Home Home > 2010 > 09 > 14 > On-Access virus scanning on openSUSE 11.3
Sign up | Login

On-Access virus scanning on openSUSE 11.3

September 14th, 2010 by

One of the most useful deployment scenario for Linux in enterprise or educational environment is a fileserver with on access virus scanning, to serve Windows PCs on the network of course. Long ago there used to be samba-vscan that worked very nicely, it went missing in openSUSE 11.2 so dazuko kernel module worked in its place. On 11.3 dazuko is no longer available, enter dazukofs.

DazukoFS is a stack-able filesystem for virus scanning, here is how it works:

Install clamav, clamav-db and dazukofs, dazukofs-kmp-yourkernelflavor via 1-click.

Edit /etc/clamd.conf to change these parameters (change only these two parameters, nothing else there):

User root
ClamukoScanOnAccess yes

Edit /etc/fstab to mount the folder/s you would like to scan on access. So if /home is on /dev/sda2, there will be another line for /home in fstab, this will effectively mount /home twice, one normal way and another as dazukofs.

/home /home dazukofs defaults 0 0

Run the following commands as root in terminal:

insserv boot.dazukofs
insserv clamd
/etc/init.d/boot.dazukofs start
mount -a
rcclamd start
freshclam

Test it out with eicar, there will be message like this in /var/log/mail if you try to copy eicar.com to user’s home:

clamd[4734]: Clamuko: /home/username/eicar.com: Eicar-Test-Signature FOUND

I don’t know how to get the files with virus detected to quarantine, let me know if anyone knows how to do that.

Both comments and pings are currently closed.

4 Responses to “On-Access virus scanning on openSUSE 11.3”

  1. Manish Singh

    You might want to use commercial application for protecting Linux file servers. for Example McAfee LinuxShield.

  2. pistazienfresser

    Hello, thanks for the description!
    (1) Is the author of the article (Jigish Gohil) the same as Lord_LT the builder of the dazukofs, dazukofs-kmp- on software.opensuse.org ?
    (2) Will this cool description also work with antivir instead of ClamAV ?
    Kind Regards
    pistazienfresser

  3. darth vader

    @ pistazienfresser: the procedure also works for AntiVir providing a long awaited solution for free on-access scanning.

  4. jan

    Hi!
    Newbie in linux. I followed instructions as posted, just encountered an error executing “/etc/init.d/boot.dazukofs start” its error response is “/etc/sysconfig/dazukofs does not exists.” Where could I got wrong? The following packages are installed: clamav, clamav-db, dazukofs-3.1.3-2.9.i586, dazukofs-kmp-default-3.1.3_k2.6.34.7_0.5-2.9.i586.

    regards,
    jan