1VFS_VIRUSFILTER(8) System Administration tools VFS_VIRUSFILTER(8)
2
6 vfs_virusfilter - On access virus scanner
7
9 vfs objects = virusfilter
10
12 This is a set of various Samba VFS modules to scan and filter virus
13 files on Samba file services with an anti-virus scanner.
14 This module is stackable.
16
18 virusfilter:scanner
19 The antivirus scan-engine.
20 • sophos, the Sophos AV scanner
22 • fsav, the F-Secure AV scanner
24 • clamav, the ClamAV scanner
26 • dummy, dummy scanner used in tests. Checks against the
28 infected files parameter and flags any name that matches
29 as infected.
30 virusfilter:socket path = PATH
33 Path of local socket for the virus scanner.
34 If this option is not set, the default path depends on the
36 configured AV scanning engine.
37 For the sophosbackend the default is /var/run/savdi/sssp.sock.
39 For the fsav backend the default is /tmp/.fsav-0.
41 For the clamav backend the default is /var/run/clamav/clamd.ctl.
43 virusfilter:connect timeout = 30000
45 Controls how long to wait on connecting to the virus scanning
46 process before timing out. Value is in milliseconds.
47 If this option is not set, the default is 30000.
49 virusfilter:io timeout = 60000
51 Controls how long to wait on communications with the virus scanning
52 process before timing out. Value is in milliseconds.
53 If this option is not set, the default is 60000.
55 virusfilter:scan on open = yes
57 This option controls whether files are scanned on open.
58 If this option is not set, the default is yes.
60 virusfilter:scan on close = no
62 This option controls whether files are scanned on close.
63 If this option is not set, the default is no.
65 virusfilter:max file size = 100000000
67 This is the largest sized file, in bytes, which will be scanned.
68 If this option is not set, the default is 100MB.
70 virusfilter:min file size = 10
72 This is the smallest sized file, in bytes, which will be scanned.
73 If this option is not set, the default is 10.
75 virusfilter:infected file action = nothing
77 What to do with an infected file. The options are nothing,
78 quarantine, rename, delete.
79 If this option is not set, the default is nothing.
81 virusfilter:infected file errno on open = EACCES
83 What errno to return on open if the file is infected.
84 If this option is not set, the default is EACCES.
86 virusfilter:infected file errno on close = 0
88 What errno to return on close if the file is infected.
89 If this option is not set, the default is 0.
91 virusfilter:quarantine directory = PATH
93 Where to move infected files. This path must be an absolute path.
94 If this option is not set, the default is ".quarantine" relative to
96 the share path.
97 virusfilter:quarantine prefix = virusfilter.
99 Prefix for quarantined files.
100 If this option is not set, the default is "virusfilter.".
102 virusfilter:quarantine suffix = .infected
104 Suffix for quarantined files. This option is only used if keep name
105 is true. Otherwise it is ignored.
106 If this option is not set, the default is ".infected".
108 virusfilter:rename prefix = virusfilter.
110 Prefix for infected files.
111 If this option is not set, the default is "virusfilter.".
113 virusfilter:rename suffix = .infected
115 Suffix for infected files.
116 If this option is not set, the default is ".infected".
118 virusfilter:quarantine keep tree = yes
120 If keep tree is set, the directory structure relative to the share
121 is maintained in the quarantine directory.
122 If this option is not set, the default is yes.
124 virusfilter:quarantine keep name = yes
126 Should the file name be left unmodified other than adding a suffix
127 and/or prefix and a random suffix name as defined in
128 virusfilter:rename prefix and virusfilter:rename suffix.
129 If this option is not set, the default is yes.
131 virusfilter:infected file command =
133 @SAMBA_DATADIR@/bin/virusfilter-notify --mail-to
134 virusmaster@example.com --cc "%U@example.com" --from samba@example.com
135 --subject-prefix "Samba: Infected File: "
136 External command to run on an infected file is found.
137 If this option is not set, the default is none.
139 virusfilter:scan archive = true
141 This defines whether or not to scan archives.
142 Sophos and F-Secure support this and it defaults to false.
144 virusfilter:max nested scan archive = 1
146 This defines the maximum depth to search nested archives.
147 The Sophos and F-Secure support this and it defaults to 1.
149 virusfilter:scan mime = true
151 This defines whether or not to scan mime files.
152 Only the fsavscanner supports this option and defaults to false.
154 virusfilter:scan error command = @SAMBA_DATADIR@/bin/virusfilter-notify
156 --mail-to virusmaster@example.com --from samba@example.com
157 --subject-prefix "Samba: Scan Error: "
158 External command to run on scan error.
159 If this option is not set, the default is none.
161 virusfilter:exclude files = empty
163 Files to exclude from scanning.
164 If this option is not set, the default is empty.
166 virusfilter:infected files = empty
168 Files that virusfilter dummy flags as infected.
169 If this option is not set, the default is empty.
171 virusfilter:block access on error = false
173 Controls whether or not access should be blocked on a scanning
174 error.
175 If this option is not set, the default is false.
177 virusfilter:scan error errno on open = EACCES
179 What errno to return on open if there is an error in scanning the
180 file and block access on error is true.
181 If this option is not set, the default is EACCES.
183 virusfilter:scan error errno on close = 0
185 What errno to return on close if there is an error in scanning the
186 file and block access on error is true.
187 If this option is not set, the default is 0.
189 virusfilter:cache entry limit = 100
191 The maximum number of entries in the scanning results cache. Due to
192 how Samba's memcache works, this is approximate.
193 If this option is not set, the default is 100.
195 virusfilter:cache time limit = 10
197 The maximum number of seconds that a scanning result will stay in
198 the results cache. -1 disables the limit. 0 disables caching.
199 If this option is not set, the default is 10.
201 virusfilter:quarantine directory mode = 0755
203 This is the octet mode for the quarantine directory and its
204 sub-directories as they are created.
205 If this option is not set, the default is 0755 or S_IRUSR | S_IWUSR
207 | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH.
208 Permissions must be such that all users can read and search. I.E.
210 don't mess with this unless you really know what you are doing.
211 virusfilter:block suspected file = false
213 With this option on, suspected malware will be blocked as well.
214 Only the fsavscanner supports this option.
215 If this option is not set, the default is false.
217
219 This module can scan other than default streams, if the alternative
220 datastreams are each backed as separate files, such as with the vfs
221 module streams_depot.
222 For proper operation the streams support module must be before the
224 virusfilter module in your vfs objects list (i.e. streams_depot must be
225 called before virusfilter module).
226 This module is intended for security in depth by providing virus
228 scanning capability on the server. It is not intended to be used in
229 lieu of proper client based security. Other modules for security may
230 exist and may be desirable for security in depth on the server.
231
233 The original Samba software and related utilities were created by
234 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
235 Source project similar to the way the Linux kernel is developed.
236Samba 4.8 11/27/2023 VFS_VIRUSFILTER(8)