前言

Samba 提供了讓 Linux 與 windows 的使用者能夠互相存取檔案的功能,但也因為這樣使得主機中毒的風險增加,因此便需要安裝防毒軟體來降低風險。底下將示範 ClamAV+Samba的設定步驟。

 

 

ClamAV+Samba建置實作

 

1. 確認 samba版本

[root@CentOS53 ~]# rpm -qa |grep samba

samba-3.0.33-3.7.el5_3.1

 

2. 下載 samba

[root@CentOS53 tmp]# wget http://us5.samba.org/samba/ftp/old-versions/samba-3.0.32.tar.gz

 

3. 下載 samba-vscan

[root@CentOS53 tmp]# wget http://www.openantivirus.org/download/samba-vscan-0.3.6c-beta5.tar.gz

 

4. 切換到 /usr/local/src/

[root@CentOS53 tmp]# cd /usr/local/src/

 

5. 將 samba 解壓縮

[root@CentOS53 src]# tar zxf /tmp/samba-3.0.32.tar.gz

 

6. 切換目錄 samba-3.0.32/examples/VFS

[root@CentOS53 src]# cd samba-3.0.32/examples/VFS/

 

7. 將 samba-vscan 解壓縮到 samba-3.0.32/examples/VFS/ 目錄底下

[root@CentOS53 VFS]# tar zxf /tmp/samba-vscan-0.3.6c-beta5.tar.gz

 

8. 切換到 /usr/local/src/samba-3.0.32/source/

[root@CentOS53 VFS]# cd /usr/local/src/samba-3.0.32/source/

 

9. 執行 ./configure

[root@CentOS53 source]# ./configure

 

10. 執行 make headers

[root@CentOS53 source]# make headers

 

11. 切換到 samba-vscan-0.3.6c-beta5 目錄底下

[root@CentOS53 source]# cd /usr/local/src/samba-3.0.32/examples/VFS/samba-vscan-0.3.6c-beta5/

 

12. 執行 ./configure

[root@CentOS53 samba-vscan-0.3.6c-beta5]# ./configure

 

13. 執行 make

[root@CentOS53 samba-vscan-0.3.6c-beta5]# make

 

14. 複製 vscan-clamav.so /usr/lib/samba/vfs/ 目錄底下

[root@CentOS53 samba-vscan-0.3.6c-beta5]# cp vscan-clamav.so /usr/lib/samba/vfs/

 

15. 將 vscan 設定檔複製到 samba 目錄底下

[root@CentOS53 samba-vscan-0.3.6c-beta5]# cp clamav/vscan-clamav.conf /etc/samba/

 

16. 接著安裝 clamav,先下載相關套件,我一共下載了已下檔案,使用 rpm -ivh 安裝:

clamav-0.95.3-1.el5.rf.i386.rpm

clamav-db-0.95.3-1.el5.rf.i386.rpm

clamd-0.95.3-1.el5.rf.i386.rpm

 

17. 修改 /etc/samba/smb.conf,加入掃毒的選項,將設定寫在全域設定的區域裡:

vfs object = vscan-clamav

vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

 

18.  /etc/samba/vscan-clamav.conf 是掃毒的設定檔,常用的有:

 

max file size = 0                  設定檔案大小,超過該大小就不掃描,0 代表不限制

verbose file logging = yes         是否產生記錄

scan on open = yes                 檔案開啟時掃描

scan on close = yes                檔案關閉時掃描

deny access on error = yes         設定當 samba-vscan 無法呼叫掃毒模組時是否要拒絕所有檔案存取

deny access on minor error = yes   設定當 samba-vscan發生任何細微錯誤時是否要拒絕所有檔案存取

send warning message = yes         設定當samba-vscan發現病毒時,要不要使用 windows messenger 送出警告

infected file action = quarantine  發現病毒時動作  delete 刪除、quarantine、隔離、nothing 不作任何動作

quarantine directory  = /tmp       隔離目錄

quarantine prefix = vir-           隔離檔標頭名稱

clamd socket name = /tmp/clamd     請設定與 /etc/clamd.conf LocalSocket 的值相同

 

 

19. 修改完後將 samba與 clamav 啟動即可

 

 

 

clam 常用指令

 

檢視病毒碼版本

[root@CentOS53 ~]# clamscan --version

ClamAV 0.95.3/10350/Tue Feb  2 19:43:06 2010

 

 

 

 

 

 

 

掃毒(目前工作目錄下)

[root@CentOS53 ~]# clamscan

/root/.cshrc: OK

/root/.bash_logout: OK

/root/.bash_history: OK

/root/.lesshst: OK

/root/install.log: OK

/root/samba-vscan-0.3.6c-beta5.tar.gz: OK

/root/anaconda-ks.cfg: OK

/root/.tcshrc: OK

/root/.bashrc: OK

/root/install.log.syslog: OK

/root/.gtkrc-1.2-gnome2: OK

/root/.dmrc: OK

/root/.xsession-errors: OK

/root/samba-3.0.32.tar.gz: OK

/root/.ICEauthority: OK

/root/.bash_profile: OK

 

----------- SCAN SUMMARY -----------

Known viruses: 705904

Engine version: 0.95.3

Scanned directories: 1

Scanned files: 16

Infected files: 0

Data scanned: 86.27 MB

Data read: 20.95 MB (ratio 4.12:1)

Time: 17.455 sec (0 m 17 s)

 

 

 

 

 

 

 

 

 

 

更新病毒碼

[root@CentOS53 ~]# freshclam

ClamAV update process started at Wed Feb  3 10:41:06 2010

main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)

WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 140.128.9.18)

WARNING: getpatch: Can't download daily-9956.cdiff from db.tw.clamav.net

WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 210.71.23.120)

WARNING: getpatch: Can't download daily-9956.cdiff from db.tw.clamav.net

WARNING: getpatch: Can't download daily-9956.cdiff from db.tw.clamav.net

WARNING: Incremental update failed, trying to download daily.cvd

Downloading daily.cvd [100%]

daily.cvd updated (version: 10350, sigs: 161590, f-level: 44, builder: ccordes)

Database updated (706625 signatures) from db.tw.clamav.net (IP: 210.71.23.120)

Clamd successfully notified about the update.

 

如果要自動更新病毒碼,可在 crontab 裡加入 /usr/bin/freshclam 項目。


arrow
arrow
    全站熱搜

    xiangyang17 發表在 痞客邦 留言(0) 人氣()