File Filter for Samba Server
Erik Norgaard
norgaard at locolomo.org
Thu Mar 6 10:25:44 UTC 2008
muhammad hamka wrote:
> Hi all,
>
> I've run my samba server running on my FreeBSD box. My samba connect to
> several workstation (using Windows). I set the sharing for public (Everyone
> can read/write/delete files).
>
> The problem is some of my workstation is infected by virus. So everytime i
> open that folder, i got a tons of virus (usually consist of , autorun.inf ,
> file with .vbs extension and several suspicious executable file). I tried to
> set samba-vscan with clamav, but this works only scan and moving those file
> to quarantine. But those file will appear again because of virus daemon
> running in infected workstation.
>
> i have an idea to set a file filter that uploaded to my storage server. So
> that, it can deny the file containing .vbs extension etc. to be written in
> my storage. is there any software provide this solution? or any
> configuration of samba i miss? thanx
Is there any reason for anonymous/guest access?
If not, by requiring users to authenticate in order to gain write access
you can identify the owner(s) of infected hosts and get them cleaned.
Consider if using a logon script can force installation/update of
ant-virus software on hosts.
Secondly, you might take a look at the "veto files" parameter. The
intended use is to prevent user access to system files (such as apple
share files). It is not clear if it will prevent the infected hosts from
uploading the files, but it should prevent access to these files and
hence the infection of other hosts.
Then you can run a cronjob regularly cleaning up the directories.
see smb.conf(5).
Cheers, Erik
More information about the freebsd-questions
mailing list