This section applies to F-PROT Antivirus for UNIX File Server and Mail Server versions only
The F-PROT Filesystem Monitor runs as a daemon that monitors specified folders. When a file is opened, fpmon scans the file and blocks access to it if a virus is found.
How does it work?
The F-PROT Filesystem Monitor requires the kernel module Dazuko to work. Whenever a file in the monitored folders is opened, Dazuko notifies fpmon, which then scans the file using the F-PROT engine and if a virus is found, fpmon instructs Dazuko to block access to the file.
How to use it
First of all you must have Dazuko inserted into your kernel. Some distributions ship with a precompiled Dazuko kernel module, but on others you'll have to compile dazuko for your kernel yourself. See information here on how to do that.
Assuming you have Dazuko installed, specify a colon-separated list of folders to monitor in the FPMON_INCLUDEPATHS variable in /etc/f-prot.conf and any subfolders to exclude as a colon-separated list to FPMON_EXCLUDEPATHS. Then, as root, run '/opt/fstools/fpmon'.
For more information on how to use the F-PROT Filesystem Monitor to protect your Samba share, please click here.