1VFS_VIRUSFILTER(8) System Administration tools VFS_VIRUSFILTER(8)
2
6 vfs_virusfilter - On access virus scanner
7
9 vfs objects = virusfilter
10
12 This is a set of various Samba VFS modules to scan and filter virus
13 files on Samba file services with an anti-virus scanner.
14 This module is stackable.
16
18 virusfilter:scanner
19 The antivirus scan-engine.
20 · sophos, the Sophos AV scanner
22 · fsav, the F-Secure AV scanner
24 · clamav, the ClamAV scanner
26 virusfilter:socket path = PATH
29 Path of local socket for the virus scanner.
30 If this option is not set, the default path depends on the
32 configured AV scanning engine.
33 For the sophosbackend the default is /var/run/savdi/sssp.sock.
35 For the fsav backend the default is /tmp/.fsav-0.
37 For the fsav backend the default is /var/run/clamav/clamd.ctl.
39 virusfilter:connect timeout = 30000
41 Controls how long to wait on connecting to the virus scanning
42 process before timing out. Value is in milliseconds.
43 If this option is not set, the default is 30000.
45 virusfilter:io timeout = 60000
47 Controls how long to wait on communications with the virus scanning
48 process before timing out. Value is in milliseconds.
49 If this option is not set, the default is 60000.
51 virusfilter:scan on open = yes
53 This option controls whether files are scanned on open.
54 If this option is not set, the default is yes.
56 virusfilter:scan on close = no
58 This option controls whether files are scanned on close.
59 If this option is not set, the default is no.
61 virusfilter:max file size = 100000000
63 This is the largest sized file, in bytes, which will be scanned.
64 If this option is not set, the default is 100MB.
66 virusfilter:min file size = 10
68 This is the smallest sized file, in bytes, which will be scanned.
69 If this option is not set, the default is 10.
71 virusfilter:infected file action = nothing
73 What to do with an infected file. The options are nothing,
74 quarantine, rename, delete.
75 If this option is not set, the default is nothing.
77 virusfilter:infected file errno on open = EACCES
79 What errno to return on open if the file is infected.
80 If this option is not set, the default is EACCES.
82 virusfilter:infected file errno on close = 0
84 What errno to return on close if the file is infected.
85 If this option is not set, the default is 0.
87 virusfilter:quarantine directory = PATH
89 Where to move infected files. This path must be an absolute path.
90 If this option is not set, the default is ".quarantine" relative to
92 the share path.
93 virusfilter:quarantine prefix = virusfilter.
95 Prefix for quarantined files.
96 If this option is not set, the default is "virusfilter.".
98 virusfilter:quarantine suffix = .infected
100 Suffix for quarantined files. This option is only used if keep name
101 is true. Otherwise it is ignored.
102 If this option is not set, the default is ".infected".
104 virusfilter:rename prefix = virusfilter.
106 Prefix for infected files.
107 If this option is not set, the default is "virusfilter.".
109 virusfilter:rename suffix = .infected
111 Suffix for infected files.
112 If this option is not set, the default is ".infected".
114 virusfilter:quarantine keep tree = yes
116 If keep tree is set, the directory structure relative to the share
117 is maintained in the quarantine directory.
118 If this option is not set, the default is yes.
120 virusfilter:quarantine keep name = yes
122 Should the file name be left unmodified other than adding a suffix
123 and/or prefix and a random suffix name as defined in
124 virusfilter:rename prefix and virusfilter:rename suffix.
125 If this option is not set, the default is yes.
127 virusfilter:infected file command =
129 @SAMBA_DATADIR@/bin/virusfilter-notify --mail-to
130 virusmaster@example.com --cc "%U@example.com" --from samba@example.com
131 --subject-prefix "Samba: Infected File: "
132 External command to run on an infected file is found.
133 If this option is not set, the default is none.
135 virusfilter:scan archive = true
137 This defines whether or not to scan archives.
138 Sophos and F-Secure support this and it defaults to false.
140 virusfilter:max nested scan archive = 1
142 This defines the maximum depth to search nested archives.
143 The Sophos and F-Secure support this and it defaults to 1.
145 virusfilter:scan mime = true
147 This defines whether or not to scan mime files.
148 Only the fsavscanner supports this option and defaults to false.
150 virusfilter:scan error command = @SAMBA_DATADIR@/bin/virusfilter-notify
152 --mail-to virusmaster@example.com --from samba@example.com
153 --subject-prefix "Samba: Scan Error: "
154 External command to run on scan error.
155 If this option is not set, the default is none.
157 virusfilter:exclude files = empty
159 Files to exclude from scanning.
160 If this option is not set, the default is empty.
162 virusfilter:block access on error = false
164 Controls whether or not access should be blocked on a scanning
165 error.
166 If this option is not set, the default is false.
168 virusfilter:scan error errno on open = EACCES
170 What errno to return on open if there is an error in scanning the
171 file and block access on error is true.
172 If this option is not set, the default is EACCES.
174 virusfilter:scan error errno on close = 0
176 What errno to return on close if there is an error in scanning the
177 file and block access on error is true.
178 If this option is not set, the default is 0.
180 virusfilter:cache entry limit = 100
182 The maximum number of entries in the scanning results cache. Due to
183 how Samba's memcache works, this is approximate.
184 If this option is not set, the default is 100.
186 virusfilter:cache time limit = 10
188 The maximum number of seconds that a scanning result will stay in
189 the results cache. -1 disables the limit. 0 disables caching.
190 If this option is not set, the default is 10.
192 virusfilter:quarantine directory mode = 0755
194 This is the octet mode for the quarantine directory and its
195 sub-directories as they are created.
196 If this option is not set, the default is 0755 or S_IRUSR | S_IWUSR
198 | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH.
199 Permissions must be such that all users can read and search. I.E.
201 don't mess with this unless you really know what you are doing.
202 virusfilter:block suspected file = false
204 With this option on, suspected malware will be blocked as well.
205 Only the fsavscanner supports this option.
206 If this option is not set, the default is false.
208
210 This module can scan other than default streams, if the alternative
211 datastreams are each backed as separate files, such as with the vfs
212 module streams_depot.
213 For proper operation the streams support module must be before the
215 virusfilter module in your vfs objects list (i.e. streams_depot must be
216 called before virusfilter module).
217 This module is intended for security in depth by providing virus
219 scanning capability on the server. It is not intended to be used in
220 lieu of proper client based security. Other modules for security may
221 exist and may be desirable for security in depth on the server.
222
224 The original Samba software and related utilities were created by
225 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
226 Source project similar to the way the Linux kernel is developed.
227Samba 4.8 10/30/2018 VFS_VIRUSFILTER(8)