One of the most useful deployment scenario for Linux in enterprise or educational environment is a fileserver with on access virus scanning, to serve Windows PCs on the network of course. Long ago there used to be samba-vscan that worked very nicely, it went missing in openSUSE 11.2 so dazuko kernel module worked in its place. On 11.3 dazuko is no longer available, enter dazukofs.
DazukoFS is a stack-able filesystem for virus scanning, here is how it works:
Edit /etc/clamd.conf to change these parameters (change only these two parameters, nothing else there):
Edit /etc/fstab to mount the folder/s you would like to scan on access. So if /home is on /dev/sda2, there will be another line for /home in fstab, this will effectively mount /home twice, one normal way and another as dazukofs.
/home /home dazukofs defaults 0 0
Run the following commands as root in terminal:
Test it out with eicar, there will be message like this in /var/log/mail if you try to copy eicar.com to user’s home:
clamd: Clamuko: /home/username/eicar.com: Eicar-Test-Signature FOUND
I don’t know how to get the files with virus detected to quarantine, let me know if anyone knows how to do that.
Both comments and pings are currently closed.