ClamFS 1.0.0 has been released yesterday. It contains some new features that might be quite interesting for its users.
Completed clamd results caching
This was a long waiting feature. Version 0.9.1 cache only information about clean files. Infected files was scanned on every access. Starting from version 1.0.0 information about both clean and infected files are kept in cache while files that cannot be scanned (mostly because of permission problems) are discarded from cache.
Starting without clamd available
A new “check” option was added to allow you to mount a ClamFS file system when clamd is not available, such as during an early stage of the boot process. To disable ClamAV Daemon (clamd) check on ClamFS startup set option check to no:
Mounting file systems from /etc/fstab
With “check=no” mounting ClamFS file systems form /etc/fstab is possible using fuse mount helper (/sbin/mount.fuse). ClamFS will be started on boot with configuration file defined here provided as its argument. Simple definition of ClamFS mount point in /etc/fstab looks like:
The “readonly” option was added to the filesystem options allowing you to create a read-only protected file system. Just extend filesystem definition in config file with readonly option set to yes:
File system and cache statistics
ClamFS has file system statistics that allow you to monitor and tune its performance. Statistics module keep track of file system usage and cache hits. Stats module is configured with “stats” tag. It can dump statistics periodically and on ClamFS dismount:
Statistics are dumped to configured logging target. Here is an example of such statistics dumped to syslog:
Feb 8 14:52:51 ghost clamfs: --- begin of statistics --- Feb 8 14:52:51 ghost clamfs: Early cache hit: 1038 Feb 8 14:52:51 ghost clamfs: Early cache miss: 1030 Feb 8 14:52:51 ghost clamfs: Late cache hit: 1038 Feb 8 14:52:51 ghost clamfs: Late cache miss: 0 Feb 8 14:52:51 ghost clamfs: Whitelist hit: 10 Feb 8 14:52:51 ghost clamfs: Blacklist hit: 108 Feb 8 14:52:51 ghost clamfs: Files bigger than maximal-size: 3 Feb 8 14:52:51 ghost clamfs: open() function called 2081 times (allowed: 1803, denied: 278) Feb 8 14:52:51 ghost clamfs: Scan failed 278 times Feb 8 14:52:51 ghost clamfs: --- end of statistics ---
Better default extension blacklist
Default blacklist in configuration file was extended. I advise all users to incorporate blacklist from version 1.0.0 into their configuration files.
17 thoughts on “ClamFS 1.0.0 has been released”
I use it with Samba.
settings don’t works properly on a share mounted by ClamFS.
I think this is because te FUSE uses same user to access files on share so any permission added to owner is applied for any user can access the sare.
ClamFS set its umask to 0 so it shouldn’t tamper with files permissions.
to allow samba access fuse mount add public=”yes” at clamfs xml file
How do I run multiple clamfs instance for multiple samba share?
Let say i have 3 private samba shares and 1 public share. I managed to mount clamfs for the public share. But how to mount the other samba shares (private one) ?
To run multiple instances just create multiple configuration files, add them all to /etc/fstab and mount them.
Each samba share should point to directory set in mountpoint option of each clamfs configuration file.
first of all: a very impressive tool!
after a few days of use i noticed, that it does not respect setgid directories.
i have a directory named “files”:
$ ls -ld files
drwxrws— 2 sven localusers 4096 14. Aug 16:51 files
if i touch a file in there (as root)…
# touch testfile
…it should look like this:
$ ls -l testfile
-rw-r–r– 1 root localusers 0 14. Aug 16:54 foo
but in fact, it looks like this:
$ ls -l testfile
-rw-r–r– 1 root root 0 14. Aug 16:54 foo
the setgid-flag for the directory is ignored. if i try it outside a clamfs-directory, it works.
am i missing a configuration option or is this a bug in fuse or clamfs?
Mam problem z kompilacją clamfs, gcc 4.4.2:
clamfs.cxx: In function ‘char* clamfs::fixpath(const char*)’:
clamfs.cxx:88: warning: ignoring return value of ‘int fchdir(int)’, declared with attribute warn_unused_result
clamfs.cxx: In function ‘int clamfs::clamfs_open(const char*, fuse_file_info*)’:
clamfs.cxx:529: error: invalid conversion from ‘const char*’ to ‘char*’
make: *** [clamfs.o] Błąd 1
make: Opuszczenie katalogu `/var/tmp/portage/sys-fs/clamfs-1.0.0/work/clamfs-1.0.0/src’
make: *** [all-recursive] Błąd 1
make: Opuszczenie katalogu `/var/tmp/portage/sys-fs/clamfs-1.0.0/work/clamfs-1.0.0′
make: *** [all] Błąd 2
Czy istnieje szansa na wersję poprawkową? ;)
Poprawka znajduje się już w repozytorium SVN jako wersja r85.
Dzięki za info!
To jeszcze szybkie pytanie, planujesz zapakowanie tego w wersję np. 1.0.1? Czy po prostu mam zrobić patcha, który będzie nakładany przez ebuilda (aż do wyjścia kolejnej wersji) ?
Poprawka wejdzie oczywiście do najbliższego wydania, ale nie mogę zagwarantować, że nastąpi ono szybko. Jako tymczasowe rozwiązanie polecam patcha.
i’m trying to make work this solution wich seems to be very usefull
the problem i meet is that i dont know how to remove infected file
the clamd conf file doesnt permit remove infected file and clamf.xml no more
what could be the solution to remove infected file when it’s found
Another question from newbie i’m : i plan use clamfs with samba, does that mean that the “new” home directory of a user is the clamfs one ?
i mean, if before the home directory of toto was /home/toto, if i configure clamfs to mount /home on /home-clamfs-home the “new” home directory of toto will be /home-clamfs/toto ?
thanks for your answers
Removing infected files automatically can be problematic in case of false positives. I plan to implement moving files to quarantine. You can always remove them by hand.
If you want to mount clamfs on /home, firstly mount your current /home into /home_unprotected. Finally set up clamfs with options:
Czy jest jakaś szansa/nadzieja na dodanie funkcji przesuwania plików do kwarantanny lub usuwania ? :)
Hi, have problem with connection to clamav:
14:16:52 (clamav.cxx:59) [tid:34389115328] attempt to open control connection to clamd via /var/run/clamav/clamd.sock
14:16:52 (clamav.cxx:63) [tid:34389115328] error: cannot connect to clamd
my own DEBUG STRING 14:16:52 (clamav.cxx:63) [tid:34389115328] Try read error 12 (errConnectFailed)
14:16:52 (clamav.cxx:90) [tid:34389115328] closing clamd connection
14:16:52 (clamfs.cxx:1063) [tid:34389115328] cannot start without running clamd, make sure it work
at same time
socat – UNIX-CONNECT:/var/run/clamav/clamd.sock
Using FreeBSD 8.2 amd64
I’ve just gotten clamfs working on tinycore 4.1 after a bit of mucking around.
While testing with the eicar.com test virus file I discovered that I can not copy the test virus file to the mountpoint on the linux system, however I’ve also setup a samba share to use the same mountpoint folder, and I can copy the test virus file to that share from a windows computer.
any idea why clamfs ignore groups setting?
For example, I add other people (X) to group Y, which is for user Y. Then, in filesystem I can as user X do everything on Y area, where they allow do they for group.
But over clamfs they just ignore this settings …
I use generic package availbale in Debian (1.0.1-1) with samba (generic too).