1VFS_VIRUSFILTER(8)        System Administration tools       VFS_VIRUSFILTER(8)
2
3
4

NAME

6       vfs_virusfilter - On access virus scanner
7

SYNOPSIS

9       vfs objects = virusfilter
10

DESCRIPTION

12       This is a set of various Samba VFS modules to scan and filter virus
13       files on Samba file services with an anti-virus scanner.
14
15       This module is stackable.
16

OPTIONS

18       virusfilter:scanner
19           The antivirus scan-engine.
20
21sophos, the Sophos AV scanner
22
23fsav, the F-Secure AV scanner
24
25clamav, the ClamAV scanner
26
27dummy, dummy scanner used in tests. Checks against the
28                      infected files parameter and flags any name that matches
29                      as infected.
30
31
32       virusfilter:socket path = PATH
33           Path of local socket for the virus scanner.
34
35           If this option is not set, the default path depends on the
36           configured AV scanning engine.
37
38           For the sophosbackend the default is /var/run/savdi/sssp.sock.
39
40           For the fsav backend the default is /tmp/.fsav-0.
41
42           For the clamav backend the default is /var/run/clamav/clamd.ctl.
43
44       virusfilter:connect timeout = 30000
45           Controls how long to wait on connecting to the virus scanning
46           process before timing out. Value is in milliseconds.
47
48           If this option is not set, the default is 30000.
49
50       virusfilter:io timeout = 60000
51           Controls how long to wait on communications with the virus scanning
52           process before timing out. Value is in milliseconds.
53
54           If this option is not set, the default is 60000.
55
56       virusfilter:scan on open = yes
57           This option controls whether files are scanned on open.
58
59           If this option is not set, the default is yes.
60
61       virusfilter:scan on close = no
62           This option controls whether files are scanned on close.
63
64           If this option is not set, the default is no.
65
66       virusfilter:max file size = 100000000
67           This is the largest sized file, in bytes, which will be scanned.
68
69           If this option is not set, the default is 100MB.
70
71       virusfilter:min file size = 10
72           This is the smallest sized file, in bytes, which will be scanned.
73
74           If this option is not set, the default is 10.
75
76       virusfilter:infected file action = nothing
77           What to do with an infected file. The options are nothing,
78           quarantine, rename, delete.
79
80           If this option is not set, the default is nothing.
81
82       virusfilter:infected file errno on open = EACCES
83           What errno to return on open if the file is infected.
84
85           If this option is not set, the default is EACCES.
86
87       virusfilter:infected file errno on close = 0
88           What errno to return on close if the file is infected.
89
90           If this option is not set, the default is 0.
91
92       virusfilter:quarantine directory = PATH
93           Where to move infected files. This path must be an absolute path.
94
95           If this option is not set, the default is ".quarantine" relative to
96           the share path.
97
98       virusfilter:quarantine prefix = virusfilter.
99           Prefix for quarantined files.
100
101           If this option is not set, the default is "virusfilter.".
102
103       virusfilter:quarantine suffix = .infected
104           Suffix for quarantined files. This option is only used if keep name
105           is true. Otherwise it is ignored.
106
107           If this option is not set, the default is ".infected".
108
109       virusfilter:rename prefix = virusfilter.
110           Prefix for infected files.
111
112           If this option is not set, the default is "virusfilter.".
113
114       virusfilter:rename suffix = .infected
115           Suffix for infected files.
116
117           If this option is not set, the default is ".infected".
118
119       virusfilter:quarantine keep tree = yes
120           If keep tree is set, the directory structure relative to the share
121           is maintained in the quarantine directory.
122
123           If this option is not set, the default is yes.
124
125       virusfilter:quarantine keep name = yes
126           Should the file name be left unmodified other than adding a suffix
127           and/or prefix and a random suffix name as defined in
128           virusfilter:rename prefix and virusfilter:rename suffix.
129
130           If this option is not set, the default is yes.
131
132       virusfilter:infected file command =
133       @SAMBA_DATADIR@/bin/virusfilter-notify --mail-to
134       virusmaster@example.com --cc "%U@example.com" --from samba@example.com
135       --subject-prefix "Samba: Infected File: "
136           External command to run on an infected file is found.
137
138           If this option is not set, the default is none.
139
140       virusfilter:scan archive = true
141           This defines whether or not to scan archives.
142
143           Sophos and F-Secure support this and it defaults to false.
144
145       virusfilter:max nested scan archive = 1
146           This defines the maximum depth to search nested archives.
147
148           The Sophos and F-Secure support this and it defaults to 1.
149
150       virusfilter:scan mime = true
151           This defines whether or not to scan mime files.
152
153           Only the fsavscanner supports this option and defaults to false.
154
155       virusfilter:scan error command = @SAMBA_DATADIR@/bin/virusfilter-notify
156       --mail-to virusmaster@example.com --from samba@example.com
157       --subject-prefix "Samba: Scan Error: "
158           External command to run on scan error.
159
160           If this option is not set, the default is none.
161
162       virusfilter:exclude files = empty
163           Files to exclude from scanning.
164
165           If this option is not set, the default is empty.
166
167       virusfilter:infected files = empty
168           Files that virusfilter dummy flags as infected.
169
170           If this option is not set, the default is empty.
171
172       virusfilter:block access on error = false
173           Controls whether or not access should be blocked on a scanning
174           error.
175
176           If this option is not set, the default is false.
177
178       virusfilter:scan error errno on open = EACCES
179           What errno to return on open if there is an error in scanning the
180           file and block access on error is true.
181
182           If this option is not set, the default is EACCES.
183
184       virusfilter:scan error errno on close = 0
185           What errno to return on close if there is an error in scanning the
186           file and block access on error is true.
187
188           If this option is not set, the default is 0.
189
190       virusfilter:cache entry limit = 100
191           The maximum number of entries in the scanning results cache. Due to
192           how Samba's memcache works, this is approximate.
193
194           If this option is not set, the default is 100.
195
196       virusfilter:cache time limit = 10
197           The maximum number of seconds that a scanning result will stay in
198           the results cache. -1 disables the limit. 0 disables caching.
199
200           If this option is not set, the default is 10.
201
202       virusfilter:quarantine directory mode = 0755
203           This is the octet mode for the quarantine directory and its
204           sub-directories as they are created.
205
206           If this option is not set, the default is 0755 or S_IRUSR | S_IWUSR
207           | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH.
208
209           Permissions must be such that all users can read and search. I.E.
210           don't mess with this unless you really know what you are doing.
211
212       virusfilter:block suspected file = false
213           With this option on, suspected malware will be blocked as well.
214           Only the fsavscanner supports this option.
215
216           If this option is not set, the default is false.
217

NOTES

219       This module can scan other than default streams, if the alternative
220       datastreams are each backed as separate files, such as with the vfs
221       module streams_depot.
222
223       For proper operation the streams support module must be before the
224       virusfilter module in your vfs objects list (i.e. streams_depot must be
225       called before virusfilter module).
226
227       This module is intended for security in depth by providing virus
228       scanning capability on the server. It is not intended to be used in
229       lieu of proper client based security. Other modules for security may
230       exist and may be desirable for security in depth on the server.
231

AUTHOR

233       The original Samba software and related utilities were created by
234       Andrew Tridgell. Samba is now developed by the Samba Team as an Open
235       Source project similar to the way the Linux kernel is developed.
236
237
238
239Samba 4.8                         11/27/2023                VFS_VIRUSFILTER(8)
Impressum