BitDefender Security for Samba Integration HowTo

In order to compile the BitDefender vfs module, the samba server sources are required.

1. There are two ways to obtain the source of the samba server:

a) If you use a rpm based system, download the src.rpm from the distro's repository, or just use yum to download and install the src.rpm file. For example, in Fedora Core, download the src.rpm file from the repository and install it with:
# rpm -ivh samba-3.0.24.src.rpm

If the install is OK, go to /usr/src/redhat/SPECS and rebuild the src.rpm file:
# cd /usr/src/redhat/SPECS
# rpmbuild -bc samba.spec

It is possible to need some more packages (libacl-devel, cups-devel, gnutls-devel, autoconf, libtool) to rebuild the src.rpm package. If so, use the distro's way to install the missing packages.

b) The other way is to get the latest source of samba from the samba website.



2. The next step is to compile the BitDefender vfs module.

Go to /opt/BitDefender/var/src, unpack the BitDefender-Samba-vfs.tar.gz file using:
# tar -xvf BitDefender-Samba-vfs.tar.gz

To compile the vfs, run in a console:
# ./configure --with-samba-source=

where is /usr/src/redhat/BUILD/samba-3.0.24 (for version 3.0.24) if the src.rpm is used, or it can be the path to the samba sources from the tar.gz file.

If there are no error messages, type:
# make && make install

By default the vfs file bdvfs3.so is installed in /usr/lib/samba/vfs.This path can be changed by --setting --with-install-dir parameter in the configure command.



3. The BitDefender Samba VFS module is activated/deactivated on a per-share basis. You can activate/deactivate it by running one of the following commands:
# ./bdsafe samba vfs

For example, the output will be something like this:

global
   Path          :
   VFS           : disabled

public
   Path          : /data/500GB/public/
   VFS           : disabled


To enable the BitDefender vfs for the public share, run:
# ./bdsafe samba vfs enable public

To check the status of the public share, type:
# ./bdsafe samba vfs status public

public
   Path               : /data/500GB/public/
   VFS                : enabled
   Failure action     : (default)
   Actions:
      On infected     : (default)
      On suspected    : (default)
      On riskware     : (default)



4. To test if the Bitdefender samba vfs is working, try copying the Eicar virus from a Windows machine into the public share. If it's working, a new entry will appear in the /opt/BitDefender/var/log/virus.log file and the virus file will not be copied in the public share:

"05/06/2009 11:15:03 BDFILED MALWARE: /data/500GB/public/eicar.com (/data/500GB/public/eicar.com), malware: EICAR-Test-File (not a virus), status: Infected, action: Deleted (disinfect,delete,deny)"

Now, your public share is malware protected by BitDefender.

For more info about the BitDefender vfs module please read the INSTALL.samba-vfs file from your BitDefender installation.