vfs_scannedonly(8)

1VFS_SCANNEDONLY(8)        System Administration tools       VFS_SCANNEDONLY(8)
2
3
4

NAME

6       vfs_scannedonly - Ensures that only files that have been scanned for
7       viruses are visible and accessible to the end user.
8

SYNOPSIS

10       vfs objects = scannedonly
11

DESCRIPTION

13       This VFS module is part of the samba(8) suite.
14
15       The vfs_scannedonly VFS module ensures that only files that have been
16       scanned for viruses are visible and accessible to the end user. If
17       non-scanned files are found an anti-virus scanning daemon is notified.
18       The anti-virus scanning daemon is not part of the Samba suite.
19
20       Scannedonly comes in two parts: a samba vfs module and (one or more)
21       daemons. The daemon scans files. If a certain file is clean, a second
22       file is created with prefix .scanned:. The Samba module simply looks if
23       such a .scanned: file exists, and is newer than the pertinent file. If
24       this is the case, the file is shown to the user. If this is not the
25       case, the file is not returned in a directory listing (configurable),
26       and cannot be opened (configurable). The Samba vfs module will notify
27       the daemon to scan this file.
28
29       So what happens for the user in the default configuration. The first
30       time a directory is listed, it shows files as ´file is being scanned
31       for viruses, but after the first time all files are shown. There is a
32       utility scannedonly_prescan that can help you to prescan all
33       directories. When new files are written the daemon is notified
34       immediately after the file is complete.
35
36       If a virus is found by the daemon, a file with a warning message is
37       created in the directory of the user, a warning is sent to the logs,
38       and the file is renamed to have prefix .virus:. Files with the .virus:
39       prefix are never shown to the user and all access is denied.
40
41       This module is stackable.
42

CONFIGURATION

44       vfs_scannedonly relies on a anti-virus scanning daemon that listens on
45       the scannedonly socket (unix domain socket or UDP socket).
46

OPTIONS

48       scannedonly:domain_socket = True
49           Whether to use a unix domain socket or not (false reverts to use
50           udp)
51
52       scannedonly:socketname = /var/lib/scannedonly/scan
53           The location of the unix domain socket to connect to
54
55       scannedonly:portnum = 2020
56           The udp port number to connect to
57
58       scannedonly:scanhost = localhost
59           When using UDP the host that runs the scanning daemon (this host
60           needs access to the files!)
61
62       scannedonly:show_special_files = True
63           Whether sockets, devices and fifo´s (all not scanned for viruses)
64           should be visible to the user
65
66       scannedonly:rm_hidden_files_on_rmdir = True
67           Whether files that are not visible (.scanned: files, .failed: files
68           and .virus: files) should be deleted if the user tries to remove
69           the directory. If false, the user will get the "directory is not
70           empty" error.
71
72       scannedonly:hide_nonscanned_files = True
73           If false, all non-scanned files are visible in directory listings.
74           If such files are found in a directory listing the scanning daemon
75           is notified that scanning is required. Access to non-scanned files
76           is still denied (see scannedonly:allow_nonscanned_files).
77
78       scannedonly:scanning_message = is being scanned for viruses
79           If non-scanned files are hidden (if
80           scannedonly:hide_nonscanned_files = True), a fake 0 byte file is
81           shown. The filename is the original filename with the message as
82           suffix.
83
84       scannedonly:recheck_time_open = 50
85           If a non-scanned file is opened, the vfs module will wait
86           recheck_tries_open times for recheck_time_open milliseconds for the
87           scanning daemon to create a .scanned: file. For small files that
88           are scanned by the daemon within the time (tries * time) the
89           behavior will be just like on-access scanning.
90
91       scannedonly:recheck_tries_open = 100
92           See recheck_time_open.
93
94       scannedonly:recheck_time_readdir = 50
95           If a non-scanned file is in a directory listing the vfs module
96           notifies the daemon (once for all files that need scanning in that
97           directory), and waits recheck_tries_readdir times for
98           recheck_time_readdir milliseconds. Only used when
99           hide_nonscanned_files is false.
100
101       scannedonly:recheck_tries_readdir = 20
102           See recheck_time_readdir.
103
104       scannedonly:allow_nonscanned_files = False
105           Allow access to non-scanned files. The daemon is notified, however,
106           and special files such as .scanned: files.  .virus: files and
107           .failed: files are not listed.
108

EXAMPLES

110       Enable anti-virus scanning:
111
112                   [homes]
113                vfs objects = scannedonly
114                scannedonly:hide_nonscanned_files = False
115

CAVEATS

117       This is not true on-access scanning. However, it is very fast for files
118       that have been scanned already.
119

VERSION

121       This man page is correct for version 3.5.0 of the Samba suite.
122

AUTHOR

124       The original Samba software and related utilities were created by
125       Andrew Tridgell. Scannedonly was developed for Samba by Olivier
126       Sessink. Samba is now developed by the Samba Team as an Open Source
127       project similar to the way the Linux kernel is developed.
128
129
130
131Samba 3.5                         08/02/2011                VFS_SCANNEDONLY(8)