Wednesday, April 23, 2008

Installing Clamav antivirus on Samba in Ubuntu

Many people use Samba in their file server to let Windows users share their files there. But some people just doesn't care if they have shared virus infected files. The other users merely become the victim.

So, lets arm our Samba to protect users from viruses hidden in the shared directories. In Ubuntu and other *nix distros, we can use free Clamav antivirus plugged in to Samba which is called clamav-scan. *nix distros usually provide ready-to-install binary of clamav-scan. But Ubuntu does not. So you must compile the plug in manually.

Enough for the intro, now we'll begin arming the Samba in Ubuntu (my Ubuntu version is 7.04 feisty fawn) . Don't be rush. You must follow test instruction before proceeding the next step.

1. Prepare package Clamav and supporting packages
apt-get install clamav arj unzoo lha clamav-freshclam clamav-daemon clamav-testfiles build-essential

You may also need build-essential package

Test: Please make sure that we can scan infected files.
clamscan -ir /usr/share/clamav-testfiles

We should see lines like the following:

----------- SCAN SUMMARY -----------
Known viruses: 266917
Engine version: 0.91.2
Scanned directories: 1
Scanned files: 7
Infected files: 6
Data scanned: 0.00 MB
Time: 3.762 sec (0 m 3 s)


2. Prepare packages to install clamav-scan into Samba
apt-get install dpkg-dev
apt-get source samba
apt-get build-dep samba
wget -c http://optusnet.dl.sourceforge.net/sourceforge/openantivirus/samba-vscan-0.3.6b.tar.bz2

3. Compiling
cd samba-3.0.24
./debian/rules configure-stamp
cd source
make proto
cd ../..

tar -jxvf samba-vscan-0.3.6b.tar.bz2 -C /usr/src
cd samba-vscan-0.3.6b
./configure --with-samba-source=/usr/src/samba-3.0.24/source
make && make install

Now the vscan-clamav module is ready to use

4. Configuring Samba to cooperate with vscan-clamav
mkdir /etc/samba/vfs-config
cp /usr/src/samba-vscan-0.3.6b/clamav/vscan-clamav.conf /etc/samba/vfs-config/

change some values in the /etc/../vfs-config/vscan-clamav.conf:
clamd socket name = /var/run/clamav/clamd.ctl
infected files action = quarantine
; By default, the quarantine directory is /tmp
; quarantine directory = /mnt/office-shared-files/.quarantine


Add some values in samba config file: /etc/samba/smb.conf. We may add this line under [global] configuration or specific directory configuration
vfs objects = vscan-clamav
vscan-clamav: config-file = /etc/samba/vfs-config/vscan-clamav.conf

5. We must recompile vscan-clamav if we upgrade our Samba. To lock Samba version from upgrading, we must do this:
echo samba hold | dpkg --set-selections
echo samba install | dpkg --set-selections

6. Now restart Samba
/etc/init.d/samba restart

7. See vscan-clamav in action
  • Just copy /usr/share/clamav-testfiles to shared writable directory of Samba so it can be accessed by Windows users. The files inside are harmless to Windows but make clamav assume them as infected files.
  • We can see that Samba has denied us from copying the file out. Instead we'll see the files has been moved to /tmp/var-*****.
  • Later, we can see that Samba users can not copy infected files into the shared directory of Samba.
I hope this tutorial useful to you!

References:
- http://www.howtoforge.com/forums/showthread.php?t=3706
- http://www.grape-info.com/doc/linux/config/samba-vscan-0.3.6b-84.html

10 comments:

Okto2005 said...

cd source
./make proto
cd ../..

ada yang salah tuh bosssssssss:

cd source
./make proto
-bash: ./make: No such file or directory

harusnya male proto

Ichsan said...

Trims, tapi harusnya make proto :D

Okto2005 said...

tanya bos...

gue pake ubuntu 7.10 tapi waktu proses make nya banyak errornya,padahal udah gue ikuti petunjuk diatas........:

Compiling global/vscan-functions.c with -fPIC
In file included from /usr/src/sources/samba3-vscan-0.4.0-snapshot1/include/vscan-global.h:4,
from global/vscan-functions.c:15:
/usr/src/sources/samba-3.0.26a/source/include/includes.h:102:31: error: system/capability.h: No such file or directory
/usr/src/sources/samba-3.0.26a/source/include/includes.h:103:24: error: system/dir.h: No such file or directory
...................
...................
global/vscan-functions.c:203: warning: implicit declaration of function âinet_ptonâ
global/vscan-functions.c: In function âvscan_socket_endâ:
global/vscan-functions.c:251: warning: implicit declaration of function âcloseâ
make: *** [global/vscan-functions.po] Error 1

Ichsan said...

okto, coba kamu install build-essential deh. Setahu saya itu paket wajib setiap kita mau compile paket

Hannes said...

Hey guys,

I'm having the same problem like Okto2005:

Compiling global/vscan-functions.c with -fPIC
In file included from /usr/src/sources/samba3-vscan-0.4.0-snapshot1/include/vscan-global.h:4,
from global/vscan-functions.c:15:
/usr/src/sources/samba-3.0.26a/source/include/includes.h:102:31: error: system/capability.h: No such file or directory
/usr/src/sources/samba-3.0.26a/source/include/includes.h:103:24: error: system/dir.h: No such file or directory
...................



I saw, Ichsan posted a reply, but unfortunately I speak only English and German :)
Can anybody help and translate it to Engish? Thanks!

Ichsan said...

If you have problem like Okto2005 did, try to apt-get install lib6-dev. The dir.h file belongs to libc6-dev package.

Actually, if you want to compile things, at least you should apt-get install build-essential. Sorry that I didn't include this package.

But, thanks for reminding me. I've just updated the list of required packages.

Bartosz said...

After instaling libc6-dev, it still doesn't work.

Ichsan said...

Bartosz, may be your Ubuntu is newer then mine. I haven't checked with the latest Ubuntu yet

Mirza Khadnezar said...

kalau samba nya udah keinstall gimana bos ?
install samba nya pake apt-get install samba

ada petunjuk ???

Adrian said...

Hi there,

I have used this before with ubuntu 8.04 but it doesn't work with 10.04
At part 3 I get the following error:
:~/samba-3.4.7~dfsg# ./debian/rules configure-stamp
make: *** No rule to make target `configure-stamp'. Stop.

Any suggestions?