Hello I'm having a problem using the virusfilter and shadow_copy2 modules which, unless I'm mistaken, seems like a conflict between these modules. If I use the virusfilter, acl_xattr, recycle, shadow_copy2 and full_audit modules together, everything works perfectly, if I use the NOTHING, RENAME or DELETE actions of the virusfilter module. If I choose to use the QUARANTINE action for the virusfilter module, I lose access to my shares and the following messages appear in the logs: [2024/06/12 07:49:27.549438, 0] source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat) shadow_copy2_stat() failed to get vfs_handle->data! [2024/06/12 07:49:27.549795, 0] source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat) shadow_copy2_stat() failed to get vfs_handle->data! [2024/06/12 07:49:27.550885, 0] source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat) shadow_copy2_stat() failed to get vfs_handle->data! [2024/06/12 07:49:27.551026, 0] source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat) shadow_copy2_stat() failed to get vfs_handle->data! [2024/06/12 07:49:27.552212, 0] source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat) shadow_copy2_stat() failed to get vfs_handle->data! [2024/06/12 07:49:27.552344, 0] source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat) shadow_copy2_stat() failed to get vfs_handle->data! [2024/06/12 07:49:27.553955, 0] source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat) shadow_copy2_stat() failed to get vfs_handle->data! [2024/06/12 07:49:27.554074, 0] source3/modules/vfs_shadow_copy2.c:1180(shadow_copy2_stat) shadow_copy2_stat() failed to get vfs_handle->data! If I keep the virusfilter module using the QUARANTINE action, keep the acl_xattr, recycle and full_audit modules and remove the shadow_copy2 module, everything works perfectly again. If I keep the shadow_copy2, acl_xattr, recycle and full_audit modules and remove the virusfilter module (QUARANTINE action), everything works perfectly again. If I keep all the virusfilter, acl_xattr, recycle, shadow_copy2 and full_audit modules and change the virusfilter module action to NOTHING, RENAME or DELETE everything works perfectly again. As I was unable to solve the problem, nor did I find references on the internet or in books, I read the source code of the virusfilter and shadow_copy modules, but, as the log messages were very inconclusive for me, even using logs at level 10, I just I managed to understand that the log message comes from line 1180 of shadow_copy2. I'm using Debian 12.5 with Samba 4.20.1 (backports), but I've already tested the same settings in other versions of Samba and the problem repeats itself. Below are the settings I'm using for Samba. ## Global parameters # [global] security = ADS server role = member server netbios name = fileserver netbios aliases = fileserver workgroup = EXAMPLE realm = EXAMPLE.ADLAN ## Recommended Kerberos Setup # dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab ## Logs # log file = /var/log/samba/%h.log max log size = 2048 log level = 2 ## To BUILTIN groups and users # idmap config *:backend = tdb idmap config *:range = 3000-7999 ## To other domain groups and users # idmap config EXAMPLE:backend = rid idmap config EXAMPLE:range = 1000000-1999999 idmap config EXAMPLE:base_rid = 0 idmap config EXAMPLE:unix_primary_group = yes idmap config EXAMPLE:unix_nss_info = no ## Automatic kerberos ticket renovation # winbind refresh tickets = yes ## Remove domain prefix # winbind use default domain = yes ## Define shell # template shell = /bin/bash template homedir = /home/%D/%U ## Disabling printer share # load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes ## Load Samba modules # vfs objects = virusfilter acl_xattr recycle shadow_copy2 full_audit ## acl_xattr module settings # map acl inherit = yes ## Take care # sync always = yes strict sync = yes ## File Enumeration # access based share enum = yes hide unreadable = yes hide dot files = yes hide special files = yes hide files = /*.ntx/*.tmp/*.log/ ## Take care # veto files = /*.exe/*.run/*.bin/*.msi/*.php/*.asp/*.aspx/*.js/*.java/*.c/*.cpp/*.sh/*.bat/*.dll/*.{*}/ delete veto files = no ## recycle module settings # recycle:keeptree = yes recycle:versions = yes recycle:repository = /srv/data/shares/lixeira/%U recycle:directory_mode = 0770 recycle:exclude = *.dll, *.tmp, *.log, *.bak, *.obj, *.old, ~*.*, *.~* recycle:exclude_dir = cache, temp, tmp, TEMP, TMP ## virusfilter module settings - Action NOTHING - WORKS PERFECTLY # #virusfilter:scanner = clamav #virusfilter:socket path = /run/clamav/clamd.ctl ##virusfilter:socket path = /run/clamd.scan/clamd.sock #virusfilter:scan on open = yes #virusfilter:scan on close = yes #virusfilter:max file size = 100000000 #virusfilter:min file size = 1 #virusfilter:infected file action = nothing #virusfilter:infected file command = /usr/sbin/createWarningFile.sh %U NOTHING #virusfilter:scan error command = /usr/bin/python3 /usr/sbin/alert.pyc ERROR %h ## virusfilter module settings - Action QUARANTINE - CONFLICT WITH SHADOW_COPY2 MODULE # virusfilter:scanner = clamav virusfilter:socket path = /run/clamav/clamd.ctl #virusfilter:socket path = /run/clamd.scan/clamd.sock virusfilter:scan on open = yes virusfilter:scan on close = yes virusfilter:max file size = 100000000 virusfilter:min file size = 1 virusfilter:infected file action = quarantine virusfilter:quarantine directory = /srv/data/shares/quarantine/ virusfilter:quarantine prefix = virusfilter:quarantine suffix = virusfilter:quarantine keep tree = no virusfilter:quarantine keep name = yes virusfilter:infected file errno on open = EACCES virusfilter:infected file errno on close = EACCES virusfilter:infected file command = /usr/sbin/createWarningFile.sh %U QUARANTINE virusfilter:scan error command = /usr/bin/python3 /usr/sbin/alert.pyc ERROR %h ## virusfilter module settings - Action RENAME - WORKS PERFECTLY # #virusfilter:scanner = clamav #virusfilter:socket path = /run/clamav/clamd.ctl #virusfilter:scan on open = yes #virusfilter:scan on close = yes #virusfilter:max file size = 100000000 #virusfilter:min file size = 1 #virusfilter:infected file action = rename #virusfilter:infected file command = /usr/sbin/createWarningFile.sh %U RENAME #virusfilter:scan error command = /usr/bin/python3 /usr/sbin/alert.pyc ERROR %h ## virusfilter module settings - Action DELETE - WORKS PERFECTLY # #virusfilter:scanner = clamav #virusfilter:socket path = /run/clamav/clamd.ctl #virusfilter:scan on open = yes #virusfilter:scan on close = yes #virusfilter:max file size = 100000000 #virusfilter:min file size = 1 #virusfilter:infected file action = delete #virusfilter:infected file errno on open = EACCES #virusfilter:infected file errno on close = EACCES #virusfilter:infected file command = /usr/sbin/createWarningFile.sh %U DELETE #virusfilter:scan error command = /usr/bin/python3 /usr/sbin/alert.pyc ERROR %h ## shadow_copy2 module settings # shadow:basedir = /srv/data/shares shadow:snapdir = .zfs/snapshot shadow:sort = desc shadow:format = UTC-3-%Y.%m.%d-%H.%M.%S shadow:localtime = yes ## full_audit module settings # full_audit:prefix = %U|%I|%S full_audit:success = fchmod fchown lchown mkdirat open read renameat write full_audit:failure = all !open full_audit:facility = LOCAL7 full_audit:priority = ALERT [public_share] path = /srv/data/shares/public_share read only = no acl_xattr:ignore system acl = yes [trash] path = /srv/data/shares/trash/%U read only = no browseable = no root preexec = /usr/sbin/create_user_dir.sh /srv/data/shares/trash %U vfs objects = virusfilter acl_xattr full_audit [quarantine] path = /srv/data/shares/quarantine read only = no vfs objects = acl_xattr full_audit