Re: [Samba] Samba 3.0.20pre2 Available for Download
On Wed, Jul 13, 2005 at 06:54:33PM +0200, Thomas Bork wrote: > >>>global/vscan-fileaccesslog.c:131: error: syntax error before > >>>"DONT_USE_CPLUSPLUS_RESERVED_NAMES" > >>Interesting, I cannot see this message here. > >Hum, which gcc are you using? :-) > > An really old one: > > vmeis # gcc -v > Reading specs from /usr/lib/gcc-lib/i486-pc-linux-gnu/2.95.3/specs > gcc version 2.95.3 20010315 (release) OK, on the maschine I got the ouput mentioned above I use 3.3 :-) > >>After moving the virus file to the quarantine directory the virus file > >>is still visible in the vscan protected share. I have to manual refresh > >>the window to see, that the file is gone. > >>Is it possible to initiate the refresh from samba_vscan? There must be > >>such an funktion in samba, because deleting or moving a file leads to an > >>refresh of the current window. > >You're deleting / moving the file on the Windows side (e.g. Explorer)? > >I guess Windows forces a refresh automatically. To be honest, I have no > >idea if it's possible to force a refresh via samba-vscan/Samba (as a > >side note, moving into quarantine is currently done via vfs_rename) > > Do you mean vfswrap_rename? My C knowledge is very limited ;) > Maybe one of the samba developers knows an answer? Yup, vfswrap_rename. Actually, this question is probably for samba-technical, not samba :) But I still think, Windows forces the reload if you delete/rename a file within Windows. cheers, Rainer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20pre2 Available for Download
On Wed, Jul 13, 2005 at 06:01:55PM +0200, Thomas Bork wrote: > Rainer Link wrote: > > >Compiling global/vscan-fileaccesslog.c with -fPIC > >global/vscan-fileaccesslog.c: In function `lrufiles_add': > >global/vscan-fileaccesslog.c:131: error: syntax error at '#' token > >global/vscan-fileaccesslog.c:131: error: syntax error before > >"DONT_USE_CPLUSPLUS_RESERVED_NAMES" > > Interesting, I cannot see this message here. Hum, which gcc are you using? :-) > Replacing all occurences of "new" with "new_entry" leads to normal Fine, same for me. I already checked this into CVS. > compiling and normal behaviour. > By the way: > After moving the virus file to the quarantine directory the virus file > is still visible in the vscan protected share. I have to manual refresh > the window to see, that the file is gone. > > Is it possible to initiate the refresh from samba_vscan? There must be > such an funktion in samba, because deleting or moving a file leads to an > refresh of the current window. You're deleting / moving the file on the Windows side (e.g. Explorer)? I guess Windows forces a refresh automatically. To be honest, I have no idea if it's possible to force a refresh via samba-vscan/Samba (as a side note, moving into quarantine is currently done via vfs_rename) cheers, Rainer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: tests with samba-vscan 3.6 and 3.6 latest cvs exclude by regex feature failed on suse 9.2 samba 3.13
On Sun, Apr 10, 2005 at 10:26:45PM +0200, Robert Schetterer wrote: Hi, > recompiled samba-vscan 3.6 against samba 3.13 > on suse 9.2 no failures, build rpm ( no suse patches to vfs vscan )no > failures, > small test -> everything seems to work. > (tested with clamav and fprotd) Fine :) > fetching latest cvs code to test exclude by regex, recompile clamav > no compile failures but > samba logs shows bugs like this > /usr/sbin/smbd: symbol lookup error: /usr/lib/samba/vfs/vscan-clamav.so: > undefined symbol: fileregexp_init > as written in cvs it seems this needs more testing in the code Please don't expect sources from CVS to actually compile or functional at any time (unless they are not marked as "snapshot", "alpha" or better). I commit changes without any prior compiling or tests. > > if anyone is interested in the produced rpms > for suse 9.2 ( src included ) with samba-vscan 3.6 > ( suses version is 3.5 with patches ) > they will be loadable for a small time at > http://www.robowarp.de/samba-robo/ > warning: dont use the rpms on production systems, as they are small tested Kudos to Lars Mueller of Novell/SUSE samba-vscan 0.3.6 RPMs can be found at ftp://ftp.suse.com/pub/projects/samba/3.0/ (for various SUSE Linux versions). Of course, these are not official SUSE RPMs and not QA'ed! So, use with care. To discuss samba-vscan bugs, further development and plans please use openantivirus-discuss or openantivirus-developer mailing list. Thanks best regards Rainer Link -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: No vscan HOWTOs? should called how exclude pst files vscan clamav
On Tue, Mar 29, 2005 at 11:28:13PM +0200, Robert Schetterer wrote: > Hi @ll,hi Andrew,Rainer You'd probably shoulnd't bug any Samba people with samba-vscan related configuration issues. They are busy enough :) > - -- > pdc:/home/danielop/outlook.pst # file -i ./Outlook.pst > ./Outlook.pst: application/octet-stream > - - So, the MIME-type is actually "application/octet-stream", which is a generic type for anything binary and not recognized by file otherwise. Probably someone should try to add a real "pattern" to detect Outlook PST correctly (the idea has mentioned below already by someone else). > so i included this to vscan-clamav.conf > > - --- > ; exclude files from being scanned based on the MIME-type! Semi-colon > ; seperated list (default: empty list). Use this with care! > exclude file types = pst > - pst ist the file extension, not the MIME-type! Keep in mind you should never trust any file extension if you want to achieve virus protection (esp. to block files on SMTP layer). I won't repeat the reasoning behind, just do a google group search for "nick fitzgerald file extension" (a good hit is http://tinyurl.com/4nkv9). Anyway, samba-vscan 0.3.7 will most likely ship with a feature to exclude files from scanning based on a regexp. The code is basically already in CVS, based on a contribution from a samba-vscan user. > Munich / Bavaria / Germany Hum, that's not sooo far away :) HTH best regards Rainer Link -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with samba and sophie
Glenn Robinson wrote: If I run sophie standalone to scan a directory/folder it all runs ok, as it also does in daemon mode. I've changed my smb.conf file to specify vfs option=/usr/lib/samba/vscan-sophos.so When I access the share I receive the following in the syslog: samba smbd_vscan_sophos[6649]: ERROR: can not connect to Sophie! Well, where's Sophie's socket located? Permissions correct? The answer can be found in the INSTALL file of samba-vscan. best regards Rainer Link -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with samba and sophie
Glenn Robinson wrote: If I run sophie standalone to scan a directory/folder it all runs ok, as it also does in daemon mode. I've changed my smb.conf file to specify vfs option=/usr/lib/samba/vscan-sophos.so When I access the share I receive the following in the syslog: samba smbd_vscan_sophos[6649]: ERROR: can not connect to Sophie! Well, where's Sophie's socket located? Permissions correct? The answer can be found in the INSTALL file of samba-vscan. best regards Rainer Link -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba3+samba-vscan+clamav = A big headache.
Chris E wrote: > which I'm not sure if worked or not but seems to have not errored and > comipiled fine. Then I setup my smb.conf with the following > > [global] > vfs object = /usr/local/lib/samba/vscan-clamav.so > vfs options = config-file = > /usr/local/etc/samba-vscan/vscan-clamav.conf Actually, I'm not familiar with the ports of Samba and samba-vscan of FBSD. For Samba 3.x, the vfs object(s) have to be written _without_ full path and extension, i.e. vfs object = vscan-clamav Assuming, Samba is installed in /usr/local/samba, the vscan-clamav.so file must be placed in /usr/local/samba/lib/vfs best regards Rainer Link -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: samba 3.0 vfs module problem
[EMAIL PROTECTED] wrote: [2003/12/12 06:38:00, 3] smbd/vfs.c:vfs_init_custom(227) Initialising custom vfs hooks from [vscan-mksd.so] [2003/12/12 06:38:00, 5] lib/module.c:smb_probe_module(102) Probing module 'vscan-mksd.so' [2003/12/12 06:38:00, 5] lib/module.c:smb_probe_module(113) *** Probing module 'vscan-mksd.so': Trying to load from /usr/local/samba/lib/vfs/vscan-mksd.so.so ^^ *** [2003/12/12 07:41:34, 2] lib/module.c:do_smb_load_module(64) Module '/usr/local/samba/lib/vfs/vscan-mksd.so.so' loaded ^^ Could you solve this problem meanwhile? I'm fighting with same problem. For Samba 3.x the correct setting is simply vfs objects = vscan-mksd No ".so" extension, no path at all. See man 5 smb.conf for details. With the help of your thread, i'm able to load the vscan-clamav module, but it seems to me, that the scanner doesn't work. If i copy the EICAR test to the share, there is no warning or anything else. samba-vscan logs everything via syslog, so check /var/log/messages. Moreover, please read through the INSTALL file of samba-vscan, here's a quote of the upcoming 0.3.5 release (support of libclamav is not available in earlier releases, so please just skip it): - Clam AntiVirus samba-vscan (clamav module) can be configured to use for the Clam AntiVirus daemon (clamd) or the ClamAV library (libclamav). Usage of clamd is default. Daemon: You need Clam AntiVirus Daemon from http://www.clamav.net/. As socket name /var/run/clamd is assumed. You can modify this via CLAMD_SOCKET_NAME in vscan-clamav.h or via clamd socket name = in the run-time configuration file. The socket must have read/write permissions for everyone (i.e. chmod a+rw /var/run/clamd), as smbd runs under various user IDs (i.e. "nobody" or as the user "xyz", when user "xyz" is connected to his home directory). This could be a security risk, as now an attacker could pass arbitrary commands to Clam AntiVirus Daemon, so we need a better solution here ... libclamav: To use the ClamAV library instead, use the --with-clamav-lib switch for ./configure. Keep in mind, if vscan-clamav is build and linked for libclamav, you must rebuild the module if you decide to use clamd instead. HTH best regards, Rainer Link -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: quick help, samba internal error signal 11
Mariusz Mirkiewicz wrote: Hello I need quick help sometimes I get following error: [2003/12/18 09:07:48, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 15261 (3.0.0) Please read the appendix Bugs of the Samba HOWTO collection [..] #3 /usr/local/samba/lib/vfs/vscan-mksd.so [0x40737c00] Does this also happen, when vscan-mksd is not loaded? If you won't get a smbd crash, then samba-vscan is the culprit. Then, please apply the following patch to samba-vscan sources http://cvs.sourceforge.net/viewcvs.py/openantivirus/samba-vscan/global/vscan-fileaccesslog.c?r1=1.8.2.1&r2=1.8.2.2&only_with_tag=VSCAN_0_3&diff_format=u (url may be wrapped, so please do cut&paste) and rebuild vscan-mksd by "rm vscan-mksd.so && make mksd && make install". HTH best regards, Rainer Link -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OT: need feedback on samba-vscan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, for a paper which will hopefully released later under the terms of the GNU FDL, I need some feedback on samba-vscan (http://www.openantivirus.org/projects.php#samba-vscan). Please include the following information in your feedback (it's ok to answer not all questions) * which samba-vscan version you're using * which Samba version * which anti-virus product * on how many Samba servers it's being used, approx. amount of users and traffic * figures on performance impact/loss due to samba-vscan * which features do you miss? You might give every missing feature a weight (i.e. 5 = very important, 1 = just a nice-to-have) * if you used it in the past, but decided to not use it any longer, please state your reason(s) (again, you might give every reason a weight) * anything else :-) Thank you very much! Note: your answer(s) will be read only by me, you're very welcome to send your reply PGP-encrypted. Your data will not be given to any other person/organisation/whatever. It will be used for statistics only, i.e. your name and/or company name will not be mentioned in this paper. In any case I'd like to cite parts of your mail, I will kindly ask for your ~ permission before. And, of course, missing features will be added to the TODO list of the project :-) best regards, Rainer Link Developer samba-vscan OpenAntiVirus.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+vMg7mxoFTBO0QHkRAvMEAKCfZjMqq1MJMImZJtuL3Qn/slxJrgCeJ1mg DzDA/uBl6sIxcbEHRwnn9pA= =Zb0b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba