| View previous topic :: View next topic |
| Author |
Message |
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
 Posted: Wed May 12, 2004 12:25 am Post subject: SAMBA -:- Working With ClamAV |
 |
|
Hi!
I'm trying to get my Samba running together with ClamAV but without the printers
as described in the Gentoo Docs.
I did emerge my SAMBA with the USE options defined in the docs and
emerged clamav. But after adding the VFS part in smb.conf that deals
with the clamav integration, testparm spits out the following:
| Code: |
root@kristy kristy # testparm
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "vfs options"
Ignoring unknown parameter "vfs options"
Processing section "[guests]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
|
Obviously, the part that SAMBA is having trouble with is:
vfs options = config-file = /etc/samba/vscan-clamav.conf
But why?
Has anyone managed to get ClamAV running with SAMBA to scan
shares automatically?
Thanks a bunch!
~Kristy
/etc/samba/smb.conf
| Code: |
[global]
workgroup = MAIN-ONE
server string =
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth0
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.0.1/24
hosts deny = 0.0.0.0/0
security = share
guest account = guest
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
vfs object = /usr/lib/samba/vfs/vscan-clamav.so
vfs options = config-file = /etc/samba/vscan-clamav.conf
[guests]
comment = Public Shared Folder
path = /tmp/shares
guest ok = yes
guest only = yes
read only = no
|
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer]
Last edited by KristyX on Thu Sep 02, 2004 6:30 am; edited 3 times in total |
|
| Back to top |
|
 |
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Wed May 19, 2004 3:57 pm Post subject: |
|
|
By the way, my vscan config is:
/etc/samba/vscan-clamav.conf
| Code: |
[samba-vscan]
max file size = 0
verbose file logging = no
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = yes
infected file action = delete
quarantine directory = /tmp/badshares
quarantine prefix = vir-
max lru files entries = 100
lru file entry lifetime = 5
clamd socket name = /var/run/clamd
|
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Thu May 20, 2004 10:34 am Post subject: |
|
|
for samba 2.2.x use:
| Code: | vfs object = /usr/lib/samba/vfs/vscan-clamav.so
vfs options = config-file = /etc/samba/vscan-clamav.conf |
for samba 3.x use:
| Code: | vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf |
Last edited by jcosters on Fri May 21, 2004 3:55 pm; edited 1 time in total |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Thu May 20, 2004 10:37 am Post subject: |
|
|
also, you need to explicitly edit /etc/conf.d/clamd to enable the scanner to startup when running /etc/init.d/clamd start
you can also set some other parameters there like the log file locations.
also, you need to edit /etc/clamav.conf, remove the bogus example line and set the socket file to /var/run/clamd
you might want to configure this file some more.
also, you need a /etc/samba/vscan-clamav.conf file which you can find (a sample) in the samba-vscan docs.
here you can tweak the behaviour of the scanner when used by samba.
then your setup should work |
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Sat May 22, 2004 1:23 am Post subject: |
|
|
Thank you so much for replying! I almost gave up hope of ever getting
Samba working with Clam 
The line worked! Samba starts without a hitch now
The thing is, using the sample virus-infected file from eicar.org, I copied it
into my shared folder through the network browser and it pasted without any
trouble  No error message, no access denied or anything.
Any ideas?
Thanks,
~Kristy
--------------------
/var/log/clamd.log
| Code: |
Sat May 22 08:59:12 2004 -> +++ Started at Sat May 22 08:59:12 2004
Sat May 22 08:59:12 2004 -> Log file size limited to 2097152 bytes.
Sat May 22 08:59:12 2004 -> Reading databases from /var/lib/clamav
Sat May 22 08:59:13 2004 -> Protecting against 21635 viruses.
Sat May 22 08:59:13 2004 -> Unix socket file /var/run/clamd
Sat May 22 08:59:13 2004 -> Setting connection queue length to 15
Sat May 22 08:59:13 2004 -> Archive: Archived file size limit set to 10485760 bytes.
Sat May 22 08:59:13 2004 -> Archive: Recursion level limit set to 5.
Sat May 22 08:59:13 2004 -> Archive: Files limit set to 1000.
Sat May 22 08:59:13 2004 -> Archive: Compression ratio limit set to 200.
Sat May 22 08:59:13 2004 -> Archive support enabled.
Sat May 22 08:59:13 2004 -> RAR support disabled.
Sat May 22 08:59:13 2004 -> Mail files support disabled.
Sat May 22 08:59:13 2004 -> OLE2 support enabled.
Sat May 22 08:59:13 2004 -> Self checking every 3600 seconds.
|
/etc/clamav.conf
| Code: |
# Comment or remove the line below.
# Example
LogFile /var/log/clamd.log
#LogFileUnlock
LogFileMaxSize 2M
LogTime
#LogClean
#LogSyslog
#LogVerbose
#PidFile /var/run/clamd.pid
#TemporaryDirectory /var/tmp
#DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamd
#FixStaleSocket
#TCPSocket 3310
TCPAddr 127.0.0.1
#MaxConnectionQueueLength 30
#StreamSaveToDisk
#StreamMaxLength 10M
#MaxThreads 10
#ReadTimeout 300
MaxDirectoryRecursion 15
#FollowDirectorySymlinks
#FollowFileSymlinks
#SelfCheck 600
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
#User clamav
#AllowSupplementaryGroups
#Foreground
#Debug
##
## Document scanning
##
ScanOLE2
#ScanMail
ScanArchive
#ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
#ArchiveLimitMemoryUsage
#ArchiveBlockEncrypted
#ClamukoScanOnAccess
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
#ClamukoIncludePath /students
#ClamukoExcludePath /home/guru
ClamukoMaxFileSize 1M
ClamukoScanArchive
|
/etc/samba/vscan-clamav.conf
| Code: |
[samba-vscan]
; run-time configuration for vscan-samba using
; clamd -- all options are set to default values
max file size = 0
verbose file logging = no
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = yes
infected file action = delete
quarantine directory = /tmp/badshares
quarantine prefix = vir-
max lru files entries = 100
lru file entry lifetime = 5
clamd socket name = /var/run/clamd
|
/etc/samba/smb.conf
| Code: |
[global]
workgroup = MAIN-ONE
server string =
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth0
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.0.1/24
hosts deny = 0.0.0.0/0
security = share
guest account = guest
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[guests]
comment = Public Shared Folder
path = /tmp/shares
guest ok = yes
guest only = yes
read only = no
|
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Sat May 22, 2004 10:59 am Post subject: |
|
|
You need an extra line in smb.conf (see below). Now your scanner is running, but it isn't called by samba.
My /var/log/clamav/clamd.log:
| Code: | Thu May 20 18:58:39 2004 -> +++ Started at Thu May 20 18:58:39 2004
Thu May 20 18:58:39 2004 -> Log file size limited to 1048576 bytes.
Thu May 20 18:58:39 2004 -> Verbose logging activated.
Thu May 20 18:58:39 2004 -> Setting /tmp as global temporary directory
Thu May 20 18:58:39 2004 -> Reading databases from /var/lib/clamav
Thu May 20 18:58:42 2004 -> Protecting against 21622 viruses.
Thu May 20 18:58:45 2004 -> Unix socket file /var/run/clamd
Thu May 20 18:58:45 2004 -> Setting connection queue length to 20
Thu May 20 18:58:45 2004 -> Listening daemon: PID: 10132
Thu May 20 18:58:45 2004 -> Archive: Archived file size limit set to 10485760 bytes.
Thu May 20 18:58:45 2004 -> Archive: Recursion level limit set to 5.
Thu May 20 18:58:45 2004 -> Archive: Files limit set to 1000.
Thu May 20 18:58:45 2004 -> Archive: Compression ratio limit set to 200.
Thu May 20 18:58:45 2004 -> Archive support enabled.
Thu May 20 18:58:45 2004 -> RAR support enabled.
Thu May 20 18:58:45 2004 -> Mail files support disabled.
Thu May 20 18:58:45 2004 -> OLE2 support enabled.
Thu May 20 18:58:45 2004 -> Self checking every 3600 seconds.
Fri May 21 17:49:45 2004 -> No stats for Database check - forcing reload
Fri May 21 17:49:45 2004 -> /home/jonathan/eicar.com: Eicar-Test-Signature FOUND
Fri May 21 17:49:45 2004 -> Reading databases from /var/lib/clamav
Fri May 21 17:49:51 2004 -> Database correctly reloaded (21635 viruses)
Fri May 21 17:50:11 2004 -> /home/jonathan/eicarcom2.zip: Eicar-Test-Signature FOUND
Fri May 21 18:08:17 2004 -> /home/jonathan/eicar.com: Eicar-Test-Signature FOUND
Fri May 21 18:08:41 2004 -> /home/jonathan/eicarcom2.zip: Eicar-Test-Signature FOUND
Fri May 21 18:37:35 2004 -> /home/jonathan/eicarcom2.zip: Eicar-Test-Signature FOUND
Fri May 21 18:51:55 2004 -> SelfCheck: Database status OK. |
My /etc/samba/vscan-clamav.conf:
| Code: | [samba-clamav]
max file size = 0
verbose logging = no
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = yes
infected file action = delete
max lru files entries = 100
lru file entry lifetime = 5
clamd socket name = /var/run/clamd |
My /etc/conf.d/clamd:
| Code: | # Config file for /etc/init.d/clamd
START_CLAMD=yes
CLAMD_OPTS=""
CLAMD_LOG=""
START_FRESHCLAM=yes
FRESHCLAM_OPTS="-d -c 2"
FRESHCLAM_LOG="/var/log/clamav/clam-update.log" |
My relevant /etc/samba/smb.conf entries (you need the vfs object line too):
| Code: | vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf |
BTW - you only get the virus warning messages if you are in the same NT workgroup as your samba server, I found that out the hard way. |
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Sat May 22, 2004 12:40 pm Post subject: |
|
|
Thank you *so* much Ice-O-Lator.. I don't get a warning message but the
eicar.com file doesn't get copied either
~Kristy
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Sat May 22, 2004 5:32 pm Post subject: |
|
|
no problem kristyX
I had to figure the lot out analysing samba's and clamd's logs, it took me some days to get it all to work. I think the official documentation should be updated.
Anyway, when you add
| Code: | | send warning message = yes |
inside your /etc/samba/vscan-clamav.conf
you normally should get a warning message sent by samba through the "net send" NT command when you try to open/close an infected file. you only receive it on the same workgroup.
Also, access to the infected file should be denied.
In my setup the file gets deleted immediately after virus detection, because I haven't found a way to repair infected files in Linux, so quarantining makes no sense to me.
Anyone got some other point of view? |
|
| Back to top |
|
|
thekk
n00b
Joined: 28 Jan 2004
Posts: 11
|
| Posted: Wed Sep 01, 2004 3:33 pm Post subject: |
|
|
| Quote: | In my setup the file gets deleted immediately after virus detection, because I haven't found a way to repair infected files in Linux, so quarantining makes no sense to me.
Anyone got some other point of view? |
Thanks for this great thread, now my all of my samba shares are protected through the virusscanner.
And on the other point of view: if you get a virus that tries to modify your files to attach itself to it, it might be able to recover the quarantined file in windows. You can copy them from the quaratine location (for example /tmp) through ssh and recover them on windows after the the client is cleaned. Then you can copy them back to the server. |
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Thu Sep 02, 2004 6:12 am Post subject: |
|
|
Okay, for some reason the users on my network aren't able to access my computer and list the shares.
This happened awhile back but I didn't have time to investigate.. basically, one day everything was fine and the next, it was not.
I'm not sure what could be the problem.. has anyone got any ideas why it can't find the vfs module??
Thanks,
Kristy
/var/log/samba3/log.christie
| Code: |
[2004/09/02 14:10:32, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [vscan-clamav]
[2004/09/02 14:10:32, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for vscan-clamav
[2004/09/02 14:10:32, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service IPC$
|
I have no idea what's wrong.. samba's testparm shows:
| Code: |
root@kristy samba3 # testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[guests]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = MAIN-ONE
server string =
interfaces = lo, eth0
bind interfaces only = Yes
security = SHARE
guest account = guest
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
vscan-clamav:config-file = /etc/samba/vscan-clamav.conf
hosts allow = 127.0.0.1, 192.168.0.1/24
hosts deny = 0.0.0.0/0
vfs objects = vscan-clamav
[guests]
comment = Public Shared Folder
path = /tmp/shares
read only = No
guest only = Yes
guest ok = Yes
|
And ClamAV doesn't seem to be having any troubles either:
/var/log/clamd.log
| Code: |
Thu Sep 2 14:10:17 2004 -> +++ Started at Thu Sep 2 14:10:17 2004
Thu Sep 2 14:10:17 2004 -> clamd daemon 0.75 (OS: linux-gnu, ARCH: i386, CPU: i686)
Thu Sep 2 14:10:17 2004 -> Log file size limited to 2097152 bytes.
Thu Sep 2 14:10:17 2004 -> Reading databases from /var/lib/clamav
Thu Sep 2 14:10:18 2004 -> Protecting against 23725 viruses.
Thu Sep 2 14:10:19 2004 -> Unix socket file /var/run/clamd
Thu Sep 2 14:10:19 2004 -> Setting connection queue length to 15
Thu Sep 2 14:10:19 2004 -> Archive: Archived file size limit set to 10485760 bytes.
Thu Sep 2 14:10:19 2004 -> Archive: Recursion level limit set to 5.
Thu Sep 2 14:10:19 2004 -> Archive: Files limit set to 1000.
Thu Sep 2 14:10:19 2004 -> Archive: Compression ratio limit set to 200.
Thu Sep 2 14:10:19 2004 -> Archive support enabled.
Thu Sep 2 14:10:19 2004 -> RAR support disabled.
Thu Sep 2 14:10:19 2004 -> Mail files support disabled.
Thu Sep 2 14:10:19 2004 -> OLE2 support enabled.
Thu Sep 2 14:10:19 2004 -> Self checking every 3600 seconds.
|
/var/log/clam-update.log
| Code: |
freshclam daemon 0.75 (OS: linux-gnu, ARCH: i386, CPU: i686)
ClamAV update process started at Thu Sep 2 14:10:19 2004
main.cvd is up to date (version: 26, sigs: 22925, f-level: 2, builder: tomek)
daily.cvd is up to date (version: 477, sigs: 802, f-level: 2, builder: diego)
--------------------------------------
|
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Thu Sep 02, 2004 9:46 am Post subject: |
|
|
| KristyX wrote: | | Code: | | vfs objects = vscan-clamav |
|
should read:
| Code: | | vfs object = vscan-clamav |
But I guess that's just a typo, right? |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Thu Sep 02, 2004 9:50 am Post subject: |
|
|
| thekk wrote: |
on the other point of view: if you get a virus that tries to modify your files to attach itself to it, it might be able to recover the quarantined file in windows. You can copy them from the quaratine location (for example /tmp) through ssh and recover them on windows after the the client is cleaned. Then you can copy them back to the server. |
That should work indeed. |
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Thu Sep 02, 2004 11:53 am Post subject: |
|
|
Okay, that's really weird.
My smb.conf file states:
/etc/samba/smb.conf
| Code: |
[global]
workgroup = MAIN-ONE
server string =
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth0
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.0.1/24
hosts deny = 0.0.0.0/0
security = share
guest account = guest
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[guests]
comment = Public Shared Folder
path = /tmp/shares
guest ok = yes
guest only = yes
read only = no
|
But testparm spits out:
| Code: |
kristy@kristy kristy $ testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[guests]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = MAIN-ONE
server string =
interfaces = lo, eth0
bind interfaces only = Yes
security = SHARE
guest account = guest
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
vscan-clamav:config-file = /etc/samba/vscan-clamav.conf
hosts allow = 127.0.0.1, 192.168.0.1/24
hosts deny = 0.0.0.0/0
vfs objects = vscan-clamav
[guests]
comment = Public Shared Folder
path = /tmp/shares
read only = No
guest only = Yes
guest ok = Yes
|
Why does testparm show "vfs objects" when it clearly states that it's using /etc/samba/smb.conf?
I increased Samba's Debug Level to 2 and when the computer "Isaac" tries to connect:
/var/log/samba3/log.isaac
| Code: |
[2004/09/02 20:15:49, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2004/09/02 20:15:49, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.0.4)
[2004/09/02 20:15:49, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [vscan-clamav]
[2004/09/02 20:15:49, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for vscan-clamav
[2004/09/02 20:15:49, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service IPC$
[2004/09/02 20:15:49, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2004/09/02 20:15:49, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.0.4)
[2004/09/02 20:15:49, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [guest] -> [guest] FAILED with error NT_STATUS_LOGON_FAILURE
[2004/09/02 20:15:49, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [guest] -> [guest] FAILED with error NT_STATUS_LOGON_FAILURE
[2004/09/02 20:15:49, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [vscan-clamav]
[2004/09/02 20:15:49, 0] smbd/vfs.c:smbd_vfs_init(319)
smbd_vfs_init: vfs_init_custom failed for vscan-clamav
[2004/09/02 20:15:49, 0] smbd/service.c:make_connection_snum(502)
vfs_init failed for service IPC$
[2004/09/02 20:15:49, 2] smbd/server.c:exit_server(568)
Closing connections
|
Isaac's computer never asks him for a password when he tries to connect.. so what's up with the:
[2004/09/02 20:15:49, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [guest] -> [guest] FAILED with error
~Kristy
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Thu Sep 02, 2004 2:12 pm Post subject: |
|
|
| KristyX wrote: | | Why does testparm show "vfs objects" when it clearly states that it's using /etc/samba/smb.conf? |
Not real sure at this time ... weird.
I'm guessing testparm makes a list of all "vfs object" directives and groups them in one "vfs objects" directive when it outputs. Maybe you can check it out adding the recycle bin -or another- vfs object to the same share? If I'm right, testparm should list something like | Code: | | vfs objects = vscan-clamav recycler |
| KristyX wrote: | Isaac's computer never asks him for a password when he tries to connect.. so what's up with the:
[2004/09/02 20:15:49, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [guest] -> [guest] FAILED with error |
I think this is the reason why your users can't list shares.
Does the guest account exist in /etc/passwd ? I see you have mapped guest to the guest account. That isn't really necessary. Also, if guest is not in /etc/passwd with your current setup, you won't be able to even list the shares because samba uses guest to get the listing from the server. I'm also thinking this is causing the vscan-clamav module not being found by samba, but I can't explain why.
I bet you can fix your problem using these directives:
| Code: | # Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# Allow users to map to guest:
map to guest = bad user |
Like this, any user can access shares using the guest account, without needing to enter a password.
You don't need the guest account mapping to an account in /etc/passwd, samba uses nobody as default. |
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Fri Sep 03, 2004 1:22 am Post subject: |
|
|
I tried it but now the error has just changed to "nobody" instead of guest.
There is a guest & a nobody account in /etc/passwd.. I'm going to see if Google can give me any clues :)
| Code: |
[2004/09/03 09:22:52, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_WRONG_PASSWORD
[2004/09/03 09:22:52, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_WRONG_PASSWORD
[2004/09/03 09:22:52, 0] smbd/vfs.c:vfs_init_custom(256)
Can't find a vfs module [vscan-clamav]
|
~Kristy
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Fri Sep 03, 2004 10:05 am Post subject: |
|
|
Hey Ice-O-Lator.. the problem is definately not the guest/passwords thing because, as soon as I comment the lines:
Everything works just fine (even though the logs still show the guest error) and Win98 machines are able to access the files in my shared folder with no problems.
Going to re-emerge ClamAV.
~Kristy
| Code: |
#vfs object = vscan-clamav
#vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
|
/var/log/samba3/log.christie
| Code: |
[2004/09/03 18:15:19, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2004/09/03 18:15:19, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.0.2)
[2004/09/03 18:15:21, 2] smbd/server.c:exit_server(568)
Closing connections
[2004/09/03 18:15:22, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2004/09/03 18:15:22, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.0.2)
[2004/09/03 18:15:22, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [guest] -> [guest] FAILED with error NT_STATUS_WRONG_PASSWORD
[2004/09/03 18:15:24, 2] smbd/server.c:exit_server(568)
Closing connections
|
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Fri Sep 03, 2004 10:58 am Post subject: |
|
|
Hey Ice-O-Lator.. can you do a search and tell me where vscan-clamav.so is supposed to be located? I can't find it and I've already tried re-emerging ClamAV.
Thanks :)
Kristy
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Sun Sep 05, 2004 4:28 pm Post subject: |
|
|
vscan-clamav is part of samba-vscan i think (use flag: oav builds interfaces for some scanners when you emerge samba), so re-emerging clamd won't help.
| Code: | maertens ice-o-lator # slocate vscan
/usr/lib/vfs/vscan-clamav.so
/usr/lib/vfs/vscan-sophos.so
/usr/lib/vfs/vscan-mksd.so
/usr/lib/vfs/vscan-fsav.so
/usr/lib/vfs/vscan-trend.so
/usr/lib/vfs/vscan-mcdaemon.so
/usr/lib/vfs/vscan-icap.so
/usr/lib/vfs/vscan-oav.so
/usr/lib/vfs/vscan-fprotd.so
/usr/lib/vfs/vscan-kavp.so
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/FAQ.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-symantec.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/README.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-mks32.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/TODO.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-fsav.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-fprotd.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/NEWS.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/INSTALL.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-oav.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/COPYING.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/AUTHORS.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-sophos.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-trend.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-icap.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-kavp.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-mcdaemon.conf.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/ChangeLog.gz
/usr/share/doc/samba-3.0.5/samba-vscan-0.3.5/vscan-clamav.conf.gz |
re-emerge samba? maybe you rebuilt samba somehow without the oav useflag and now the vscan modules are deleted?
these are my flags:
| Code: | maertens root # emerge -pv samba
These are the packages that I would merge, in order:
Calculating dependencies ...done!
[ebuild R ] net-fs/samba-3.0.5 +acl +cups +doc -kerberos +ldap +mysql +oav +pam -postgres +python +readline -xml +xml2 0 kB |
|
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Mon Sep 06, 2004 1:54 am Post subject: |
|
|
You're right.. I just checked my USE flags and Samba was upgraded without oav in the flags 
I've placed oav in my make.conf and will be re-emerging Samba tonite.
Sorry for all the trouble 
~Kristy
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Mon Sep 06, 2004 8:30 am Post subject: |
|
|
Yes, the culprit was me heh.
Samba has re-emerged and everything is working just fine with ClamAV :)
Thanks for bearing with me.. (I know, I know)
~Kristy
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Mon Sep 06, 2004 9:12 am Post subject: |
|
|
no problem 
Another thing: I noticed samba shares preforming slooooow when I make samba scan them for viruses.
My server system is nothing more than an old Compaq Deskpro with a P2 400Mhz and 512MB RAM. Also, 120 GB disk space.
At first I thought it was just samba behaving badly, but after snooping around I noticed it was the clamd scanner scanning every file on read. So when I opened that share from a windows box with explorer, every file was read AND scanned. This caused very bad performance in explorer, like 5 minutes to get a (large: hundreds of files in a directory) directory listing.
Turning off the "on read" scanning fixed this, now files only are scanned on write.
cheers! |
|
| Back to top |
|
|
KristyX
Apprentice
Joined: 18 Dec 2003
Posts: 206
Location: Malaysia
|
| Posted: Mon Sep 06, 2004 10:03 am Post subject: |
|
|
Thanks for the tip. I think I'll do the same :)
_________________
Knowledge is a process of piling up facts; wisdom lies in their simplification. [Martin Fischer] |
|
| Back to top |
|
|
thekk
n00b
Joined: 28 Jan 2004
Posts: 11
|
| Posted: Tue Sep 07, 2004 1:55 pm Post subject: |
|
|
I've done the same, and directory listings are indeed much faster. Just a note to other users: do not do this if users can copy files to the shares in another way than through samba.
And the line to change (in /etc/samba/vscan-clamav.conf) is:
Not that users have that permission here, but as a safeguard, I think I'm going to setup cron to scan all of the shares at night (when nobody uses them), with another virusscanner (paranoid anyone?). |
|
| Back to top |
|
|
jcosters
Tux's lil' helper
Joined: 26 Feb 2003
Posts: 104
Location: Gent, Belgium
|
| Posted: Tue Sep 07, 2004 2:16 pm Post subject: |
|
|
| thekk wrote: | And the line to change (in /etc/samba/vscan-clamav.conf) is:
Not that users have that permission here, but as a safeguard, I think I'm going to setup cron to scan all of the shares at night (when nobody uses them), with another virusscanner (paranoid anyone?). |
I forgot to mention the line in vscan-clamav.conf. Thanks.
Scanning the whole share(s) at night is a great idea.
Know of any other (free) virusscanners? Or would you use a Windows virusscanner to be able to repair infected files? |
|
| Back to top |
|
|
|
Networking & Security
