = @SAMBA_DATADIR@/bin/virusfilter\-notify \-\-mail\-to virusmaster@example\&.com \-\-cc "%U@example\&.com" \-\-from samba@example\&.com \-\-subject\-prefix "Samba: Infected File: " .RS 4 External command to run on an infected file is found\&. .sp If this option is not set, the default is none\&. .RE .PP virusfilter:scan archive = true .RS 4 This defines whether or not to scan archives\&. .sp Sophos and F\-Secure support this and it defaults to false\&. .RE .PP virusfilter:max nested scan archive = 1 .RS 4 This defines the maximum depth to search nested archives\&. .sp The Sophos and F\-Secure support this and it defaults to 1\&. .RE .PP virusfilter:scan mime = true .RS 4 This defines whether or not to scan mime files\&. .sp Only the \fIfsav\fRscanner supports this option and defaults to false\&. .RE .PP virusfilter:scan error command = @SAMBA_DATADIR@/bin/virusfilter\-notify \-\-mail\-to virusmaster@example\&.com \-\-from samba@example\&.com \-\-subject\-prefix "Samba: Scan Error: " .RS 4 External command to run on scan error\&. .sp If this option is not set, the default is none\&. .RE .PP virusfilter:exclude files = empty .RS 4 Files to exclude from scanning\&. .sp If this option is not set, the default is empty\&. .RE .PP virusfilter:infected files = empty .RS 4 Files that virusfilter \fIdummy\fR flags as infected\&. .sp If this option is not set, the default is empty\&. .RE .PP virusfilter:block access on error = false .RS 4 Controls whether or not access should be blocked on a scanning error\&. .sp If this option is not set, the default is false\&. .RE .PP virusfilter:scan error errno on open = EACCES .RS 4 What errno to return on open if there is an error in scanning the file and block access on error is true\&. .sp If this option is not set, the default is EACCES\&. .RE .PP virusfilter:scan error errno on close = 0 .RS 4 What errno to return on close if there is an error in scanning the file and block access on error is true\&. .sp If this option is not set, the default is 0\&. .RE .PP virusfilter:cache entry limit = 100 .RS 4 The maximum number of entries in the scanning results cache\&. Due to how Samba\*(Aqs memcache works, this is approximate\&. .sp If this option is not set, the default is 100\&. .RE .PP virusfilter:cache time limit = 10 .RS 4 The maximum number of seconds that a scanning result will stay in the results cache\&. \-1 disables the limit\&. 0 disables caching\&. .sp If this option is not set, the default is 10\&. .RE .PP virusfilter:quarantine directory mode = 0755 .RS 4 This is the octet mode for the quarantine directory and its sub\-directories as they are created\&. .sp If this option is not set, the default is 0755 or S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH\&. .sp Permissions must be such that all users can read and search\&. I\&.E\&. don\*(Aqt mess with this unless you really know what you are doing\&. .RE .PP virusfilter:block suspected file = false .RS 4 With this option on, suspected malware will be blocked as well\&. Only the \fIfsav\fRscanner supports this option\&. .sp If this option is not set, the default is false\&. .RE .SH "NOTES" .PP This module can scan other than default streams, if the alternative datastreams are each backed as separate files, such as with the vfs module streams_depot\&. .PP For proper operation the streams support module must be before the virusfilter module in your vfs objects list (i\&.e\&. streams_depot must be called before virusfilter module)\&. .PP This module is intended for security in depth by providing virus scanning capability on the server\&. It is not intended to be used in lieu of proper client based security\&. Other modules for security may exist and may be desirable for security in depth on the server\&. .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.