Setting up Samba to automatically scan files as they are opened or saved on the server is relatively straightforward. Using Yast install clamav and freshclam. ClamAV is an open source virus scanner that runs as a service on your SuSE server. FreshClam is a little daemon that runs in the background to ensure your virus definitions remain up to date.
Once installed use Yast’s runlevel editor to have ClamAV and FreshClam start on boot. Changing this setting should automatically start ClamAV and by default it listens to port 3310 on your local loopback interface (127.0.0.1).
In the Samba config directory (/etc/samba/) create a file named vscan-clamav.conf and put the following text into it:
[samba-vscan]
; run-time configuration for vscan-samba using
; clamd all options are set to default values
; do not scan files larger than X bytes. If set to 0 (default),
; this feature is disabled (i.e. all files are scanned)
max file size = 0
; log all file access (yes/no). If set to yes, every access will
; be logged. If set to no (default), only access to infected files
; will be logged
verbose file logging = no
; if set to yes (default), a file will be scanned while opening
scan on open = yes
; if set to yes, a file will be scanned while closing (default is yes)
scan on close = yes
; if communication to clamd fails, should access to file denied?
; (default: yes)
deny access on error = no
; if daemon fails with a minor error (corruption, etc.),
; should access to file denied?
; (default: yes)
deny access on minor error = no
; send a warning message via Windows Messenger service
; when virus is found?
; (default: yes)
send warning message = yes
; what to do with an infected file
; quarantine: try to move to quantine directory; delete it if moving fails
; delete: delete infected file
; nothing: do nothing
infected file action = quarantine
; where to put infected files - you really want to change this!
; it has to be on the same physical device as the share
; also ensure the directory exists in the filesystem
quarantine directory = /home/quarantine
; prefix for files in quarantine
quarantine prefix = vir-
; as Windows tries to open a file multiple time in a (very) short time
; of period, samba-vscan can use the last recently used file mechanism to avoid
; multiple scans of a file. This setting specifies the maximum number of
; entries in the recently used file list. (default: 100)
max lru files entries = 100
; how long (in seconds) that file entries will be kept in the recently used file list
; (Default: 5)
lru file entry lifetime = 5
; socket name of clamd (default: /var/run/clamd) - uncomment to use sockets
; clamd socket name = /var/lib/clamav/clamav.socket
; port number the ScannerDaemon listens on
oav port = 3310
This configuration file instructs Samba to pass files through the ClamAV daemon listening on port 3310 on the local interface and if any viruses are found quarantine the file in the /tmp directory.
Now just add the following configuration option in your [Global] section of /etc/samba/smb.conf:
# For Samba 3.x. This enables ClamAV on access scanning.
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
Save smb.conf and restart Samba (/etc/init.d/smb restart). Check your Samba smb log to make sure your configuration file was read and everything is working:
tail /var/log/samba/log.smbd -n 100
Should list the last 100 entries in your Samba SMB log.
With on-access virus scanning in place check everything is working by logging into your domain and opening/saving some files. If you experience any problems check the error logs (/var/log/messages and /var/log/samba/log.smb) but in theory everything should be working and you can get on to some real work.
Lastly if you have everything working and want to add some customisation to your logon.bat file don't forget to checkout the 'Customised Netlogon scripts for Samba' howto or try setting up network recycle bin functionality.