Please note that this component is only available in F-PROT Antivirus for Linux File Servers
How does it work?
Normally, when an application needs to read and/or write to a file on disk, it calls the "open()" function (or one of it's variants) to access the file. This function is a part of the shared C runtime library, so when that function is called, a runtime process called a dynamic loader (ld.so) looks for that function inside the C runtime library (libc) and executes it.
In order for F-PROT Antivirus to scan all files before allowing applications to read their contents, f-prot.so needs to intercept these "open()" function calls before the runtime library's code is executed. This is done by setting the LD_PRELOAD environment variable. The dynamic linker then loads f-prot.so before the C runtime library. For further details on how this is done, see the manual page for f-prot.so.
When f-prot.so receives a open() function call, it sends a scan request of the file to the virus scanning daemon. Based on the results of the scan it either invokes the proper libc open() function, or returns a "Permission denied" error.
How to use it
As mentioned above, in order to use this on-access scanning technique, the user or administrator must configure the dynamic loader to load f-prot.so before it loads libc. This method is explained in detail in the f-prot.so manual page.
For further information, see Protecting your Samba network shares against viruses (linux/x86 only).< Previous | Back to Index | Next >