Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I just recently helped my friend to install his linux box, where he used the linux box as file storage server among his friends, the server is connected to the LAN and have also have internet connection.
I'm using SAMBA for the service, where it have multiple private folders [requires username/password to access], and few public folders, where anyone can access and write data in it.
Now the problem is where, certain users in his groups actually stored "infected" files unintentionally, and caused some problems to other users as well as they accidentally executes the files.
So I want to ask some question, like is there any service or function that allows the server to scans any incoming traffic and filter out any possible infected files been shared/stored inside the server?
Setup
Network connection:
- A dsl modem connected to a 8 port switch
Server:
- Fedora-distro Linux box.
- Connected to LAN via cable.
- Samba used as file sharing service.
- Connected to the internet.
Clients:
- 5 computers, all running Windows XP.
- All of them connected via LAN cable.
- Have internet connection as well.
Pardon me for my bad English, and thanks in advance!
I would recommend ClamAV. Set it up as a daemon to automatically get any new updates and scan new files. It should be pretty easy to set up.
HTH
Dave
I did a little searching after my post and see that ClamAV is designed for mail servers so it "may" work for what you want. In either case, I think the principle is sound.
Thanks AsusDave... I'll give ClamAV a try, yeah I read about ClamAV earlier and most of the settings are for the mail server. Probably I missed out somewhere on scanning the new files.
Thanks and I'll give ClamAV a try later on when I'm going to his dorm, I'll post up the status later.
I would recommend ClamAV. Set it up as a daemon to automatically get any new updates and scan new files. It should be pretty easy to set up.
HTH
Dave
I did a little searching after my post and see that ClamAV is designed for mail servers so it "may" work for what you want. In either case, I think the principle is sound.
No, there's a file based version (clamscan) that scans files on disk.
You may want to tie clamscan in with incrontab or some other methiod to automatically scan new files, unless there's some form os samba add on to call it when a file is saved.
You may want to tie clamscan in with incrontab or some other methiod to automatically scan new files, unless there's some form os samba add on to call it when a file is saved.
There a Linux kernel module AV can interface with called Dazuko. YMMV(VM) though: even if __dpath() is exported it may crash stock kernels so a kernel patch and rebuild may be in order. Also the project seems a wee bit stale.
Quote:
Originally Posted by GameSky
I'll give ClamAV a try later on when I'm going to his dorm, I'll post up the status later.
If you have a good stash of w32 malware samples what you could do is testdrive different AV products. While ClamAV is clearly OSS and promoted a lot, and I'm not a proponent of commercial AV SW, but other commercial vendors like Bitdefender, F-Prot, Panda (others are easy to search for) may offer freely usable products as well. The best reason for testing is finding differences in maturity of AV engines, performance and reporting. If you take ClamAV for instance you'll find there's a difference in features between clamscan and clamdscan and how they will report things.
Still there's nothing like prevention (also see modifying users behaviour), and running up to date AV on each mcrsft arcade game console should be considered mandatory. There's also Squid proxy setups that runs OSS AV like ICAP or HAVP (which for instance IPCOP rebrands as "Copfilter") ...
Last edited by unSpawn; 04-06-2009 at 05:01 AM.
Reason: more *is* more...
Billymayday - Thanks for the info on clamscan. Now I know!! :-)
Unspawn - I think you make a couple of really good points. Not "everything" software has to be free and the best antivirus/malware/phishing defense is a smart user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.