1VFS_VIRUSFILTER(8)        System Administration tools       VFS_VIRUSFILTER(8)
2
3
4

NAME

6       vfs_virusfilter - On access virus scanner
7

SYNOPSIS

9       vfs objects = virusfilter
10

DESCRIPTION

12       This is a set of various Samba VFS modules to scan and filter virus
13       files on Samba file services with an anti-virus scanner.
14
15       This module is stackable.
16

OPTIONS

18       virusfilter:scanner
19           The antivirus scan-engine.
20
21sophos, the Sophos AV scanner
22
23fsav, the F-Secure AV scanner
24
25clamav, the ClamAV scanner
26
27
28       virusfilter:socket path = PATH
29           Path of local socket for the virus scanner.
30
31           If this option is not set, the default path depends on the
32           configured AV scanning engine.
33
34           For the sophosbackend the default is /var/run/savdi/sssp.sock.
35
36           For the fsav backend the default is /tmp/.fsav-0.
37
38           For the clamav backend the default is /var/run/clamav/clamd.ctl.
39
40       virusfilter:connect timeout = 30000
41           Controls how long to wait on connecting to the virus scanning
42           process before timing out. Value is in milliseconds.
43
44           If this option is not set, the default is 30000.
45
46       virusfilter:io timeout = 60000
47           Controls how long to wait on communications with the virus scanning
48           process before timing out. Value is in milliseconds.
49
50           If this option is not set, the default is 60000.
51
52       virusfilter:scan on open = yes
53           This option controls whether files are scanned on open.
54
55           If this option is not set, the default is yes.
56
57       virusfilter:scan on close = no
58           This option controls whether files are scanned on close.
59
60           If this option is not set, the default is no.
61
62       virusfilter:max file size = 100000000
63           This is the largest sized file, in bytes, which will be scanned.
64
65           If this option is not set, the default is 100MB.
66
67       virusfilter:min file size = 10
68           This is the smallest sized file, in bytes, which will be scanned.
69
70           If this option is not set, the default is 10.
71
72       virusfilter:infected file action = nothing
73           What to do with an infected file. The options are nothing,
74           quarantine, rename, delete.
75
76           If this option is not set, the default is nothing.
77
78       virusfilter:infected file errno on open = EACCES
79           What errno to return on open if the file is infected.
80
81           If this option is not set, the default is EACCES.
82
83       virusfilter:infected file errno on close = 0
84           What errno to return on close if the file is infected.
85
86           If this option is not set, the default is 0.
87
88       virusfilter:quarantine directory = PATH
89           Where to move infected files. This path must be an absolute path.
90
91           If this option is not set, the default is ".quarantine" relative to
92           the share path.
93
94       virusfilter:quarantine prefix = virusfilter.
95           Prefix for quarantined files.
96
97           If this option is not set, the default is "virusfilter.".
98
99       virusfilter:quarantine suffix = .infected
100           Suffix for quarantined files. This option is only used if keep name
101           is true. Otherwise it is ignored.
102
103           If this option is not set, the default is ".infected".
104
105       virusfilter:rename prefix = virusfilter.
106           Prefix for infected files.
107
108           If this option is not set, the default is "virusfilter.".
109
110       virusfilter:rename suffix = .infected
111           Suffix for infected files.
112
113           If this option is not set, the default is ".infected".
114
115       virusfilter:quarantine keep tree = yes
116           If keep tree is set, the directory structure relative to the share
117           is maintained in the quarantine directory.
118
119           If this option is not set, the default is yes.
120
121       virusfilter:quarantine keep name = yes
122           Should the file name be left unmodified other than adding a suffix
123           and/or prefix and a random suffix name as defined in
124           virusfilter:rename prefix and virusfilter:rename suffix.
125
126           If this option is not set, the default is yes.
127
128       virusfilter:infected file command =
129       @SAMBA_DATADIR@/bin/virusfilter-notify --mail-to
130       virusmaster@example.com --cc "%U@example.com" --from samba@example.com
131       --subject-prefix "Samba: Infected File: "
132           External command to run on an infected file is found.
133
134           If this option is not set, the default is none.
135
136       virusfilter:scan archive = true
137           This defines whether or not to scan archives.
138
139           Sophos and F-Secure support this and it defaults to false.
140
141       virusfilter:max nested scan archive = 1
142           This defines the maximum depth to search nested archives.
143
144           The Sophos and F-Secure support this and it defaults to 1.
145
146       virusfilter:scan mime = true
147           This defines whether or not to scan mime files.
148
149           Only the fsavscanner supports this option and defaults to false.
150
151       virusfilter:scan error command = @SAMBA_DATADIR@/bin/virusfilter-notify
152       --mail-to virusmaster@example.com --from samba@example.com
153       --subject-prefix "Samba: Scan Error: "
154           External command to run on scan error.
155
156           If this option is not set, the default is none.
157
158       virusfilter:exclude files = empty
159           Files to exclude from scanning.
160
161           If this option is not set, the default is empty.
162
163       virusfilter:block access on error = false
164           Controls whether or not access should be blocked on a scanning
165           error.
166
167           If this option is not set, the default is false.
168
169       virusfilter:scan error errno on open = EACCES
170           What errno to return on open if there is an error in scanning the
171           file and block access on error is true.
172
173           If this option is not set, the default is EACCES.
174
175       virusfilter:scan error errno on close = 0
176           What errno to return on close if there is an error in scanning the
177           file and block access on error is true.
178
179           If this option is not set, the default is 0.
180
181       virusfilter:cache entry limit = 100
182           The maximum number of entries in the scanning results cache. Due to
183           how Samba's memcache works, this is approximate.
184
185           If this option is not set, the default is 100.
186
187       virusfilter:cache time limit = 10
188           The maximum number of seconds that a scanning result will stay in
189           the results cache. -1 disables the limit. 0 disables caching.
190
191           If this option is not set, the default is 10.
192
193       virusfilter:quarantine directory mode = 0755
194           This is the octet mode for the quarantine directory and its
195           sub-directories as they are created.
196
197           If this option is not set, the default is 0755 or S_IRUSR | S_IWUSR
198           | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH.
199
200           Permissions must be such that all users can read and search. I.E.
201           don't mess with this unless you really know what you are doing.
202
203       virusfilter:block suspected file = false
204           With this option on, suspected malware will be blocked as well.
205           Only the fsavscanner supports this option.
206
207           If this option is not set, the default is false.
208

NOTES

210       This module can scan other than default streams, if the alternative
211       datastreams are each backed as separate files, such as with the vfs
212       module streams_depot.
213
214       For proper operation the streams support module must be before the
215       virusfilter module in your vfs objects list (i.e. streams_depot must be
216       called before virusfilter module).
217
218       This module is intended for security in depth by providing virus
219       scanning capability on the server. It is not intended to be used in
220       lieu of proper client based security. Other modules for security may
221       exist and may be desirable for security in depth on the server.
222

AUTHOR

224       The original Samba software and related utilities were created by
225       Andrew Tridgell. Samba is now developed by the Samba Team as an Open
226       Source project similar to the way the Linux kernel is developed.
227
228
229
230Samba 4.8                         11/13/2021                VFS_VIRUSFILTER(8)
Impressum