FRISK Software International

F-PROT Antivirus Preloadable Library Call Wrapper (fp.so)
1.4 F-PROT Antivirus Preloadable Library Call Wrapper (fp.so)
 

This section applies to F-PROT Antivirus for UNIX File Server and Mail Server versions only

How does it work?

Normally, when an application needs to read and/or write to a file on disk, it calls the "open()" function (or one of it's variants) to access the file. This function is a part of the shared C runtime library, so when that function is called, a runtime process called a dynamic loader (ld.so) looks for that function inside the C runtime library (libc) and executes it.

Not using the F-PROT Antivirus Preloadable Library Call Wrapper

In order for F-PROT Antivirus to scan all files before allowing applications to read their contents, fp.so needs to intercept these "open()" function calls before the runtime library's code is executed. This is done by setting the LD_PRELOAD environment variable. The dynamic linker then loads fp.so before the C runtime library. For further details on how this is done, see the manual page for fp.so.

Using the F-PROT Antivirus Preloadable Library Call Wrapper

When fp.so receives a open() function call, it sends a scan request of the file to the virus scanning daemon. Based on the results of the scan it either invokes the proper libc open() function, or returns a "Permission denied" error.

How to use it

As mentioned above, in order to use this on-access scanning technique, the user or administrator must configure the dynamic loader to load fp.so before it loads libc. This method is explained in detail in the fp.so manual page.

For further information on how to use the Preloadable Library Call Wrapper to protect your Samba share, please click here.

Back to Index

 
 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.