Scannedonly scalable samba anti-virus module


The current release is 0.21 and is only available in source code:

The files are signed with key DAC576E6 (which is fully trusted by the previous key 16DF0FAF).

md5sums for these files:

402766a66ccf88eadd9606cf43ade3a4  scannedonly-0.21.tar.bz2
1e81cc52987f30fbd63d3abcbe9e3cb3  scannedonly-0.21.tar.gz

Development version

The latest code is available from the subversion repository at Sourceforge.

Use svn checkout svn:// scannedonly-latest to get the latest development version.


Scannedonly 0.21 moved from mtime to ctime to use a more reliable timestamp. The clamav daemon now cleans the queue if duplicate filenames are requested. Last scannedonly handles file rename situations better.

The VFS module in the 0.20 release handles applications that write to a temporary file and then rename to the final name better. It furthermore includes an experimental daemon for the F-prot anti-virus engine contributes by Fred Gansevles from

The 0.19 release fixes a symlink handling issue on samba shares, fixes an issue if the filesystem supports no sub-second timestamps, and improves the quarantaine option of the scannedonld_clamav daemon. An experimental patch to compile with a different libtalloc has been added, use ./configure --with-talloc-source=

The 0.18 release is a backport of the module that is now part of samba-3.5. The samba code was made compatible with samba 3.2 and 3.4, and upon request I've re-introduced samba 3.0 support.

In the 0.17 release the loop that was fixed in the 0.16 release was fixed for all cases. This release has a complete rewrite of the loop that should fix the problem in a much better way. This release furthermore fixes AIX compatibility in the VFS module.

The 0.16 release fixes a bug in the excludepatterns option of the scanning daemon, and a bug in the VFS module if a directory was listed without read permissions.

The 0.15 release adds compatibility with samba 3.4 (tested with 3.4.2).

The 0.14 release adds compatibility for ClamAV 0.95. It also features a large performance improvement when opening a directory with a very large numer of unscanned files. The network protocol between the samba vfs module and the scanning server has changed because of that.

The 0.13 release fixes some Solaris compile problems, and has several new features for the ClamAV scanning daemon and for the samba VFS module. The scanning daemon may now use more than 1 thread to scan large files, and it can be configured to use a quarantaine directory. The VFS module is now faster when listing a directory with many unscanned files, can show a user that files are being scanned and has an option to allow non-scanned files to ease migrations.

The 0.12 release improves various logging messages, and includes compatibility with samba-3.2 (tested against samba-3.2.4) and with newer libclamAV releases.


For the scanning daemon you need libclamav development files. In order to compile the scannedonly VFS module (for samba 3.2 and 3.4) you need the samba source code installed. You need not only to unpack the samba source code, but also run ./configure and make (although the first 10 seconds of make will probably do). In samba 3.5.0 and newer the scannedonly vfs module is already included in samba.

After that, configure the scannedonly source:
./configure --with-samba-source=/usr/src/samba-3.4.2/source3/ --with-samba-vfs-dir=/usr/local/samba/lib/vfs/
or if you use samba 3.5 or newer:
and run make and (as root) make install.


After installing, make sure that the directory for the domain socket exists (or use UDP). Also make sure that the ClamAV virus patterns are periodically refreshed (use for example freshclam).

Created with the Bluefish programmers editor