BitDefender Security for Samba 2.1 Integration HowTo

With the BitDefender VFS module properly compiled and installed it is now time to integrate BitDefender into your Samba installation. This can be done using bdsafe's Samba plugin.

You can get the status of all the Samba shares using:

# ./bdsafe samba vfs status

which will print something similar to:

global

Path :

VFS : disabled

MyShare

Path : /shares/MyShare

VFS : disabled

You can enable the BitDefender VFS module for a share by running:

# ./bdsafe samba vfs enable MyShare

and the status of that share will change:

# ./bdsafe samba vfs status MyShare
MyShare

Path : /shares/MyShare
VFS : enabled
Actions:

On infected : (default)
On suspected : (default)
On riskware : (default)

When enabling the VFS module bdsafe will change Samba's smb.conf and make a backup of it named smb.conf.orig. The new settings will be saved in smb.conf.rebuilt, and smb.conf will be a symlink pointing to it:

# ls -l smb.conf*
lrwxrwxrwx 1 root root smb.conf -> smb.conf.rebuilt
-rw-r--r-- 1 root root smb.conf.orig
-rw-r--r-- 1 root root smb.conf.rebuilt

If you need to get back to the original smb.conf just run:

# ln -sf smb.conf.orig smb.conf

Disabling the VFS module for a share can be done using:

# ./bdsafe samba vfs enable MyShare

By default, all the VFS enabled shares are configured with the global Actions, which can be checked using:

# ./bdsafe samba status
Actions:

on infected : move-to-quarantine,ignore
on suspected : move-to-quarantine,ignore
on riskware : move-to-quarantine,ignore

and changed using:

# ./bdsafe samba [action type] [actions list]

where [action type] can be one of: actions, oninfected, onsuspected, onriskware and [actions list] is the list of actions, separated by ",". Available actions are: disinfect, copy-to-quarantine, move-to-quarantine, delete, and deny.
Here's an example on how to change all the malware actions:

# ./bdsafe samba actions disinfect,delete,move-to-quarantine,deny

Each share can override any global action, and this can be done with bdsafe using a syntax similar to the one above:

# ./bdsafe samba vfs [action type] [share name] [actions list]

Here's an example on how to change the action on suspected files for a share:

# ./bdsafe samba vfs onsuspected MyShare move-to-quarantine,deny

which will change the share's status:

# ./bdsafe samba vfs status MyShare
MyShare

Path : /shares/MyShare
VFS : enabled
Actions:

On infected : (default)
On suspected : move-to-quarantine,deny
On riskware : (default)

Enabling or configuring the VFS module for all the Samba shares can be done by using just the global section, for example:

# ./bdsafe samba vfs enable global
# ./bdsafe samba vfs oninfected global disinfect,delete,move-to-quarantine,deny

Please note that after changing any share settings Samba needs to be restarted in order for the new settings to be loaded.