FRISK Software International

Please note that this component is only available in F-PROT Antivirus for Linux Mail Servers

1.4 F-PROT Antivirus Preloadable Library Call Wrapper (f-prot.so)

How does it work?

Normally, when an application needs to read and/or write to a file on disk, it calls the "open()" function (or one of it's variants) to access the file. This function is a part of the shared C runtime library, so when that function is called, a runtime process called a dynamic loader (ld.so) looks for that function inside the C runtime library (libc) and executes it.

Not using the F-PROT Antivirus Preloadable Library Call Wrapper

In order for F-PROT Antivirus to scan all files before allowing applications to read their contents, f-prot.so needs to intercept these "open()" function calls before the runtime library's code is executed. This is done by setting the LD_PRELOAD environment variable. The dynamic linker then loads f-prot.so before the C runtime library. For further details on how this is done, see the manual page for f-prot.so.

Using the F-PROT Antivirus Preloadable Library Call Wrapper

When f-prot.so receives a open() function call, it sends a scan request of the file to the virus scanning daemon. Based on the results of the scan it either invokes the proper libc open() function, or returns a "Permission denied" error.

How to use it

As mentioned above, in order to use this on-access scanning technique, the user or administrator must configure the dynamic loader to load f-prot.so before it loads libc. This method is explained in detail in the f-prot.so manual page.

For further information, see Protecting your Samba network shares against viruses.

< Previous | Back to Index | Next >
 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.