On-access virus checking in Samba

James Sutherland jas88 at cam.ac.uk
Tue May 16 16:43:28 GMT 2000

On Wed, 17 May 2000, Simon Harrison wrote:

> I want to implement on-access virus checking of a Samba share.
> I've 'hooked' dos_open() in lib/doscalls.c, performed a virus check before
> the 'wrapped' open(), and I simply return false if the file is found to
> contain a virus (prohibiting access), and write all the details to the logs
> (name of virus etc...).
> A few questions:
> 1) Should I be hooking dos_open() or something else for this?
> 2) Where would I hook if I wanted 'on close' scanning?
> 3) Would it be worth submitting the code as a patch, even though it relies
> on a proprietry virus scanner interface?  Or is the Samba community
> generally not interested in this kind of thing?

It sounds like an interesting/useful feature; however, why are you doing
it by patching Samba? You don't mention which platform you're on, but if
it's Linux, there is a move afoot to introduce a related capability (to
intercept syscalls a la ptrace, and modify the return value etc.)
system-wide. This way, you'd get the same functionality even if the file
is accessed via, say, an NFS client, FTP etc.


More information about the samba-technical mailing list