On Access Virus Protection ?

[remus]

I'm in the process of building a remastered tinycore CD that works as a Samba file server for windows clients.

I'd like to give the server some kind of resident anti virus protection, so that if a windows user tries to copy an infected file to the server, the server will detect the infection and block the file copy process.

I know there is a clam av extension, that seems to be a on demand scanner. Anyone know if Clam av can do this or if there is an extension that does the job ?

[Rich]

Hi remus
Samba-Vscan looks like what you are looking for. Not sure if it's actively being supported.

[vinnie]

Searching on internet i found this 4 prog: clamfs, avfs, dazuko and samba-vscan

[remus]

Thx Rich, I found those as well.

I could not find them as extensions, so I've started reading the wiki about how to create an extension. The process looks doable.

[Rich]

Hi remus
This link provides a little more information about the interfaces mentioned by vinnie.
http://www.clamav.net/lang/en/download/third-party-tools/3rdparty-fs/

[remus]

Thx Rich,

Avfs looks like a good solution, I'm currently trying to find the install files.

[remus]

Having trouble finding an active Avfs website. I did find something that seemed to be related to virtual file systems, not anti virus file systems.

Sooo I'm on to looking into clamfs.

I've just had a quick read through "make your own extension" wiki, and I think I have to learn a bit about "compiling from source" and getting dependencies.

I can start googling the subject in general, I would appreciate any suggestions that might be tinycore specific

[coreplayer2]

clamav is already available as an extension

[remus]

Thx for input coreplayer2, clamav is on demand scanning, and does not provide on access real time anti virus protection.

clamfs configuration file does not appear to be included with clamav. I've run

Code: [Select]

sudo find / -name clamfs which gets no results.

[Rich]

Hi remus
clamfs is not part of clamav. It is a separate file system interface. Go to:
http://clamfs.sourceforge.net/
and scroll down. You will find links for source code and a Debian package if you wish to try to
adapt that, as well as an Ubuntu link.

[remus]

Hi Rich,

Yep, I've been following the compile instructions at http://clamfs.sourceforge.net/

Problem 1: required me to install compiletc - which I read about here: http://wiki.tinycorelinux.net/wiki:creating_extensions

Problem 2: is about boost.

checking for boostlib >= 1.33... configure: error: We could not detect the boost libraries (version 1.33 or higher). If you have a staged boost library (still not installed) please specify $BOOST_ROOT in your environment and do not give a PATH to --with-boost option.  If you are sure you have boost installed, then check your version number looking in <boost/version.hpp>. See http://randspringer.de/boost for more documentation.

I'm not sure what to do about this, I've tried installing boost, and rebooted. However no cigar

[Rich]

Hi remus
You probably also need boost-dev.tcz

[remus]

problem 2 solved by installing boost-dev
problem 3 : fuse.h missing - solved with fuse extension
problem 4 : rlog.h : searching extensions for rlog does not get any 100% hits, but references to other software

[remus]

problem 4 : solved : manually downloaded and installed from source package rlog-1.4.tar.gz from http://code.google.com/p/rlog/
problem 5 :  Poco/ExpireLRUCache.h : wish me luck

[Rich]

Hi remus
Good luck.