# PBM: no use flag oav for samba-3.0.28

## VinzC

Hi.

I've upgraded samba from version 3.0.24 to 3.0.28 on a Gentoo server that used to link samba with clamav. A specific USE flag, oav, was present. It seems it has been removed from version 3.0.28. How do I link clamav with >=samba-3.0.28 now?

Here's the problem:

```
May 26 11:27:06 serenity smbd[6630]: [2008/05/26 11:27:06, 0] smbd/vfs.c:vfs_init_custom(155)

May 26 11:27:06 serenity smbd[6630]:   Can't find a vfs module [vscan-clamav]
```

The extension vscan-clamav seems to have disappear due to the absence of use flag oav, I suppose.

Thanks for any hint/suggestion.

----------

## Desintegr

Bug #199769 :

 *Quote:*   

> ------- Comment  #3 From Tiziano Müller 2007-11-20 21:19:48 0000  [reply] -------  
> 
> The oav USE-flag has been dropped on purpose together with the oav-patch.
> 
> Reasons:
> ...

 

But there is some WIP, read the bug report.

----------

## VinzC

Thank you for the info. So if I want a virus scanning solution with Samba, the best bet for now is to downgrade to an earlier version, which supports the oav flag, right?

----------

## Desintegr

Or a custom ebuild with recent version.

----------

## soroh6

Ok, I just got this working, here's what I did, fairly painlessly.  Patch is from http://www.openantivirus.org/projects.php

I'll just assume a few things:

1) you are logged in as root

2) you are in /root

3) you have samba and clamav emerged already

```
wget http://www.openantivirus.org/download/samba-vscan-0.3.6c-beta5.tar.gz

cp /usr/portage/distfiles/samba-3.0.28a.tar.gz ~/

tar zxvf samba-vscan-0.3.6c-beta5.tar.gz -C /usr/share/doc/samba-3.0.28a-r1/examples/VFS/
```

At this point, run an emerge samba with the USE flags you use etc etc.  Ctrl-C (abort it) it after you see it has run the ./configure line.  You will want to copy the entire ./configure line that gentoo passes to it so that you can run it yourself in a few moments.

```
cp -r /var/tmp/portage/net-fs/samba-3.0.28a-r1/work/samba-3.0.28a/source /usr/share/doc/samba-3.0.28a-r1/

cd /usr/share/doc/samba-3.0.28a-r1/source

./autogen.sh

# paste and run the ./configure line now

make proto
```

That is it for the pre-requisities that vscan will want.  Make sure you edit the clamav/vscan-clamav.h file as indicated below:

```
cd ../examples/VFS/samba-vscan-0.3.6c-beta5

nano/vi/edit clamav/vscan-clamav.h: #define VSCAN_CLAMD_SOCKET_NAME      "/var/run/clamav/clamd.sock"  // this is set to /var/run/clamd by default, change it!

- save & exit file

./configure

make clamav

cp vscan-clamav.so /usr/lib/samba/vfs

cp clamav/vscan-clamav.conf /etc/samba
```

Add these 2 lines to your shares (second line is optional actually, to tweak built-in settings), should work in the [global] section as well if you want to scan all shares, I haven't tested more than the below example however.

If you include it make sure to edit the /etc/samba/vscan-clamav.conf file and update the sock name in there as well (in vscan-clamav.conf, find and change: clamd socket name = /var/run/clamav/clamd.sock):

```
   vfs object = vscan-clamav

   vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
```

Restart samba and go browse a share:

```
/etc/init.d/samba restart

tail -f /var/log/messages /var/log/clamav/clamd.log
```

No need to patch samba sources at all, this method worked great for me.  :Smile: 

 *clamd.log wrote:*   

> Fri Jun 13 20:19:24 2008 -> /home/soroh/blah1.exe: OK
> 
> Fri Jun 13 20:19:24 2008 -> /home/soroh/blah2.exe: OK
> 
> Fri Jun 13 20:19:24 2008 -> /home/soroh/blah3.exe: Trojan.Spy-32988 FOUND

 

 *messages wrote:*   

> Jun 13 20:19:24 fnd02 smbd_vscan-clamav[30222]: INFO: Scanning file : '/home/soroh/blah3.exe'
> 
> Jun 13 20:19:24 fnd02 smbd_vscan-clamav[30222]: ALERT - Scan result: '/home/soroh/blah3.exe' infected with virus 'Trojan.Spy-32988', client: '10.0.1.34'
> 
> Jun 13 20:19:24 fnd02 logger: VIRUS ALERT: Trojan.Spy-32988  # this line is from my /etc/clamd.conf, VirusEvent /usr/bin/logger "VIRUS ALERT: %s"
> ...

 

If you update samba to a new version, you will most likely have to re-compile the module.

Something I was thinking about in the default clamd.conf: The default commented line for VirusEvent is /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v", to send a message to your mobile phone.  If you emerge mailx you can use the mail program to almost do the same thing. VirusEvent echo "%v" | mail -s "VIRUS ALERT" 1234567890@yourprovider.com sends me a text message, with a subject of "VIRUS ALERT" and the message containing the virus name.  (This was because sendsms in portage does not have my provider).  Note I am not using this feature as it is most useless to me, but... it works if you need.  Of course you could replace the e-mail address with any e-mail address, to send yourself an e-mail notification instead of a text message.  Or just use what I use, /usr/bin/logger, to dump a message to /var/log/messages.

Edits: Fixed some small things, just installed this for a friends server, instructions should work well.

----------

## VinzC

Thanks a lot, soroh6. I guess it shouldn't be too hard to make a patched ebuild for that...

----------

## soroh6

Shouldn't be at all, although I wouldn't know where to begin.  :Smile: 

Technically, should just need to compile vscan if +oav is set, by installing the 'patch' in the source/ directory and compiling it after samba has finished.

They could also seperate it into a seperate ebuild, maybe app-antivirus/samba-vscan.  This would then download the sources for your currently installed samba version, run the above code I have listed (basically), and install the modules/config file.  This could also have the advantage of having USE flags for the various antivirus modules that vscan supports.

----------

## soth

Good work. I'm going to try this..

----------

## soroh6

I was just noticing today, that with my Samba update, the OAV USE flag is back, so this tutorial is kind of useless now.  :Smile: 

----------

