FRISK Software International

Can I use the Preloadable Library Call Wrapper to protect my Samba shares?

To actively protect Windows workstation from, for instance contracting viruses that might be stored inside files residing on a UNIX samba (SMB/CIFS) server, on-access scanning is required. On-access scanning is provided by F-PROT Antivirus for UNIX using the Preloadable Library Call Wrapper (f-prot.so) and the F-PROT Antivirus Daemon scanner (f-protd).

This is how you do it:

By inserting the path to the Preloadable Library Call Wrapper (f-prot.so) in /etc/ld.so.preload (as described in the man page for f-prot.so), every file opened by any and all applications that use dynamic linking will be scanned before the application gets to read its contents. Please note that this will not work with statically linked executables.

If you feel that scanning every file opened by any and all applications that use dynamic linking is overkill, you can limit on-access scanning to "samba-shared files only", by skipping /etc/ld.so.preload and exporting the LD_PRELOAD environment variable to the smbd process explicitly.

Exactly how this is done depends on your distribution and how you start the samba server. In general, you will need to edit your samba startup script, usually called /etc/init.d/smb or /etc/init.d/samba and add the string:
LD_PRELOAD=/usr/local/f-prot/tools/f-prot.so
to the beginning of the line where smbd is started.

RedHat example:

In the file
/etc/init.d/smb
change the line:
daemon smbd $SMBDOPTIONS
to:
LD_PRELOAD="/usr/local/f-prot/tools/f-prot.so" daemon smbd $SMBDOPTIONS
SuSE example (from SuSE 8.2):

In the file

/etc/init.d/smb
change the line:
startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}
to:
LD_PRELOAD=/usr/local/f-prot/tools/f-prot.so startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}
Please note: You might further want to limit the scope of file scanning by setting scanning rules in /etc/f-prot.conf. We recommend that you create that file if it does not exist, even if you do not intend to use is as f-prot.so expects it to be there, no matter if it is empty. See the man page for f-prot.so for detailed information regarding /etc/f-prot.conf, f-prot.so in general and its configuration options.

For further information on F-PROT Antivirus' on-access scanner, please browse the on-line helpfiles for F-PROT Antivirus for UNIX Mail Servers or Files Servers and view the chapter on the Preloadable Library Call Wrapper.



Feedback | Contact Technical Support | Contact Sales Support

 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.

More information about F-Prot Antivirus for UNIX:
Help files
Manual pages

agoat@klaki.net argentina@f-prot.com argentina@frisk.is argentina@complex.is argentina@f-prot.is argentina@frisk-software.com argentina@f-prot.net argentina@f-prot.co.uk brazil@f-prot.com brazil@frisk.is brazil@complex.is brazil@f-prot.is brazil@frisk-software.com brazil@f-prot.net brazil@f-prot.co.uk malta@f-prot.com malta@frisk.is malta@complex.is malta@f-prot.is malta@frisk-software.com malta@f-prot.net malta@f-prot.co.uk a.bjani@f-prot.com a.bjani@frisk.is a.bjani@complex.is a.bjani@f-prot.is a.bjani@f-prot.co.uk a.bjani@frisk-software.com a.bjani@f-prot.net z.fifl@f-prot.com z.fifl@frisk.is z.fifl@complex.is z.fifl@f-prot.is z.fifl@f-prot.co.uk z.fifl@frisk-software.com z.fifl@f-prot.net strumpuri@complex.is strumpure@complex.is strumpuru@complex.is