ClamFS 1.0.0 has been released

ClamFS 1.0.0 has been released yesterday. It contains some new features that might be quite interesting for its users.

Completed clamd results caching

This was a long waiting feature. Version 0.9.1 cache only information about clean files. Infected files was scanned on every access. Starting from version 1.0.0 information about both clean and infected files are kept in cache while files that cannot be scanned (mostly because of permission problems) are discarded from cache.

Starting without clamd available

A new “check” option was added to allow you to mount a ClamFS file system when clamd is not available, such as during an early stage of the boot process. To disable ClamAV Daemon (clamd) check on ClamFS startup set option check to no:

<clamd socket="/var/run/clamav/clamd.ctl" check="no" />

Mounting file systems from /etc/fstab

With “check=no” mounting ClamFS file systems form /etc/fstab is possible using fuse mount helper (/sbin/mount.fuse). ClamFS will be started on boot with configuration file defined here provided as its argument. Simple definition of ClamFS mount point in /etc/fstab looks like:

clamfs#/etc/clamfs/share.xml  /clamfs/share  fuse  defaults  0  0

Read-only mounts

The “readonly” option was added to the filesystem options allowing you to create a read-only protected file system. Just extend filesystem definition in config file with readonly option set to yes:

<filesystem root="/share" mountpoint="/clamfs/share" readonly="yes" />

File system and cache statistics

ClamFS has file system statistics that allow you to monitor and tune its performance. Statistics module keep track of file system usage and cache hits. Stats module is configured with “stats” tag. It can dump statistics periodically and on ClamFS dismount:

<stats atexit="yes" every="3600" />

Statistics are dumped to configured logging target. Here is an example of such statistics dumped to syslog:

Feb  8 14:52:51 ghost clamfs: --- begin of statistics ---
Feb  8 14:52:51 ghost clamfs: Early cache hit: 1038
Feb  8 14:52:51 ghost clamfs: Early cache miss: 1030
Feb  8 14:52:51 ghost clamfs: Late cache hit: 1038
Feb  8 14:52:51 ghost clamfs: Late cache miss: 0
Feb  8 14:52:51 ghost clamfs: Whitelist hit: 10
Feb  8 14:52:51 ghost clamfs: Blacklist hit: 108
Feb  8 14:52:51 ghost clamfs: Files bigger than maximal-size: 3
Feb  8 14:52:51 ghost clamfs: open() function called 2081 times (allowed: 1803, denied: 278)
Feb  8 14:52:51 ghost clamfs: Scan failed 278 times
Feb  8 14:52:51 ghost clamfs: --- end of statistics ---

Better default extension blacklist

Default blacklist in configuration file was extended. I advise all users to incorporate blacklist from version 1.0.0 into their configuration files.

17 comments to ClamFS 1.0.0 has been released

  • CsIP

    I use it with Samba.
    But
    Create mask
    and
    Directory mask
    settings don’t works properly on a share mounted by ClamFS.

    Any idea?

  • CsIP

    I think this is because te FUSE uses same user to access files on share so any permission added to owner is applied for any user can access the sare.

  • ClamFS set its umask to 0 so it shouldn’t tamper with files permissions.

  • to allow samba access fuse mount add public=”yes” at clamfs xml file

  • bangben

    Hi,

    How do I run multiple clamfs instance for multiple samba share?
    Let say i have 3 private samba shares and 1 public share. I managed to mount clamfs for the public share. But how to mount the other samba shares (private one) ?

    Thanks.

  • To run multiple instances just create multiple configuration files, add them all to /etc/fstab and mount them.

    Each samba share should point to directory set in mountpoint option of each clamfs configuration file.

  • Sven Dreyer

    first of all: a very impressive tool!

    after a few days of use i noticed, that it does not respect setgid directories.

    i have a directory named “files”:
    $ ls -ld files
    drwxrws— 2 sven localusers 4096 14. Aug 16:51 files

    if i touch a file in there (as root)…
    # touch testfile

    …it should look like this:
    $ ls -l testfile
    -rw-r–r– 1 root localusers 0 14. Aug 16:54 foo

    but in fact, it looks like this:
    $ ls -l testfile
    -rw-r–r– 1 root root 0 14. Aug 16:54 foo

    the setgid-flag for the directory is ignored. if i try it outside a clamfs-directory, it works.

    am i missing a configuration option or is this a bug in fuse or clamfs?

    regards,
    sven

  • miro

    Cześć!
    Mam problem z kompilacją clamfs, gcc 4.4.2:

    clamfs.cxx: In function ‘char* clamfs::fixpath(const char*)’:
    clamfs.cxx:88: warning: ignoring return value of ‘int fchdir(int)’, declared with attribute warn_unused_result
    clamfs.cxx: In function ‘int clamfs::clamfs_open(const char*, fuse_file_info*)’:
    clamfs.cxx:529: error: invalid conversion from ‘const char*’ to ‘char*’
    make[2]: *** [clamfs.o] Błąd 1
    make[2]: Opuszczenie katalogu `/var/tmp/portage/sys-fs/clamfs-1.0.0/work/clamfs-1.0.0/src’
    make[1]: *** [all-recursive] Błąd 1
    make[1]: Opuszczenie katalogu `/var/tmp/portage/sys-fs/clamfs-1.0.0/work/clamfs-1.0.0′
    make: *** [all] Błąd 2

    Czy istnieje szansa na wersję poprawkową? ;)
    Pozdrawiam

  • miro

    Dzięki za info!
    To jeszcze szybkie pytanie, planujesz zapakowanie tego w wersję np. 1.0.1? Czy po prostu mam zrobić patcha, który będzie nakładany przez ebuilda (aż do wyjścia kolejnej wersji) ?
    Pozdrawiam

  • Poprawka wejdzie oczywiście do najbliższego wydania, ale nie mogę zagwarantować, że nastąpi ono szybko. Jako tymczasowe rozwiązanie polecam patcha.

  • Pascal

    Hello,
    i’m trying to make work this solution wich seems to be very usefull
    the problem i meet is that i dont know how to remove infected file
    the clamd conf file doesnt permit remove infected file and clamf.xml no more
    what could be the solution to remove infected file when it’s found

    Another question from newbie i’m : i plan use clamfs with samba, does that mean that the “new” home directory of a user is the clamfs one ?
    i mean, if before the home directory of toto was /home/toto, if i configure clamfs to mount /home on /home-clamfs-home the “new” home directory of toto will be /home-clamfs/toto ?

    thanks for your answers

  • Removing infected files automatically can be problematic in case of false positives. I plan to implement moving files to quarantine. You can always remove them by hand.

    If you want to mount clamfs on /home, firstly mount your current /home into /home_unprotected. Finally set up clamfs with options:

    <filesystem root="/home_unprotected" mountpoint="/home" public="yes" />
  • ivan_at_uadm

    Hi, have problem with connection to clamav:
    14:16:52 (clamav.cxx:59) [tid:34389115328] attempt to open control connection to clamd via /var/run/clamav/clamd.sock
    14:16:52 (clamav.cxx:63) [tid:34389115328] error: cannot connect to clamd
    my own DEBUG STRING 14:16:52 (clamav.cxx:63) [tid:34389115328] Try read error 12 (errConnectFailed)
    14:16:52 (clamav.cxx:90) [tid:34389115328] closing clamd connection
    14:16:52 (clamfs.cxx:1063) [tid:34389115328] cannot start without running clamd, make sure it work

    at same time
    socat – UNIX-CONNECT:/var/run/clamav/clamd.sock
    PING
    PONG

    work perfectly
    Using FreeBSD 8.2 amd64

  • Stephen

    I’ve just gotten clamfs working on tinycore 4.1 after a bit of mucking around.

    While testing with the eicar.com test virus file I discovered that I can not copy the test virus file to the mountpoint on the linux system, however I’ve also setup a samba share to use the same mountpoint folder, and I can copy the test virus file to that share from a windows computer.

    Suggestions welcome.

  • Wojtek

    Hello,

    any idea why clamfs ignore groups setting?
    For example, I add other people (X) to group Y, which is for user Y. Then, in filesystem I can as user X do everything on Y area, where they allow do they for group.
    But over clamfs they just ignore this settings …

    I use generic package availbale in Debian (1.0.1-1) with samba (generic too).

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>