File Filter for Samba Server

Erik Norgaard norgaard at
Thu Mar 6 10:25:44 UTC 2008

muhammad hamka wrote:
> Hi all,
> I've run my samba server running on my FreeBSD box. My samba connect to
> several workstation (using Windows). I set the sharing for public (Everyone
> can read/write/delete files).
> The problem is some of my workstation is infected by virus. So everytime i
> open that folder, i got a tons of virus (usually consist of , autorun.inf ,
> file with .vbs extension and several suspicious executable file). I tried to
> set samba-vscan with clamav, but this works only scan and moving those file
> to quarantine. But those file will appear again because of virus daemon
> running in infected workstation.
> i have an idea to set a file filter that uploaded to my storage server. So
> that, it can deny the file containing .vbs extension etc. to be written in
> my storage. is there any software provide this solution? or any
> configuration of samba i miss? thanx

Is there any reason for anonymous/guest access?

If not, by requiring users to authenticate in order to gain write access 
you can identify the owner(s) of infected hosts and get them cleaned.

Consider if using a logon script can force installation/update of 
ant-virus software on hosts.

Secondly, you might take a look at the "veto files" parameter. The 
intended use is to prevent user access to system files (such as apple 
share files). It is not clear if it will prevent the infected hosts from 
uploading the files, but it should prevent access to these files and 
hence the infection of other hosts.

Then you can run a cronjob regularly cleaning up the directories.

see smb.conf(5).

Cheers, Erik

More information about the freebsd-questions mailing list