Thanks @bunkobugsy for the link, this really seems a nice feature.
I tested with the rspamd clamav instance so it logs in /var/log/maillog but it just works.
Opening the eicar test file on my backup share now produces following log entry and I can’t open the file.
Feb 10 23:46:20 server2 clamd[23335]: /var/lib/nethserver/ibay/backup/eicar.com: Eicar-Test-Signature.UNOFFICIAL FOUND
How to test it using custom templates
Create custom template dir:
mkdir -p /etc/e-smith/templates-custom/etc/samba/smb.conf/ibay-default
Setup virusfilter for all shares (old)
To apply the virusfilter to ALL shares, create /etc/e-smith/templates-custom/etc/samba/smb.conf/ibay-default/30virusfilter with following content:
{
$OUT = "";
$ibay_vfs->{virusfilter} = "";
}
To be able to apply the virusfilter to specific shares, create /etc/e-smith/templates-custom/etc/samba/smb.conf/ibay-default/30virusfilter with following content:
{
$OUT = "";
return unless (($ibay{'SmbVirusFilterStatus'} || 'disabled') eq 'enabled');
$ibay_vfs->{virusfilter} = "";
}
To enable virusfilter for a share:
db accounts setprop <SHARENAME> SmbVirusFilterStatus enabled
For example I enabled it for the backup share (/var/lib/nethserver/ibay/backup):
db accounts setprop backup SmbVirusFilterStatus enabled
Virusfilter options
Create /etc/e-smith/templates-custom/etc/samba/smb.conf/90virusfilter with the needed virusfilter options:
virusfilter:scanner = clamav
virusfilter:socket path = /var/run/clamd@rspamd/clamav
There are a lot of other options to try like quarantine or scan on close…
EDIT:
With following additional options the file is scanned and renamed immediately after copying it to the share (doesn’t work with the default “scan on open”):
virusfilter:scan on close = yes
virusfilter:infected file action = rename
Apply the changes:
signal-event nethserver-samba-save