Introduction: ClamAV antivirus
NexentaStor is generally considered a risk-free platform, when it comes to the general threats posed by malware (short for "malicious software"). The latter includes computer viruses, worms, trojan horses, most rootkits, spyware, and so on. Still, to ensure that the appliance is ready when (and if) such malicious software is attempted to be used against the appliance, we have recently added a built-in antivirus capability. The corresponding NexentaStor extension module (plugin) is based on a well-known cross-platform antivirus software: ClamAV.
The ClamAV antivirus is broadly used and is constantly being improved and fixed by the community. The ClamAV database is updated several times each day, and as of June 2009 contained more then 650,000 virus signatures. Nexenta Systems provides an integration of the ClamAV for the NexentaStor: a documented 'clamav-antivirus' plugin that can be deployed with any NexentaStor appliance starting version 2.2 and later.
Note that clamav-antivirus extension runs ON the NexentaStor itself. The clamav-antivirus is open sourced: the entire source of the plugin is available at http://www.nexentastor.org (lookup "ClamAV Antivirus" under Projects; the sources are under Repository).
Rest of this article describes the appliance's antivirus capability in the form of questions and answers.
Questions and Answers
Q: How to install antivirus plugin?
A: nmc$ setup plugin install clamav-antivirus
You can use NMC 'show plugin' command, to show already installed plugins. You can also use Nexenta Management View UI to administer all available plugins, as per F.A.Q. article "What is NexentaStor plugin".
Important notice: reboot the system after the installation!
The appliance software will automatically determine which additional packages need to be installed with the plugin. This may include an updated version of ClamAV itself. Due to specific characteristics of this particular extension, the appliance must be reboted upon the installation.
Q: Is there plugin's manual page or usage instructions?
For a quick help and usage examples, use NMC -h option that is universally provided to display embedded manual pages and user guide, for instance:
A: nmc$ setup clamav-antivirus -h
Q: How to manually update antivirus database?
A: nmc$ setup clamav-antivirus update
An example of server response follows below:
ClamAV update process started at Mon Nov 16 12:35:45 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
daily.cld is up to date (version: 10029, sigs: 105549, f-level: 44, builder: ccordes)
To show last update info:
nmc$ show clamav-antivirus update
or:
nmc$ setup clamav-antivirus update show
Q: How to manually perform virus scanning?
A: Here's an example that'd perform a just-in-time scan of the folder 'tank/users/mike':
nmc$ setup clamav-antivirus scan folder tank/users/mike
An example of output:
/volumes/tank/users/mike/clam.zip: ClamAV-Test-File FOUND
----------- SCAN SUMMARY -----------
Known viruses: 649892
Engine version: 0.95.3
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 3.688 sec (0 m 3 s)
To scan recursively, use -r option. For instance:
nmc$ setup clamav-antivirus scan folder tank/users/mike -r
All the subdirectories in the given directory will be scanned.
To scan AND remove infected files:
nmc$ setup clamav-antivirus scan folder tank/users/mike -d
Q: How to switch on (enable) automatic virus vscan on Folders/Volumes?
A: nmc$ setup clamav-antivirus vscan folder tank/users enable
or:
nmc$ setup clamav-antivirus vscan volume tank folder users enable
To switch on vscan on a given volume:
nmc$ setup clamav-antivirus vscan volume tank enable
Vscan set the quarantine bit and access is denied to the infected files, for instance:
# cat tank/users/clam.zip
cat: tank/video/clam.zip: Permission denied
To check for the quarantine bit "q":
nmc$ ls -/c tank/users
drwxr-xr-x 3 root root 3 Oct 22 20:24 eicar.com
{A------mq-}
You cannot view or edit or execute infected files but you CAN remove them, for instance:
# rm tank/users/eicar.com
Q: How to show vscan-enabled folders/volumes?
A: nmc$ show clamav-antivirus vscan
or:
nmc$ setup clamav-antivirus vscan show
An example of output:
NAME VSCAN
tank/users on
To show all folders in the system, with their corresponding vscan (on and off) properties:
nmc$ show clamav-antivirus vscan -a
or:
nmc$ setup clamav-antivirus vscan show -a
Note that this output may be very lengthy as it will print a line per each folder in the appliance. An example of output:
NAME VSCAN
tank off
tank/users on
tank/video off
tank/audio off
Q: How to switch off (disable) folders/volumes virus scanning?
A: nmc$ setup clamav-antivirus vscan folder tank/users disable
or:
nmc$ setup clamav-antivirus vscan volume tank folder users disable
To reset vscan property to its default value:
nmc$ setup clamav-antivirus vscan folder tank/users reset
or:
nmc$ setup clamav-antivirus vscan volume tank folder users reset
Q: How to configure the plugin properties?
A: To show existing properties
nmc$ show clamav-antivirus show-settings
or:
nmc$ setup clamav-antivirus property show
An example of output:
Checks = 24
DatabaseMirror = database.clamav.net
max-size = 10Mb
srv_clamav.ClamAvMaxFileSizeInArchive = 100M
srv_clamav.ClamAvMaxFilesInArchive = 0
srv_clamav.ClamAvMaxRecLevel = 5
srv_clamav.MaxObjectSize = 10M
To show a given selected property:
nmc$ setup clamav-antivirus property ?
An example of output:
* Default: 10Mb
VSCAN: Maximum file size
To configure a given property:
nmc$ setup clamav-antivirus property
To edit services configuration files (caution: advanced usage only!):
nmc$ setup clamav-antivirus edit-settings
Q: How to test antivirus internal services?
A: nmc$ show clamav-antivirus -c -q
An example of output:
=== AntiVirus services status ===
cicap: online
vscan: online
clamfresh: online
C-ICAP: service check OK.
