Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

samba e clamav comportamento strano
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Forum italiano (Italian)
View previous topic :: View next topic  
Author Message
FreeManAtomic
Guru
Guru


Joined: 01 Feb 2005
Posts: 365
PostPosted: Sat May 20, 2006 1:28 pm    Post subject: samba e clamav comportamento strano Reply with quote
Ciao,
ho abilitato l'integrazione tra clamav e samba, per provare se funziona ho scaricato da un sito un file zip con un virusma succede tutto cio':

Code:

May 20 15:16:42 dorothy smbd_vscan-clamav[22910]: samba-vscan (vscan-clamav 0.3.6b) registered (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
May 20 15:16:42 dorothy smbd_vscan-clamav[22910]: samba-vscan (vscan-clamav 0.3.6b) connected (Samba 3.0), (c) by Rainer Link, OpenAntiVirus.org
May 20 15:16:42 dorothy smbd_vscan-clamav[22910]: INFO: connect to service public by user cdsguest
May 20 15:16:43 dorothy smbd_vscan-clamav[22910]: INFO: file /home/fspublic/Audio/eicar_com.zip is clean
May 20 15:17:23 dorothy smbd_vscan-clamav[22910]: INFO: disconnected
May 20 15:18:15 dorothy smbd_vscan-clamav[22908]: INFO: File Audio/eicarcom2.zip not found! Not scanned! ([b] quando lo copio la prima volta[/b])
May 20 15:18:28 dorothy smbd_vscan-clamav[22908]: INFO: file /home/fspublic/Audio/eicarcom2.zip is clean ([b] quando lo copio la seconda volta[/b])


Ma il file e' infetto infatti:
Code:

dorothy Audio # clamscan eicarcom2.zip
eicarcom2.zip: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 55999
Engine version: 0.88.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Time: 0.856 sec (0 m 0 s)
dorothy Audio #           


Perche' accade tutto cio'?


I miei file di configurazione:

clamd.conf
Code:

LogFile /var/log/clamav/clamd.log
LogTime
LogVerbose
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket
User clamav


vscan-clamav.conf
Code:

[samba-vscan]
; run-time configuration for vscan-samba using
; clamd
; all options are set to default values

; do not scan files larger than X bytes. If set to 0 (default),
; this feature is disable (i.e. all files are scanned)
max file size = 0

; log all file access (yes/no). If set to yes, every access will
; be logged. If set to no (default), only access to infected files
; will be logged
verbose file logging = yes

; if set to yes (default), a file will be scanned while opening
scan on open = yes
; if set to yes, a file will be scanned while closing (default is yes)
scan on close = no

; if communication to clamd fails, should access to file denied?
; (default: yes)
deny access on error = yes

; if daemon files with a minor error (corruption, etc.),
; should access to file denied?
; (default: yes)
deny access on minor error = yes

; send a warning message via Windows Messenger service
; when virus is found?
; (default: yes)
send warning message = yes

; what to do with an infected file
; quarantine: try to move to quantine directory; delete it if moving fails
; delete:     delete infected file
; nothing:    do nothing (default)
infected file action = delete

; where to put infected files - you really want to change this!
quarantine directory  = /home/public/.quarantine
; prefix for files in quarantine
quarantine prefix = vir-

; as Windows tries to open a file multiple time in a (very) short time
; of period, samba-vscan use a last recently used file mechanism to avoid
; multiple scans of a file. This setting specified the maximum number of
; elements of the last recently used file list. (default: 100)
max lru files entries = 100

; an entry is invalidad after lru file entry lifetime (in seconds).
; (Default: 5)
lru file entry lifetime = 5

; exclude files from being scanned based on the MIME-type! Semi-colon
; seperated list (default: empty list). Use this with care!
exclude file types = avi;wmv;mpg;mpeg;mp3;wav;pdf;mp4;jpeg;jpg;bmp;png;eps;txt;rtf;tex

; socket name of clamd (default: /var/run/clamd). Setting will be ignored if
; libclamav is used
clamd socket name = /var/run/clamav/clamd.sock




; limits, if vscan-clamav was build for using the clamav library (libclamav)
; instead of clamd

; maximum number of files in archive (default: 1000)
libclamav max files in archive = 1000

; maximum archived file sitze, in bytes (default: 10 MB)
libclamav max archived file size = 10 * 1048576

; maximum recursion level (default: 5)
libclamav max recursion level = 5

Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Forum italiano (Italian) All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy