前言
Samba 提供了讓 Linux 與 windows 的使用者能夠互相存取檔案的功能,但也因為這樣使得主機中毒的風險增加,因此便需要安裝防毒軟體來降低風險。底下將示範 ClamAV+Samba的設定步驟。
ClamAV+Samba建置實作
1. 確認 samba版本
[root@CentOS53 ~]# rpm -qa |grep samba
samba-3.0.33-3.7.el5_3.1
2. 下載 samba
[root@CentOS53 tmp]# wget http://us5.samba.org/samba/ftp/old-versions/samba-3.0.32.tar.gz
3. 下載 samba-vscan
[root@CentOS53 tmp]# wget http://www.openantivirus.org/download/samba-vscan-0.3.6c-beta5.tar.gz
4. 切換到 /usr/local/src/
[root@CentOS53 tmp]# cd /usr/local/src/
5. 將 samba 解壓縮
[root@CentOS53 src]# tar zxf /tmp/samba-3.0.32.tar.gz
6. 切換目錄 samba-3.0.32/examples/VFS
[root@CentOS53 src]# cd samba-3.0.32/examples/VFS/
7. 將 samba-vscan 解壓縮到 samba-3.0.32/examples/VFS/ 目錄底下
[root@CentOS53 VFS]# tar zxf /tmp/samba-vscan-0.3.6c-beta5.tar.gz
8. 切換到 /usr/local/src/samba-3.0.32/source/
[root@CentOS53 VFS]# cd /usr/local/src/samba-3.0.32/source/
9. 執行 ./configure
[root@CentOS53 source]# ./configure
10. 執行 make headers
[root@CentOS53 source]# make headers
11. 切換到 samba-vscan-0.3.6c-beta5 目錄底下
[root@CentOS53 source]# cd /usr/local/src/samba-3.0.32/examples/VFS/samba-vscan-0.3.6c-beta5/
12. 執行 ./configure
[root@CentOS53 samba-vscan-0.3.6c-beta5]# ./configure
13. 執行 make
[root@CentOS53 samba-vscan-0.3.6c-beta5]# make
14. 複製 vscan-clamav.so 到 /usr/lib/samba/vfs/ 目錄底下
[root@CentOS53 samba-vscan-0.3.6c-beta5]# cp vscan-clamav.so /usr/lib/samba/vfs/
15. 將 vscan 設定檔複製到 samba 目錄底下
[root@CentOS53 samba-vscan-0.3.6c-beta5]# cp clamav/vscan-clamav.conf /etc/samba/
16. 接著安裝 clamav,先下載相關套件,我一共下載了已下檔案,使用 rpm -ivh 安裝:
clamav-0.95.3-1.el5.rf.i386.rpm
clamav-db-0.95.3-1.el5.rf.i386.rpm
clamd-0.95.3-1.el5.rf.i386.rpm
17. 修改 /etc/samba/smb.conf,加入掃毒的選項,將設定寫在全域設定的區域裡:
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
18. /etc/samba/vscan-clamav.conf 是掃毒的設定檔,常用的有:
max file size = 0 設定檔案大小,超過該大小就不掃描,0 代表不限制
verbose file logging = yes 是否產生記錄
scan on open = yes 檔案開啟時掃描
scan on close = yes 檔案關閉時掃描
deny access on error = yes 設定當 samba-vscan 無法呼叫掃毒模組時是否要拒絕所有檔案存取
deny access on minor error = yes 設定當 samba-vscan發生任何細微錯誤時是否要拒絕所有檔案存取
send warning message = yes 設定當samba-vscan發現病毒時,要不要使用 windows messenger 送出警告
infected file action = quarantine 發現病毒時動作 delete 刪除、quarantine、隔離、nothing 不作任何動作
quarantine directory = /tmp 隔離目錄
quarantine prefix = vir- 隔離檔標頭名稱
clamd socket name = /tmp/clamd 請設定與 /etc/clamd.conf 裡 LocalSocket 的值相同
19. 修改完後將 samba與 clamav 啟動即可
clam 常用指令
檢視病毒碼版本
[root@CentOS53 ~]# clamscan --version
ClamAV 0.95.3/10350/Tue Feb 2 19:43:06 2010
掃毒(目前工作目錄下)
[root@CentOS53 ~]# clamscan
/root/.cshrc: OK
/root/.bash_logout: OK
/root/.bash_history: OK
/root/.lesshst: OK
/root/install.log: OK
/root/samba-vscan-0.3.6c-beta5.tar.gz: OK
/root/anaconda-ks.cfg: OK
/root/.tcshrc: OK
/root/.bashrc: OK
/root/install.log.syslog: OK
/root/.gtkrc-1.2-gnome2: OK
/root/.dmrc: OK
/root/.xsession-errors: OK
/root/samba-3.0.32.tar.gz: OK
/root/.ICEauthority: OK
/root/.bash_profile: OK
----------- SCAN SUMMARY -----------
Known viruses: 705904
Engine version: 0.95.3
Scanned directories: 1
Scanned files: 16
Infected files: 0
Data scanned: 86.27 MB
Data read: 20.95 MB (ratio 4.12:1)
Time: 17.455 sec (0 m 17 s)
更新病毒碼
[root@CentOS53 ~]# freshclam
ClamAV update process started at Wed Feb 3 10:41:06 2010
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 140.128.9.18)
WARNING: getpatch: Can't download daily-9956.cdiff from db.tw.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 210.71.23.120)
WARNING: getpatch: Can't download daily-9956.cdiff from db.tw.clamav.net
WARNING: getpatch: Can't download daily-9956.cdiff from db.tw.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 10350, sigs: 161590, f-level: 44, builder: ccordes)
Database updated (706625 signatures) from db.tw.clamav.net (IP: 210.71.23.120)
Clamd successfully notified about the update.
如果要自動更新病毒碼,可在 crontab 裡加入 /usr/bin/freshclam 項目。
留言列表