Virus Scan with kav4fs¶
Prerequisite¶
Assume you have installed Kaspersky Anti-Virus for Linux File Server on the Seafile Server machine.
If the user that runs Seafile Server is not root, it should have sudoers privilege to avoid writing password when running kav4fs-control. Add following content to /etc/sudoers:
<user of running seafile server> ALL=(ALL:ALL) ALL
<user of running seafile server> ALL=NOPASSWD: /opt/kaspersky/kav4fs/bin/kav4fs-control
Script¶
As the return code of kav4fs cannot reflect the file scan result, we use a shell wrapper script to parse the scan output and based on the parse result to return different return codes to reflect the scan result.
Save following contents to a file such as kav4fs_scan.sh
:
#!/bin/bash
TEMP_LOG_FILE=`mktemp /tmp/XXXXXXXXXX`
VIRUS_FOUND=1
CLEAN=0
UNDEFINED=2
KAV4FS='/opt/kaspersky/kav4fs/bin/kav4fs-control'
if [ ! -x $KAV4FS ]
then
echo "Binary not executable"
exit $UNDEFINED
fi
sudo $KAV4FS --scan-file "$1" > $TEMP_LOG_FILE
if [ "$?" -ne 0 ]
then
echo "Error due to check file '$1'"
exit 3
fi
THREATS_C=`grep 'Threats found:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`
RISKWARE_C=`grep 'Riskware found:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`
INFECTED=`grep 'Infected:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`
SUSPICIOUS=`grep 'Suspicious:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`
SCAN_ERRORS_C=`grep 'Scan errors:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`
PASSWORD_PROTECTED=`grep 'Password protected:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`
CORRUPTED=`grep 'Corrupted:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`
rm -f $TEMP_LOG_FILE
if [ $THREATS_C -gt 0 -o $RISKWARE_C -gt 0 -o $INFECTED -gt 0 -o $SUSPICIOUS -gt 0 ]
then
exit $VIRUS_FOUND
elif [ $SCAN_ERRORS_C -gt 0 -o $PASSWORD_PROTECTED -gt 0 -o $CORRUPTED -gt 0 ]
then
exit $UNDEFINED
else
exit $CLEAN
fi
Grant execute permissions for the script (make sure it is owned by the user Seafile is running as):
chmod u+x kav4fs_scan.sh
The meaning of the script return code:
1: found virus
0: no virus
other: scan failed
Configuration¶
Add following content to seafile.conf
:
[virus_scan]
scan_command = <absolute path of kav4fs_scan.sh>
virus_code = 1
nonvirus_code = 0
scan_interval = <scanning interval, in unit of minutes, default to 60 minutes>