samba virus wrapper
Joel Hammer
Joel at HammersHome.com
Fri Oct 12 20:36:01 GMT 2001
On Fri, Oct 12, 2001 at 10:04:19PM -0500, Barry Smoke wrote:
> o.k...mcafee works great on linux...
> It is our qmail scanner now....
> but, in order to even half assed protect the server, I would have to be
> running a cron job hourly(or sooner) on every samba share.
>
> Is there any way to queue files written to a samba share, so that they are
> not immediately scanned, but are scanned as soon as possible....then if
> infected, mcafee can clean, and notify the user that wrote the file, or the
> sys admin. If un-cleanable, send it to /var/infected, or something.
>
Don't know a thing about virus scanners but:
Can't the cron job (or daemon) just scan those files modified since the last scan?
(For example, my Opera doesn't have plugins. To play audio files, I just save
the link to a particular directory. I have a simple script in the background
watching that directory. As soon as a link arrives, the script plays it.
Rather nice, actually. I can download a bunch of links and then play them
all sequentially without further operator intervention.)
Could you just have multiple daemons, one for each share?
Could you start the daemon with a prexec when the user accesses the share? The
nice part there is if the scanner daemon doesn't start, you could disallow
share access.
I posted a suggestion several days ago regarding having an upload share(s)
and download share(s), with the former unreadable and the latter
unwritable. Then, a daemon (could be just a script in the background) could
monitor the upload share, scan any file there, and process it as desired
after the scan is complete. Nobody responded to my suggestion.
(If I were a pro, I would never allow a client to overwrite a file in a
common directory, but would always backup the file before writing the new
one.)
Joel
More information about the samba
mailing list