FRISK Software International

F-PROT Antivirus for UNIX - Help
5.2 Protecting your Samba network shares
 

This section applies to F-PROT Antivirus for UNIX File Server and Mail Server versions only

Samba allows you to make your UNIX server act as a file server for Windows workstations connected on a network. Since such file servers generally contain shared network resources, protecting the server is essential to the system's security. To actively protect Windows workstation from, for instance contracting viruses that might be stored inside files residing on a UNIX samba (SMB/CIFS) server, either on-access scanning or filesystem monitoring is required. On-access scanning is provided by F-PROT Antivirus for Linux using either the Preloadable Library Call Wrapper (fp.so) and the F-PROT Antivirus Daemon scanner (fpscand) or via F-PROT's Filesystem Monitor (fpmon).

This is how you do it using the on-access scanner (fp.so/fpscand):

Exactly how this is done depends on your distribution and how you start the samba server. In general, you will need to edit your samba startup script, usually called /etc/init.d/smb or /etc/init.d/samba and add the string:

LD_PRELOAD=/opt/f-prot/tools/fp.so
to the beginning of the line where smbd is started.

RedHat example:
In the file

/etc/init.d/smb
change the line:

daemon smbd $SMBDOPTIONS

to:

LD_PRELOAD="/opt/f-prot/tools/fp.so" daemon smbd $SMBDOPTIONS

SuSE example (from SuSE 8.2):
In the file

/etc/init.d/smb
change the line:

startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}

to:

LD_PRELOAD=/opt/f-prot/fstools/fp.so startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}

Please note: You might further want to limit the scope of file scanning by setting scanning rules in /etc/f-prot.conf. See the man page for fp.so for detailed information regarding /etc/f-prot.conf, fp.so in general and its configuration options.

For SELinux users, see man page for fp.so for detailed description regarding the documentation and configuration in general.

This is how you do it using the F-PROT Filesystem Monitor (fpmon):

The F-PROT Filesystem Monitor requires you to have the Dazuko module inserted into your kernel.

Add the paths to the shared folders to be monitored to the FPMON_INCLUDEPATHS variable the f-prot.conf file like this:

FPMON_INCLUDEPATHS="/home/share1:/home/share2"

Subfolders in the monitored folders can be excluded by adding the paths to the FPMON_EXCLUEDPATHS variable in the f-prot.conf file like this:

FPMON_EXCLUDEPATHS="/home/share1/viruscollection:/home/share2/archive"

Back to Index

 
 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.