FRISK Software International

NAME

fpmon - F-PROT Filesystem monitor <discuss?>

 

SYNOPSIS

fpmon [-options]

 

DESCRIPTION

fpmon is a daemon that monitors file access in user defined directories and blocks access to virus infected files in those directories and subdirectories. Specific subdirectories can be excluded from monitoring.

 

DETAILED DESCRIPTION

fpmon uses the Dazuko kernel module (www.dazuko.com) to monitor and control file access. When a file in monitored directories is accessed, fpmon intercepts the file access, scans the file, denies access if a virus is found and creates a log entry for the event.

All settings for fpmon are defined in a configuration file, /etc/f-prot.conf, which is read at startup (see man pages on f-prot.conf for details).

Note that you must be logged in as root to start fpmon.

 

STARTUP OPTIONS

-f, --foreground
Causes fpmon to stay in attached to the controlling tty and to output messages to stderr instead of to syslog. Default behavior is to detach and daemonize and syslog events.
-d, --deffile </path/to/deffile>
Instructs fpmon to use the specified antivir.def instead of searching for it in default locations.
--logfile </path/to/logfile>
Instructs fpmon to log to the specified file instead of using syslog or stderr.
--adware
Instructs fpmon to flag adware
--applications
Instructs fpmon to flag potentially unwanted applications
-h, --help
Prints help

 

REQUIRES

fpmon uses the Dazuko kernel module to control file access on kernel level and requires Dazuko to be installed on the system (see www.dazuko.com for further information and instructions on how to install Dazuko on your system).

 

CONFIGURATION OPTIONS

F-PROT UNIX products use a common configuration file, typically located in /etc/f-prot.conf. The following configuration options are fpmon specific:

FPMON_INCLUDEPATHS
A colon separated list of paths that the fpmon will monitor.
FPMON_EXCLUDEPATHS
A colon separated list of paths that the fpmon will exclude from monitoring.
FPMON_LOGLEVEL
This value indicates what events are logged and is very similar to the syslog levels 0 (EMERG) - 7 (DEBUG) except that values less than 3 are not used and cause fpmon to be completely quiet. The default is 4 (LOG_WARNING) which logs warnings and errors. See 'man 3 syslog' and 'man 7 syslog'.
FPMON_LOGFACILITY
The log facility to use. Valid options are LOG_DAEMON, LOG_USER and LOG_MAIL which correspond to the same syslog values. You can specify other absolute integer values used by syslog which will be blindly used.
FPMON_REFUSE_ON_ERROR
Instructs fpmon what to do if an error occurs while the scan is being performed. Allowed values are "no" (default) which allows access while "yes" causes access to be denied as if the file was infected.
The f-prot.conf file has more details on how exactly these variables are configured.

 

LICENSING

For information about licensing, see the LICENSE file that comes with F-PROT Antivirus.

 

CONTACT INFORMATION

Please direct any feedback to:

http://www.f-prot.com/support/contact_support.html

Updates will be advertised on: http://www.f-prot.com/

 

SEE ALSO

fpscan(1)
f-prot.conf(5)
fp.so(8)
fpscand(8)

 
Frequently Asked Questions by platform
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Helpfiles
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Life cyle policy
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
more...
Glossary of Terms
Definitions of common antivirus terminology.
more...