“Because iFolder is a cross-platform distributed solution, there is a possibility of a virus infection on a platform migrating across the iFolder server to other platforms, and vice versa. You should enforce server-based virus scanning to prevent viruses from entering the corporate network.”
This solution applies for openSuSE 11.1 :
The following packages need to be installed :
clamav dazuko postfix
Execute modprobe dazuko (as root)
Run lsmod and check that dazuko is loaded:
Edit /etc/init.d/boot.local
- Add:
modprobe dazuko
Edit /etc/clamd.conf
Enable logging by activating :
LogFile /var/log/clamd
* Activate:
# Path to a local socket file the daemon will listen on.
LocalSocket /var/lib/clamav/clamd-socket
* Deactivate:
# TCP port address.
#TCPSocket 3310
* Deactivate:
# TCP address.
#TCPAddr 127.0.0.1
* Activate and edit:
# Execute a command when virus is found.
VirusEvent /bin/echo “iFolder VIRUS ALERT: %v” | /bin/mail -s “ClamAV – iFolder” -r ClamAV@server.domain ToUser@domain
* Deactivate:
# Run as a selected user (clamd must be started by root).
#User vscan
Note:
If not deaktivating “User vscan” you receive the error: “clamuko cannot connect to dazuko” in /var/log/clamd
* Clamuko settings, Activate the following :
ClamukoScanOnAccess yes
ClamukoScanOnOpen yes
ClamukoScanOnClose yes
ClamukoScanOnExec yes
ClamukoIncludePath /YOUR_PATH_TO_IFOLDER/ifolder/simias/SimiasFiles
Change any other settings in the file to reflect your needs (see ClamAV documentation).
Start clamd:
/etc/init.d/clamd start
Check that clamd was started without any errors:
tail -f /var/log/clamd
Download the EICAR test signature from:
http://www.f-secure.com/virus-info/eicar_test_file.shtml
Note!
This is not a real virus.
Run: tail -f /var/log/clamd
Save the test file (eicar.zip and/or eicar.com) in your iFolder and wait for sync.
When the virus pattern is detected you should see this (see below) in the log file
/var/log/clamd.
Check that a mail has been sent: tail /var/log/mail
Update ClamAV:
You can update ClamAV using the command: freshclam
A better way is to use the freshclam daemon for automatic updates.
Settings for freshclam: /etc/freshclam.conf
Edit /etc/freshclam.conf
- Activate:
# Path to the log file (make sure it has proper permissions)
UpdateLogFile /var/log/freshclam.log - Activate and provide your country code:
# Uncomment the following line and replace XY with your country code.
DatabaseMirror db.se.clamav.net - Activate and provide update interval (e.g 24 for every hour):
# Number of database checks per day.
Checks 24
Create a log file for freshclam:
touch /var/log/freshclam.log
Set file rights:
chown vscan:vscan /var/log/freshclam.log
Start freshclam:
/etc/init.d/freshclam start
Check the log file:
tail /var/log/freshclam.log
Activate automatic start for clamd, freshclam and postfix from Yast –> System –> System Services (Run Level).
Now you have a real-time anti-virus scanning for your iFolder3 server.