WBITT

We Bring In Tomorrows Technology

  • Full Screen
  • Wide Screen
  • Narrow Screen
  • Increase font size
  • Default font size
  • Decrease font size

Samba with CLAMAV

E-mail Print PDF
User Rating: / 9
PoorBest 

Assalam-u-alaikum,

This article was written, almost a year ago. But is being placed here on public demand. Hopefully it will serve as a guide to implementation/integration of CLAMAV with Samba. Also note that this is more of a BLOG than a howto. So make sure you read the full article before deciding which parts of it to use.

Creation Date: 20070721
Last updated: 20070721
OS: CENTOS 5.0
SAMBA: 3.0.23c (Came built in CENTOS 5.0  ,RPM format)
CLAMAV: 0.91.1 (From source code)
SAMBA-VSCAN: 0.3.6b (from www.openantivirus.org)
Help and ideas from: http://www.gentoo.org/doc/en/quick-samba-howto.xml  AND google.

Install SAMBA:
[root@fileserver ~]# rpm -qa | grep -i samba
samba-common-3.0.23c-2
samba-client-3.0.23c-2
system-config-samba-1.2.39-1.el5
samba-3.0.23c-2
[root@fileserver ~]#


Get SAMBA-VSCAN from openantivirus project website (http://sourceforge.net/project/showfiles.php?group_id=10590) or (http://www.openantivirus.org/projects.php):

[root@fileserver ~]# wget http://nchc.dl.sourceforge.net/sourceforge/openantivirus/samba-vscan-0.3.6b.tar.bz2
--21:37:41--  http://nchc.dl.sourceforge.net/sourceforge/openantivirus/samba-vscan-0.3.6b.tar.bz2
Resolving nchc.dl.sourceforge.net... 211.79.61.10, 2001:e10:5c00:1::10
Connecting to nchc.dl.sourceforge.net|211.79.61.10|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 164471 (161K) [application/x-tar]
Saving to: `samba-vscan-0.3.6b.tar.bz2'

100%[==========================================================>] 164,471     28.7K/s   in 6.6s

21:37:49 (24.3 KB/s) - `samba-vscan-0.3.6b.tar.bz2' saved [164471/164471]






Install CLAMAV

YUM repository:

http://crash.fce.vutbr.cz/yum-repository.html

rpm --import Petr.Kristof-GPG-KEY
cp Petr.Kristof-GPG-KEY /etc/pki/rpm-g

wget http://crash.fce.vutbr.cz/crash-hat.repo
cp crash-hat.repo /etc/yum.repos.d/

[root@fileserver ~]# yum install clamav
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
crash-hat                 100% |=========================|  951 B    00:00
Reading repository metadata in from local files
primary.xml.gz            100% |=========================|  23 kB    00:04
crash-hat : ################################################## 90/90
Added 90 new packages, deleted 0 old in 1.41 seconds
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav to pack into transaction set.
clamav-0.90.3-1.i386.rpm  100% |=========================|  27 kB    00:04
---> Package clamav.i386 115:0.90.3-1 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
clamav                  i386       115:0.90.3-1     crash-hat         1.3 M

Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 1.3 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: clamav                       ######################### [1/1]
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Sat Jul 21 20:44:38 2007
Querying current.cvd.clamav.net
TTL: 300
Retrieving http://db.pk.clamav.net/main.cvd
Trying to download http://db.pk.clamav.net/main.cvd (IP: 58.221.222.66)
main.cvd updated (version: 44, sigs: 133163, f-level: 20, builder: sven)
DON'T PANIC! Read http://www.clamav.net/support/faq
Retrieving http://db.pk.clamav.net/daily.cvd
Trying to download http://db.pk.clamav.net/daily.cvd (IP: 58.221.222.66)
nonblock_recv: recv timing out (30 secs)
Trying again in 5 secs...
ClamAV update process started at Sat Jul 21 20:51:24 2007
Querying current.cvd.clamav.net
TTL: 300
If-Modified-Since: Sat, 21 Jul 2007 15:50:49 GMT
Reading CVD header (main.cvd): Connected to db.pk.clamav.net (IP: 222.124.18.201).
Trying to retrieve CVD header of http://db.pk.clamav.net/main.cvd
OK
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Please check if ClamAV tools are linked against proper version of libclamav
DON'T PANIC! Read http://www.clamav.net/support/faq
Retrieving http://db.pk.clamav.net/daily.cvd
Ignoring mirror 222.124.18.201 (too often connections with outdated version)
Trying again in 5 secs...
ClamAV update process started at Sat Jul 21 20:51:30 2007
Querying current.cvd.clamav.net
TTL: 294
If-Modified-Since: Sat, 21 Jul 2007 15:50:49 GMT
Reading CVD header (main.cvd): Connected to db.pk.clamav.net (IP: 219.127.68.136).
Trying to retrieve CVD header of http://db.pk.clamav.net/main.cvd
OK
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Please check if ClamAV tools are linked against proper version of libclamav
DON'T PANIC! Read http://www.clamav.net/support/faq
Retrieving http://db.pk.clamav.net/daily.cvd
Ignoring mirror 219.127.68.136 (too often connections with outdated version)
Giving up on db.pk.clamav.net...
ClamAV update process started at Sat Jul 21 20:51:40 2007
Querying current.cvd.clamav.net
TTL: 284
If-Modified-Since: Sat, 21 Jul 2007 15:50:49 GMT
Reading CVD header (main.cvd): Connected to database.clamav.net (IP: 219.117.246.122).
Trying to retrieve CVD header of http://database.clamav.net/main.cvd
OK
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Please check if ClamAV tools are linked against proper version of libclamav
DON'T PANIC! Read http://www.clamav.net/support/faq
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 219.117.246.122 (too often connections with outdated version)
Trying again in 5 secs...
ClamAV update process started at Sat Jul 21 20:51:46 2007
Querying current.cvd.clamav.net
TTL: 278
If-Modified-Since: Sat, 21 Jul 2007 15:50:49 GMT
Reading CVD header (main.cvd): Connected to database.clamav.net (IP: 218.44.253.75).
Trying to retrieve CVD header of http://database.clamav.net/main.cvd
OK
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Please check if ClamAV tools are linked against proper version of libclamav
DON'T PANIC! Read http://www.clamav.net/support/faq
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 218.44.253.75 (too often connections with outdated version)
Trying again in 5 secs...
ClamAV update process started at Sat Jul 21 20:51:52 2007
Querying current.cvd.clamav.net
TTL: 272
If-Modified-Since: Sat, 21 Jul 2007 15:50:49 GMT
Reading CVD header (main.cvd): Ignoring mirror 222.124.18.201 (too often connections with outdated version)
Ignoring mirror 58.221.222.66 (too often connections with outdated version)
Trying host database.clamav.net (61.205.61.201)...
Connected to database.clamav.net (IP: 61.205.61.201).
Trying to retrieve CVD header of http://database.clamav.net/main.cvd
OK
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Please check if ClamAV tools are linked against proper version of libclamav
DON'T PANIC! Read http://www.clamav.net/support/faq
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 61.205.61.201 (too often connections with outdated version)
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.

Installed: clamav.i386 115:0.90.3-1
Complete!
[root@fileserver ~]#                                                      


## RPM EFFORT for CLAMAV PROVED USELESS.

#############

CLAMAV from source:


[root@fileserver clamav-0.91.1]# ./configure && make && make install && echo "Success"

[root@fileserver clamav-0.91.1]# cp  contrib/init/RedHat/clam* /etc/init.d/
[root@fileserver clamav-0.91.1]# chmod +x /etc/init.d/clam*

[root@fileserver clamav-0.91.1]# vi /usr/local/etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogVerbose yes
PidFile /var/run/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.socket
User clamav



[root@fileserver clamav-0.91.1]# useradd -c "clamav user" -d /dev/null -s /sbin/nologin clamav


[root@fileserver clamav-0.91.1]# mkdir /var/log/clamav
[root@fileserver clamav-0.91.1]# mkdir /var/run/clamav

[root@fileserver clamav-0.91.1]# chown clamav:clamav /var/log/clamav -R 

[root@fileserver clamav-0.91.1]# /etc/init.d/clamd start
Starting clamd:                                            [  OK  ]
[root@fileserver clamav-0.91.1]#


[root@fileserver ~]# cat /var/log/clamav/clamd.log
+++ Started at Sat Jul 21 21:25:21 2007
clamd daemon 0.91.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
Running as user clamav (UID 500, GID 500)
Log file size limited to 2097152 bytes.
Reading databases from /var/lib/clamav
ERROR: Input/Output error
[root@fileserver ~]# 

OHHHHHHHHH!!!



[root@fileserver ~]# mkdir /var/lib/clamav
[root@fileserver ~]# chown clamav:clamav /var/lib/clamav -R
[root@fileserver ~]# cd /var/lib/clamav/
[root@fileserver clamav]# ls
[root@fileserver clamav]# wget http://db.local.clamav.net/main.cvd
--21:29:51--  http://db.local.clamav.net/main.cvd
Resolving db.local.clamav.net... 193.140.100.10, 202.71.97.92, 203.16.234.78, ...
Connecting to db.local.clamav.net|193.140.100.10|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10251443 (9.8M) [text/plain]
Saving to: `main.cvd'

100%[==========================================================>] 10,251,443  26.8K/s   in 6m 12s

21:36:05 (26.9 KB/s) - `main.cvd' saved [10251443/10251443]

[root@fileserver clamav]# wget http://db.local.clamav.net/daily.cvd
--21:39:13--  http://db.local.clamav.net/daily.cvd
Resolving db.local.clamav.net... 193.140.100.10, 202.71.97.92, 203.16.234.78, ...
Connecting to db.local.clamav.net|193.140.100.10|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 200864 (196K) [text/plain]
Saving to: `daily.cvd'

100%[==========================================================>] 200,864     28.5K/s   in 7.8s

21:39:23 (25.0 KB/s) - `daily.cvd' saved [200864/200864]

[root@fileserver clamav]#      



[root@fileserver clamav]# chown clamav:clamav /var/lib/clamav -R


service clamd restart


[root@fileserver clamav]# tail -f /var/log/clamav/clamd.log

+++ Started at Sat Jul 21 21:49:34 2007
clamd daemon 0.91.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
Running as user clamav (UID 500, GID 500)
Log file size limited to 2097152 bytes.
Reading databases from /var/lib/clamav
Loaded 139549 signatures.
Unix socket file /tmp/clamd.socket
Setting connection queue length to 15
ERROR: Can't save PID in file /var/run/clamd.pid #### <----------
Listening daemon: PID: 12126
Archive: Archived file size limit set to 10485760 bytes.
Archive: Recursion level limit set to 8.
Archive: Files limit set to 1000.
Archive: Compression ratio limit set to 250.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
Mail: Recursion level limit set to 64.
OLE2 support enabled.
PDF support disabled.
HTML support enabled.
Self checking every 1800 seconds.


[root@fileserver ~]# mkdir /var/run/clamav
[root@fileserver ~]# chown clamav:clamav /var/run/clamav -R

Edit the /usr/local/etc/clamav.conf and update the following:
PidFile /var/run/clamav/clamd.pid


[root@fileserver ~]# service clamd restart
Stopping clamd:                                            [  OK  ]
Starting clamd:                                            [  OK  ]
[root@fileserver ~]#

[root@fileserver clamav]# tail -f /var/log/clamav/clamd.log
Shutting down the main socket.
Closing the main socket.
Socket file removed.
ERROR: Can't unlink the pid file /var/run/clamd.pid
--- Stopped at Sat Jul 21 21:54:24 2007
+++ Started at Sat Jul 21 21:54:25 2007
clamd daemon 0.91.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
Running as user clamav (UID 500, GID 500)
Log file size limited to 2097152 bytes.
Reading databases from /var/lib/clamav
Loaded 139549 signatures.
Unix socket file /tmp/clamd.socket
Setting connection queue length to 15
Listening daemon: PID: 15742
Archive: Archived file size limit set to 10485760 bytes.
Archive: Recursion level limit set to 8.
Archive: Files limit set to 1000.
Archive: Compression ratio limit set to 250.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
Mail: Recursion level limit set to 64.
OLE2 support enabled.
PDF support disabled.
HTML support enabled.
Self checking every 1800 seconds.


[root@fileserver ~]# service clamd status
clamd (pid 1057) is running...
[root@fileserver ~]#


------------

At this point we have a functional CLAMAV (compiled from source) and functional SAMBA (from RPM). We also have downloaded samba-vscan from openantivirus.org. Now we need to compile samba-vscan and integrate it between SAMBA and CLAMAV.
To compile this we need SAMBA source as CENTOS 5 does not contain samba-devel. (What a disappointment!)

Get samba source from www.samba.org

[root@fileserver ~]# wget http://us3.samba.org/samba/ftp/stable/samba-3.0.25b.tar.gz

[root@fileserver ~]# tar xzf samba-3.0.25b.tar.gz

cd samba-3.0.25b/source

./configure

[root@fileserver source]# make proto


Now you must do some compile time settings in the samba-vscan source before compiling that.

[root@fileserver source]# cd ../../samba-vscan-0.3.6b


[root@fileserver samba-vscan-0.3.6b]# vi clamav/vscan-clamav.h


Now compile samba-vscan :

cp -r /root/samba-vscan-0.3.6b  /root/samba-3.0.25b/examples/VFS/

cd /root/samba-3.0.25b/examples/VFS/

[root@fileserver samba-vscan-0.3.6b]# ./configure


Since we want only the clamav backend:


[root@fileserver samba-vscan-0.3.6b]# make clamav
Compiling global/vscan-functions.c with -fPIC
In file included from /root/samba-3.0.25b/examples/VFS/samba-vscan-0.3.6b/include/vscan-global.h:4,
from global/vscan-functions.c:15:
/root/samba-3.0.25b/source/include/includes.h:102:31: error: system/capability.h: No such file or directory
/root/samba-3.0.25b/source/include/includes.h:103:24: error: system/dir.h: No such file or directory
/root/samba-3.0.25b/source/include/includes.h:104:28: error: system/filesys.h: No such file or directory
/root/samba-3.0.25b/source/include/includes.h:105:25: error: system/glob.h: No such file or directory
/root/samba-3.0.25b/source/include/includes.h:106:26: error: system/iconv.h: No such file or directory
/root/samba-3.0.25b/source/include/includes.h:107:27: error: system/locale.h: No such file or directory
/root/samba-3.0.25b/source/include/includes.h:108:28: error: system/network.h: No such file or directory
. . .
. . .


OHHHHHHHHHHHHHHHHHHHHHH   !!!!!!1

So I downloaded samba-3.0.23c source and redid the steps above:

[root@fileserver ~]# wget http://us3.samba.org/samba/ftp/old-versions/samba-3.0.23c.tar.gz

[root@fileserver ~]# tar xzf samba-3.0.23c.tar.gz

[root@fileserver ~]# cd samba-3.0.23c/source

[root@fileserver source]# ./configure && make proto


[root@fileserver ~]# cp -r /root/samba-vscan-0.3.6b /root/samba-3.0.23c/examples/VFS/


[root@fileserver ~]# cd /root/samba-3.0.23c/examples/VFS/samba-vscan-0.3.6b/


[root@fileserver samba-vscan-0.3.6b]# ./configure


[root@fileserver samba-vscan-0.3.6b]# make clamav

Compiling global/vscan-functions.c with -fPIC
Compiling global/vscan-message.c with -fPIC
Compiling global/vscan-quarantine.c with -fPIC
Compiling global/vscan-fileaccesslog.c with -fPIC
Compiling global/vscan-filetype.c with -fPIC
Compiling global/vscan-parameter.c with -fPIC
Compiling clamav/vscan-clamav.c with -fPIC
Compiling clamav/vscan-clamav_core.c with -fPIC
Linking vscan-clamav.so
with libs:  -lmagic
[root@fileserver samba-vscan-0.3.6b]#            


ALHUMDULILLAH


Check where are the library files placed for your samba vfs:-

[root@fileserver samba-vscan-0.3.6b]# rpm -ql samba| grep vfs
/usr/lib/samba/vfs
/usr/lib/samba/vfs/audit.so
/usr/lib/samba/vfs/cap.so
/usr/lib/samba/vfs/default_quota.so
/usr/lib/samba/vfs/expand_msdfs.so
/usr/lib/samba/vfs/extd_audit.so
/usr/lib/samba/vfs/fake_perms.so
/usr/lib/samba/vfs/full_audit.so
/usr/lib/samba/vfs/netatalk.so
/usr/lib/samba/vfs/readonly.so
/usr/lib/samba/vfs/recycle.so
/usr/lib/samba/vfs/shadow_copy.so
/usr/share/doc/samba-3.0.23c/htmldocs/Samba3-Developers-Guide/vfs.html
/usr/share/doc/samba-3.0.23c/htmldocs/manpages/vfstest.1.html
[root@fileserver samba-vscan-0.3.6b]#                     



Place the newly compiled vscan-clamav.so to /usr/lib/samba/vfs

[root@fileserver samba-vscan-0.3.6b]# cp vscan-clamav.so /usr/lib/samba/vfs/

And it's config file to /etc/samba/

[root@fileserver samba-vscan-0.3.6b]# cp clamav/vscan-clamav.conf /etc/samba/

You may want to edit the /etc/samba/vscan-clamav.conf file and setup certain settings:

[root@fileserver samba-vscan-0.3.6b]# vi /etc/samba/vscan-clamav.conf
[samba-vscan]
max file size = 0
verbose file logging = no
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = yes
infected file action = delete
quarantine directory  = /tmp
quarantine prefix = virusinfected-
max lru files entries = 100
lru file entry lifetime = 5
exclude file types =
clamd socket name = /var/run/clamav/clamd.socket
libclamav max files in archive = 1000
libclamav max archived file size = 10485760
libclamav max recursion level = 5


Alright, time to setup a samba share and test it through windows.

[root@fileserver samba-vscan-0.3.6b]# vi /etc/samba/smb.conf
. . .
[data]
path = /data
public = yes
guest ok = yes
writeable = yes
browseable = yes
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf




[root@fileserver samba-vscan-0.3.6b]# mkdir /data
[root@fileserver samba-vscan-0.3.6b]# chmod 777 /data


[root@fileserver samba-vscan-0.3.6b]# service smb restart
Shutting down SMB services:                                [  OK  ]
Shutting down NMB services:                                [FAILED]
Starting SMB services:                                     [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@fileserver samba-vscan-0.3.6b]#


TESTING:

Download sample files virus files from www.eicar.org

EICAR = European Institute for Computer Antivirus Research.

[root@fileserver ~]# wget http://www.eicar.org/download/eicar.com
[root@fileserver ~]# wget http://www.eicar.org/download/eicar.com.txt
[root@fileserver ~]# wget http://www.eicar.org/download/eicar_com.zip
[root@fileserver ~]# wget http://www.eicar.org/download/eicarcom2.zip

Open two different terminals. One for smbclient and the other to view the log file.


Terminal # 1:
[root@fileserver ~]# smbclient  //localhost/data
Password:
Anonymous login successful
Domain=[HOMENET] OS=[Unix] Server=[Samba 3.0.23c-2]
smb: \> put eicar.com
putting file eicar.com as \eicar.com (0.2 kb/s) (average 0.2 kb/s)
smb: \> put install.log
putting file install.log as \install.log (310.4 kb/s) (average 310.4 kb/s)
smb: \> ls
.                                   D        0  Sun Jul 22 04:27:17 2007
..                                  D        0  Sun Jul 22 04:05:41 2007
install.log                         A    26702  Sun Jul 22 04:27:18 2007

63461 blocks of size 65536. 29683 blocks available
smb: \>


Terminal # 2:
[root@fileserver ~]# tail -f /var/log/clamav/clamd.log
. . .
. . .
/data/eicar.com: Eicar-Test-Signature FOUND



Alhumdulillah. Good. Ideally, based on our settings, this virus file must not have been copied to the /data directory and must have been deleted by clamd. This is already evident from the ls command in the smb:\> prompt above. Still:

smb: \> quit

[root@fileserver ~]# ls /data -lh
total 32K
-rwxr--r-- 1 nobody nobody 27K Jul 22 04:27 install.log
[root@fileserver ~]#                       

As you can see the virus infected file does not exist over there! The normal one does. Mission accomplished. Alhumdulillah.


Another case is that throught the Linux OS level, without using smbclient, if you copy the virus file in /data, and later when you access it through samba, you should be denied access, and the file will be deleted from /data by clamd antivirus as soon as you try to get it! Good naa! :

[root@fileserver ~]# cp eicar.com /data/
[root@fileserver ~]# ls /data/
eicar.com  install.log
[root@fileserver ~]# smbclient  //localhost/data
Password:
Anonymous login successful
Domain=[HOMENET] OS=[Unix] Server=[Samba 3.0.23c-2]
smb: \> ls
.                                   D        0  Sun Jul 22 04:38:50 2007
..                                  D        0  Sun Jul 22 04:05:41 2007
eicar.com                                   68  Sun Jul 22 04:38:50 2007
install.log                         A    26702  Sun Jul 22 04:27:18 2007

63461 blocks of size 65536. 29678 blocks available
smb: \> get eicar.com
NT_STATUS_ACCESS_DENIED opening remote file \eicar.com

smb: \> ls
.                                   D        0  Sun Jul 22 04:39:18 2007
..                                  D        0  Sun Jul 22 04:05:41 2007
install.log                         A    26702  Sun Jul 22 04:27:18 2007

63461 blocks of size 65536. 29678 blocks available
smb: \>




The same will be logged in the clamav log file:
[root@fileserver ~]# tail -f /var/log/clamav/clamd.log
. . .
. . .
/data/eicar.com: Eicar-Test-Signature FOUND
------------------------------------------------------

/data/eicar.com: Eicar-Test-Signature FOUND



Alright, the final things: Setting up clamav to get updated by freshclam, run each night and update the virus DB.

[root@fileserver freshclam]# vi /usr/local/etc/freshclam.conf
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose yes
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner clamav
DatabaseMirror db.pk.clamav.net
DatabaseMirror database.clamav.net
ScriptedUpdates yes
Checks 6
NotifyClamd /usr/local/etc/clamd.conf


Try running the freshclam program in non-daemon mode at the moment:

[root@fileserver ~]# /usr/local/bin/freshclam
ClamAV update process started at Sun Jul 22 04:56:15 2007
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Reading CVD header (daily.cvd): nonblock_recv: recv timing out (30 secs)
ERROR: remote_cvdhead: Error while reading CVD header from db.pk.clamav.net
WARNING: Can't read daily.cvd header from db.pk.clamav.net (IP: 58.221.222.66)
Trying again in 5 secs...
ClamAV update process started at Sun Jul 22 04:56:53 2007
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Reading CVD header (daily.cvd): OK
Downloading daily-3715.cdiff [100%]
Downloading daily-3716.cdiff [100%]
daily.cvd updated (version: 3716, sigs: 6404, f-level: 16, builder: ccordes)
Database updated (139567 signatures) from db.pk.clamav.net (IP: 219.127.68.136)
Clamd successfully notified about the update.
[root@fileserver ~]# 


You will see the same output as above in /var/log/clamav/freshclam.log

You will also notice the reload of database in /var/log/clamav/clamd.log

[root@fileserver ~]# tail -f /var/log/clamav/clamd.log
. . .
. . .
No stats for Database check - forcing reload
Reading databases from /var/lib/clamav
Database correctly reloaded (139573 signatures)


Now you may want to run freshclam in daemon mode:

freshclam -d

You can create a start up script for it in init.d or you can put this in rc.local

chkconfig --level 35 clamd on
chkconfig --level 35 samba on
echo "/usr/local/bin/freshclam -d" >> /etc/rc.local



############### END OF HOWTO #######################

You are here How To / Tutorials Samba with CLAMAV