fpmon - F-PROT Filesystem monitor <discuss?>
is a daemon that monitors file access in user defined directories and blocks access to virus infected files in those directories and subdirectories. Specific subdirectories can be excluded from monitoring.
uses the Dazuko kernel module (www.dazuko.com
) to monitor and control file access. When a file in monitored directories is accessed, fpmon intercepts the file access, scans the file, denies access if a virus is found and creates a log entry for the event.
All settings for fpmon are defined in a configuration file, /etc/f-prot.conf, which is read at startup (see man pages on f-prot.conf for details).
Note that you must be logged in as root to start fpmon.
- -f, --foreground
Causes fpmon to stay in attached to the controlling tty and to output messages to stderr instead of to syslog. Default behavior is to detach and daemonize and syslog events.
- -d, --deffile </path/to/deffile>
Instructs fpmon to use the specified antivir.def instead of searching for it in default locations.
- --logfile </path/to/logfile>
Instructs fpmon to log to the specified file instead of using syslog or stderr.
Instructs fpmon to flag adware
Instructs fpmon to flag potentially unwanted applications
- -h, --help
uses the Dazuko kernel module to control file access on kernel level and requires Dazuko to be installed on the system (see www.dazuko.com
for further information and instructions on how to install Dazuko on your system).
F-PROT UNIX products use a common configuration file, typically located in /etc/f-prot.conf.
The following configuration options are fpmon specific:
A colon separated list of paths that the fpmon will monitor.
A colon separated list of paths that the fpmon will exclude from monitoring.
This value indicates what events are logged and is very similar to the syslog levels 0 (EMERG) - 7 (DEBUG) except that values less than 3 are not used and cause fpmon to be completely quiet. The default is 4 (LOG_WARNING) which logs warnings and errors. See 'man 3 syslog' and 'man 7 syslog'.
The log facility to use. Valid options are LOG_DAEMON, LOG_USER and LOG_MAIL which correspond to the same syslog values. You can specify other absolute integer values used by syslog which will be blindly used.
Instructs fpmon what to do if an error occurs while the scan is being performed. Allowed values are "no" (default) which allows access while "yes" causes access to be denied as if the file was infected.
- The f-prot.conf file has more details on how exactly these variables are configured.
For information about licensing, see the LICENSE file that comes with F-PROT Antivirus.
Please direct any feedback to:
Updates will be advertised on: http://www.f-prot.com/