This section applies to F-PROT Antivirus for UNIX File Server and Mail Server versions only
How does it work?
Normally, when an application needs to read and/or write to a file on disk, it calls the "open()" function (or one of it's variants) to access the file. This function is a part of the shared C runtime library, so when that function is called, a runtime process called a dynamic loader (ld.so) looks for that function inside the C runtime library (libc) and executes it.
In order for F-PROT Antivirus to scan all files before allowing applications to read their contents, fp.so needs to intercept these "open()" function calls before the runtime library's code is executed. This is done by setting the LD_PRELOAD environment variable. The dynamic linker then loads fp.so before the C runtime library. For further details on how this is done, see the manual page for fp.so.
When fp.so receives a open() function call, it sends a scan request of the file to the virus scanning daemon. Based on the results of the scan it either invokes the proper libc open() function, or returns a "Permission denied" error.
How to use it
As mentioned above, in order to use this on-access scanning technique, the user or administrator must configure the dynamic loader to load fp.so before it loads libc. This method is explained in detail in the fp.so manual page.
For further information on how to use the Preloadable Library Call Wrapper to protect your Samba share, please click here.