Scannedonly project is a scalable samba anti-virus module.
Scannedonly was developed because of scalability problems with samba-vscan: high server loads when (the same) files were requested often, and timeouts when large zip files were requested. Scannedonly doesn't have these problems, but it does introduce some other issues. Choose the product that suits you best.
How does scannedonly work?
Scannedonly comes in two parts: a samba vfs module and (one or more) daemons. The daemon scans files. If a certain file is clean, a second file is created with prefix .scanned:. The samba module simply looks if such a .scanned: file exists, and is newer than the pertinent file. If this is the case, the file is shown to the user. If this is not the case, the file is not returned in any directory listing, and cannot be opened. The samba vfs module will also tell the daemon to scan this file.
So what happens for the user. The first time a directory is listed, it is empty, but after a first refresh all files are shown. There is a utility scannedonly_prescan that can help you to prescan all directories.
If a virus is found by the daemon, a file with a warning message is created in the directory of the user, a warning is sent to the logs, and the file is renamed to have prefix .virus:. Files with the .virus: prefix are never shown to the user and all access is denied.
What's New in This Release: [ read full changelog ]
· Scannedonly moved from mtime to ctime to use a more reliable timestamp.
· The clamav daemon now cleans the queue if duplicate filenames are requested.
· Last scannedonly handles file rename situations better.