Automated virus scanning of shared files.

greenstar
Posts: 11
Joined: Mon Mar 09, 2009 7:30 pm
Location: Tennessee

Automated virus scanning of shared files.

Postby greenstar » Sun Jun 06, 2010 3:37 pm

I use an Amahi share to backup my client's user data when doing things like reinstalling a broken OS or cleaning up an infection. I usually boot the PC in question with a Puppy Linux LiveCD and then copy the entire user directory to the Amahi share and sort out the useful bits later.

I'd love to configure my Amahi box to automatically run a virus scan on whatever content is added to the directory. What a huge time-saver that would be.

I've tried to install and configure clamav on the host Fedora system with no success. Then again, I've never seen an antivirus program *actually work* in linux. I have never been able to get clamav to update it's definitions. I have tried other av for linux also and either can't get them to update defs, run scan or delete/clean infected files.

What got me to thinking about this is a particular option that I've seen in Windows antivirus software, which is:
Automatic scanning of removable devices. You can configure av software to automatically scan an external storage device upon mounting.

If I'm missing something obvious, I'd appreciate if someone would clue me in. If this is a good suggestion, let's see what it would take to implement it.

Thanks,
greenstar

P.S. I did go over to GetSatisfaction.com to post this, but it was far from intuitive and I felt that I'd have more success using a platform I'm familiar with - the good ol' forum. I also loathe having yet another website to remember to check back on.

greenstar
Posts: 11
Joined: Mon Mar 09, 2009 7:30 pm
Location: Tennessee

Re: Automated virus scanning of shared files.

Postby greenstar » Mon Jun 07, 2010 9:02 pm

Ok, I'm working on this and have a good bit of it worked out. I have gotten clamav to run a scheduled scan on selected directories, but I still haven't figured out how to get clamav to scan when new files are added. If I can't get clamav to do this, I think that I may be able to get a different av scanner to perform this function.

Any ideas, suggestions or input is welcome. When I'm done, I'm going to post my results as well as the steps I took to get it up and running.

greenstar

User avatar
moredruid
Expert
Posts: 791
Joined: Tue Jan 20, 2009 1:33 am
Location: Netherlands
Contact:

Re: Automated virus scanning of shared files.

Postby moredruid » Mon Jun 07, 2010 11:34 pm

you may want to schedule a find and pipe the output to a file. next time you do a find, do a diff between those 2 files if they are the same, if not, launch AV (unless already running), if the same, don't launch.
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D2173656C7572206968616D41snlbxq' | dc
Galileo - HP Proliant ML110 G6 quad core Xeon 2.4GHz, 4GB RAM, 2x750GB RAID1 + 2x1TB RAID1 HDD

User avatar
gboudreau
Posts: 606
Joined: Sat Jan 23, 2010 1:15 pm
Location: Montréal, Canada
Contact:

Re: Automated virus scanning of shared files.

Postby gboudreau » Tue Jun 08, 2010 3:29 am

Samba has a VFS module (their name for plugins) that to AV scans.
I never tried it, but my guess is it would do what you want.

It's called "samba-vscan"; you can find it on SourceForge.net
It can use ClamAV to do it's thing.
You'll need to compile it yourself; Fedora RPMs are not available.
- Guillaume Boudreau

greenstar
Posts: 11
Joined: Mon Mar 09, 2009 7:30 pm
Location: Tennessee

Re: Automated virus scanning of shared files.

Postby greenstar » Tue Jun 08, 2010 11:37 am

Thank you for your input and suggestions. More are always welcome.
you may want to schedule a find and pipe the output to a file. next time you do a find, do a diff between those 2 files if they are the same, if not, launch AV (unless already running), if the same, don't launch.
I understand the concept of piping output, but I have no practical understanding of how to use it properly, syntax 'n such. As far as the diff thing goes, that's over my head. Sounds like you're describing a process that could be scripted, but I don't really have a good understanding of script creation, though I'm moderately familiar with using them.
Samba has a VFS module (their name for plugins) that to AV scans.
I never tried it, but my guess is it would do what you want.

It's called "samba-vscan"; you can find it on SourceForge.net
It can use ClamAV to do it's thing.
You'll need to compile it yourself; Fedora RPMs are not available.
As far as I see, it's only available via SVN (though I might be missing something). I know little to nothing about using SVN. I have no notion of the security, stability, ability to be updated, etc of installing software via this method. I am familiar with using repositories and binaries and the implications of each. If source is available, I still wouldn't know what to do with it. I've tried compiling applications from source several times in the past 5 years since I've been using Linux OS's as my main OS and have not once been successful. Maybe I'm a bit slow on the uptake with that.

I think much of my lack of understanding comes down to the fact that I'm most comfortable and experienced using Debian-based OS's and Amahi runs on Fedora which is a bit foreign to me. A fair number of applications, terminal commands and such are different than what I'm used to, sometimes significantly so.

Keep the ideas coming and thanks for your input.
greenstar

jonathankonrad
Posts: 136
Joined: Sat Jul 25, 2009 1:42 pm

Re: Automated virus scanning of shared files.

Postby jonathankonrad » Sat Jul 19, 2014 12:52 pm

This post is rather old, but it looks related to what I would like to script or automate on my HDA. I recently was hit by a windows virus. Although I have a few machines running Linux my family uses windows as clients. It took a fair amount of time routing the virus out of five machines and it was clear that it at least parts of it were "hiding" on shares I host on my HDA.

I would like my HDA to scrub my samba or windows shares regularly for windows viruses. Has anyone set that up successfully? I use greyhole and I'm worried about the overhead or potential for slowing down read/writes to the server. It may be enough to simply have these shares scanned nightly. Does anyone have a successful antivirus or antimalware setup on their HDA?

I'm using Fedora 19 and Amahi 7 with four drives using greyhole. Thanks.

User avatar
bigfoot65
Project Manager
Posts: 10940
Joined: Mon May 25, 2009 4:31 pm

Re: Automated virus scanning of shared files.

Postby bigfoot65 » Sat Jul 19, 2014 1:26 pm

I would recommend installing and using ClamAV.
http://www.server-world.info/en/note?os ... 9&p=clamav

You can set up cron jobs to scan your samba shares. With Greyhole, obviously you would need to have mount shares locally script running, then scan the mounts (/mnt/samba/share) vs /var/hda/files/share.
https://wiki.amahi.org/index.php/Mount_Shares_Locally

EDIT: This might help as well.
https://www.centosblog.com/how-to-insta ... on-centos/
ßîgƒσστ65
Applications Manager

User avatar
bigfoot65
Project Manager
Posts: 10940
Joined: Mon May 25, 2009 4:31 pm

Re: Automated virus scanning of shared files.

Postby bigfoot65 » Sat Jul 19, 2014 2:15 pm

I have added some guidance to the wiki.
https://wiki.amahi.org/index.php/Virus_Scan_Shares
ßîgƒσστ65
Applications Manager

jonathankonrad
Posts: 136
Joined: Sat Jul 25, 2009 1:42 pm

Re: Automated virus scanning of shared files.

Postby jonathankonrad » Sat Jul 19, 2014 8:04 pm

Thanks. This looks great. If I need to do anything else to the configuration I'll add to the wiki or post here. Thanks again.

[ Post made via Android ] Image

User avatar
bigfoot65
Project Manager
Posts: 10940
Joined: Mon May 25, 2009 4:31 pm

Re: Automated virus scanning of shared files.

Postby bigfoot65 » Sat Jul 19, 2014 8:09 pm

Sounds good.

I am going to update the wiki with guidance to exclude directories too. For example, I want to scan all /mnt/samba/shares, but exclude a few shares that are backup images.

I have implemented this on my HDA and it's working well. I chose to use the Daily and Weekly approach that another user had added to the guidance. I use option "b" for my weekly so I can get email notifications.

I also added the capability to the Daily script as well have run it twice with great success. We probably could make an app out of this too. Might have to do that later.
ßîgƒσστ65
Applications Manager

Who is online

Users browsing this forum: No registered users and 1 guest