Sales: dataon_sales@dataonstorage.com     |     Tech Support: Please visit our support portal     |     Office Support Hours: M-F 9:00AM ~ 6:00PM (PST)
Title
Contact Us
Sales: 888.726.8588

Introduction: ClamAV antivirus


NexentaStor is generally considered a risk-free platform, when it comes to the general threats posed by malware (short for "malicious software"). The latter includes computer viruses, worms, trojan horses, most rootkits, spyware, and so on. Still, to ensure that the appliance is ready when (and if) such malicious software is attempted to be used against the appliance, we have recently added a built-in antivirus capability. The corresponding NexentaStor extension module (plugin) is based on a well-known cross-platform antivirus software: ClamAV.


The ClamAV antivirus is broadly used and is constantly being improved and fixed by the community. The ClamAV database is updated several times each day, and as of June 2009 contained more then 650,000 virus signatures. Nexenta Systems provides an integration of the ClamAV for the NexentaStor: a documented 'clamav-antivirus' plugin that can be deployed with any NexentaStor appliance starting version 2.2 and later.


Note that clamav-antivirus extension runs ON the NexentaStor itself. The clamav-antivirus is open sourced: the entire source of the plugin is available at http://www.nexentastor.org (lookup "ClamAV Antivirus" under Projects; the sources are under Repository).


Rest of this article describes the appliance's antivirus capability in the form of questions and answers.


Questions and Answers


Q: How to install antivirus plugin?


A: nmc$ setup plugin install clamav-antivirus

You can use NMC 'show plugin' command, to show already installed plugins. You can also use Nexenta Management View UI to administer all available plugins, as per F.A.Q. article "What is NexentaStor plugin".


Important notice: reboot the system after the installation!


The appliance software will automatically determine which additional packages need to be installed with the plugin. This may include an updated version of ClamAV itself. Due to specific characteristics of this particular extension, the appliance must be reboted upon the installation.




Q: Is there plugin's manual page or usage instructions?


For a quick help and usage examples, use NMC -h option that is universally provided to display embedded manual pages and user guide, for instance:


A: nmc$ setup clamav-antivirus -h



Q: How to manually update antivirus database?


A: nmc$ setup clamav-antivirus update

An example of server response follows below:
ClamAV update process started at Mon Nov 16 12:35:45 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
daily.cld is up to date (version: 10029, sigs: 105549, f-level: 44, builder: ccordes)


To show last update info:


nmc$ show clamav-antivirus update

or:


nmc$ setup clamav-antivirus update show



Q: How to manually perform virus scanning?


A: Here's an example that'd perform a just-in-time scan of the folder 'tank/users/mike':


nmc$ setup clamav-antivirus scan folder tank/users/mike

An example of output:


/volumes/tank/users/mike/clam.zip: ClamAV-Test-File FOUND
----------- SCAN SUMMARY -----------
Known viruses: 649892
Engine version: 0.95.3
Scanned directories: 1
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 3.688 sec (0 m 3 s)


To scan recursively, use -r option. For instance:


nmc$ setup clamav-antivirus scan folder tank/users/mike -r

All the subdirectories in the given directory will be scanned.


To scan AND remove infected files:


nmc$ setup clamav-antivirus scan folder tank/users/mike -d



Q: How to switch on (enable) automatic virus vscan on Folders/Volumes?


A: nmc$ setup clamav-antivirus vscan folder tank/users enable

or:


nmc$ setup clamav-antivirus vscan volume tank folder users enable

To switch on vscan on a given volume:


nmc$ setup clamav-antivirus vscan volume tank enable

Vscan set the quarantine bit and access is denied to the infected files, for instance:


# cat tank/users/clam.zip

cat: tank/video/clam.zip: Permission denied


To check for the quarantine bit "q":
nmc$ ls -/c tank/users
drwxr-xr-x 3 root root 3 Oct 22 20:24 eicar.com
{A------mq-}


You cannot view or edit or execute infected files but you CAN remove them, for instance:


# rm tank/users/eicar.com



Q: How to show vscan-enabled folders/volumes?


A: nmc$ show clamav-antivirus vscan

or:


nmc$ setup clamav-antivirus vscan show

An example of output:
NAME VSCAN
tank/users on


To show all folders in the system, with their corresponding vscan (on and off) properties:


nmc$ show clamav-antivirus vscan -a

or:


nmc$ setup clamav-antivirus vscan show -a

Note that this output may be very lengthy as it will print a line per each folder in the appliance. An example of output:
NAME VSCAN
tank off
tank/users on
tank/video off
tank/audio off




Q: How to switch off (disable) folders/volumes virus scanning?


A: nmc$ setup clamav-antivirus vscan folder tank/users disable

or:


nmc$ setup clamav-antivirus vscan volume tank folder users disable

To reset vscan property to its default value:


nmc$ setup clamav-antivirus vscan folder tank/users reset

or:


nmc$ setup clamav-antivirus vscan volume tank folder users reset



Q: How to configure the plugin properties?


A: To show existing properties


nmc$ show clamav-antivirus show-settings

or:


nmc$ setup clamav-antivirus property show

An example of output:
Checks = 24
DatabaseMirror = database.clamav.net
max-size = 10Mb
srv_clamav.ClamAvMaxFileSizeInArchive = 100M
srv_clamav.ClamAvMaxFilesInArchive = 0
srv_clamav.ClamAvMaxRecLevel = 5
srv_clamav.MaxObjectSize = 10M


To show a given selected property:


nmc$ setup clamav-antivirus property ?

An example of output:
* Default: 10Mb
VSCAN: Maximum file size


To configure a given property:


nmc$ setup clamav-antivirus property 

To edit services configuration files (caution: advanced usage only!):


nmc$ setup clamav-antivirus edit-settings 



Q: How to test antivirus internal services?


A: nmc$ show clamav-antivirus -c -q

An example of output:
=== AntiVirus services status ===
cicap: online
vscan: online
clamfresh: online
C-ICAP: service check OK.

 

Your are currently browsing this site with Internet Explorer 6 (IE6).

Your current web browser must be updated to version 7 of Internet Explorer (IE7) to take advantage of all of template's capabilities.

Why should I upgrade to Internet Explorer 7? Microsoft has redesigned Internet Explorer from the ground up, with better security, new capabilities, and a whole new interface. Many changes resulted from the feedback of millions of users who tested prerelease versions of the new browser. The most compelling reason to upgrade is the improved security. The Internet of today is not the Internet of five years ago. There are dangers that simply didn't exist back in 2001, when Internet Explorer 6 was released to the world. Internet Explorer 7 makes surfing the web fundamentally safer by offering greater protection against viruses, spyware, and other online risks.

Get free downloads for Internet Explorer 7, including recommended updates as they become available. To download Internet Explorer 7 in the language of your choice, please visit the Internet Explorer 7 worldwide page.