|How does the Preloadable Library Call Wrapper work?|
In order for F-PROT Antivirus to scan all files before allowing applications to read their contents, f-prot.so needs to intercept these "open()" function calls before the runtime library's code is executed. This is done by setting the LD_PRELOAD environment variable. The dynamic linker then loads f-prot.so before the C runtime library. For further details on how this is done, see the manual page for f-prot.so.
When f-prot.so receives a open() function call, it sends a scan request of the file to the virus scanning daemon. Based on the results of the scan it either invokes the proper libc open() function, or returns a "Permission denied" error.
How to use the Preloadable Call Wrapper:As mentioned above, in order to use this on-access scanning technique, the user or administrator must configure the dynamic loader to load f-prot.so before it loads libc. This method is explained in detail in the f-prot.so manual page.
For further information, see Can I use the Preloadable Library Call Wrapper to protect your Samba share?.