#5 Source info of virus

[Sandip K Sadhukhan]

We have recently started using scannedonly to protect our dataserver and found very useful. But we have noticed that while virus file in the quarantined directory is not preserving the file ownership (it shows root as owner) of the infected file. So it is difficulty to find out the origin of the viruses. It would be very useful all the virus found information can be recorded in a log file with the path, owner and IP of the originating client.

[Olivier Sessink]

In the logging you can see the original path of the file.

For the client IP: due to the design of scannedonly this is quite hard. The virus scanner runs completely independent of samba, and has no information about the samba client. If scannedonly_prescan is used there isn't even a client at all. You need to enable samba audit logging to see which client is uploading which file. But that will do the logging for all files of all clients, not only viruses.