Does F-PROT Antivirus for Linux include an on-access scanner?

Yes, F-PROT Antivirus for Linux File Servers and Mail Servers include an on access scanning component called the Preloadable Library Call Wrapper (f-prot.so).

Using the on-access scanner to protect your Samba shares:

To actively protect Windows workstations from contracting viruses that might be stored inside files residing on a Linux samba (SMB/CIFS) server, on-access scanning is required. On-access scanning is provided by F-PROT Antivirus for Linux using the Preloadable Library Call Wrapper (f-prot.so) and the F-PROT Antivirus Daemon Scanner (f-protd).

This is how you do it:

By inserting the path to the Preloadable Library Call Wrapper (f-prot.so) in /etc/ld.so.preload (as described in the man page for f-prot.so), every file opened by any and all applications that use dynamic linking will be scanned before the application gets to read its contents. Please note that this will not work with statically linked executables.

If you feel that scanning every file opened by any and all applications that use dynamic linking is overkill, you can limit on-access scanning to "samba-shared files only", by skipping /etc/ld.so.preload and exporting the LD_PRELOAD environment variable to the smbd process explicitly.

Exactly how this is done depends on your distribution and how you start the samba server. In general, you will need to edit your samba startup script, usually called /etc/init.d/smb or /etc/init.d/samba and add the string:

LD_PRELOAD=/usr/local/f-prot/tools/f-prot.so

to the beginning of the line where smbd is started. RedHat example:

In the file

/etc/init.d/smb

change the line:

daemon smbd $SMBDOPTIONS

to:

LD_PRELOAD="/usr/local/f-prot/tools/f-prot.so" daemon smbd $SMBDOPTIONS

SuSE example (from SuSE 8.2): In the file

/etc/init.d/smb

change the line:

startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}

to:

LD_PRELOAD=/usr/local/f-prot/tools/f-prot.so startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}

Please note: You might want to limit the scope of file scanning further by setting scanning rules in /etc/f-prot.so.conf. We recommend that you create this file if it does not exist, even if you do not intend to use it as f-prot.so expects it to be there, whether empty or not. See the man page for f-prot.so for detailed information regarding /etc/f-prot.so.conf, f-prot.so in general and its configuration options.

For further information on F-PROT Antivirus' on-access scanner, please browse the on-line helpfiles for F-PROT Antivirus for Linux Mail Servers or Files Servers and view the chapter on the Prealoadable Library Call Wrapper.

To view the man page for F-PROT Antivirus' Preloadable Library Call Wrapper, please click here.

Feedback | Contact Technical Support | Contact Sales Support