What are the infection risks for a SMB/Samba file share from an infected client PC?
I have a PC on my home network that I consider potentially infected by exposure to an untrusted program from the internet. (Antivirus detected nothing, and the PC runs fine, but I'm choosing to err on the side of caution. The PC is currently isolated.) This PC has access to an SMB network share as follows:
- The at-risk client is running Windows 10; the server is Linux running Samba.
- Both devices are on the same LAN.
- The Linux machine has a hard drive specifically for the share containing an NTFS filesystem inside an LVM volume.
- The above filesystem is mounted at
/.../share; this directory is made available via Samba.
I am aware that malware can compromise storage devices such that merely plugging them in risks spread (e.g. MBR infection). But how does this translate to a network drive, which the suspect PC can access only via SMB? Does SMB allow the client to access/modify the underlying filesystem on the server such that it can become an infection vector, or is the danger limited to the files stored on the drive?
I have reason to believe that the files stored on the share are not compromised. The Linux server has a backup drive (always connected and mounted to /.../backup) that I last synced with the shared drive months before the potential infection. A dry run of rsync between /share and /backup with the checksum option on indicates that the files on the share have not been modified. All this of course assumes that the Linux server itself has not been compromised.
Without knowing the details of the potential client infection, is it reasonably safe to assume that the Linux server itself has not been infected? Given the above information, is it reasonably safe for other Windows clients to connect to the SMB share?
