File Server Antivirus

Hi, I like to test nethserver as fileserver in a small network with windows client PC. I’d like to have an antivirus engine running on the fileserver to protect hte client operations. Any suggestion?
From Nethserver documentation I understood it can use Clamav, but only for e-mail or web proxy, is it correct?
I installed Clamav following this guide
Is there a way to trigger antivirus “real time” file check when a file is saved or the only way is a daily scan?

Hi there is samba-vscan :
Maybe we need it in production


I did it a while ago using centos 5, but it didn’t work so well, i you
look around you’ll probably find a how to, but not sure it it will work on
nethserver (centos6)

Hi @asavinok ,

Lets have a try:

First of all create shared folder than:

  1. download and
cp /usr/lib64/samba/vfs/ 
cp vscan-clamav.conf /etc/samba/
  1. Change dir to /etc/samba

    cd /etc/samba/

Edit smb.conf file to add two lines under global section

vi smb.conf

Now copy below two lines to the file

vfs objects = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
service clamd restart
service smb restart
  1. Try to copy infected file to shared folder

Thanks. I give a try but it seems not working. I downloaded the “” file directly in the shared folder via Linux console. Then I used windows to copy and paste it in subfolders of the same share … nothing happened. How can I set a log file for vscan-clamav?

Hi @asavinok,
In file :



verbose file logging = yes
infected file action = delete

after it

service smb restart

I have build this new util but i can not access to Samba through VPN neither tun nor tap interface , for testing it :

Still not working. Please where the vscan-clamav log file is supposed to be?

OK … it is in var/log/messages …
here is what I see:
Jan 16 20:15:14 nethserver smbd[2580]: error probing vfs module ‘vscan-clamav’: NT_STATUS_UNSUCCESSFUL
Jan 16 20:15:14 nethserver smbd[2580]: [2016/01/16 20:15:14.127387, 0] smbd/vfs.c:315(smbd_vfs_init)
Jan 16 20:15:14 nethserver smbd[2580]: smbd_vfs_init: vfs_init_custom failed for vscan-clamav
Jan 16 20:15:14 nethserver smbd[2580]: [2016/01/16 20:15:14.127786, 0] smbd/service.c:902(make_connection_snum)
Jan 16 20:15:14 nethserver smbd[2580]: vfs_init failed for service IPC$

and in /var/log/clamav/clamd.log

as the old scan modules is outdated, thus we can only use “scannedonly”

Thanks Nas. I have seen this video tutorial and this couple of post
Well I think for me would be better to relay more on the client antivirus, and configure clamav to scan the server shared folder twice a day.

did you have resolved using @Nas suggestion?

Hi @alefattorini , wee need to involve our @dev team to make some investigation and development , because antivirus should scan shared folder, maybe not on the fly but at least 1 time per day.

please, don’t

AV scanning is quite intensive for server: cpu, ram and disks… running it twice a day will only make your server more slow, not more secure…

Well actually I was planning to scan only /var/lib/nethserver/ibay once a day and hourly scan only modified and changed files hourly with something like this:

#find /var/lib/nethserver/ibay -mmin -61 -type f -print0 | xargs -0-r clamscan --quiet --infected --move= /tmp/virus 
#find /var/lib/nethserver/ibay -cmin -61 -type f -print0 | xargs -0-r clamscan --quiet --infected --move= /tmp/virus
1 Like

Hi @giacomo @filippo_carletti @stephdl, please share your thoughts regarding Antivirus scanning of Shared Folders.

An option per ibay should be available for scanning it during the night…or a full scanning should be done each night/week if requested.

It is a basic feature O:)

Not tested but interesting

I always liked the idea of on-the-fly antivirus scan, but it’s probably useless since clamav it’s not so good on finding virus and it’s quite eager of resources.

I support the @asavinok idea: scan ibays once a day.
Maybe we can add an option for each ibay.

We have to completely rework the antivirus part for NS 7, I hope @davidep will also consider this scenario.