On-access virus checking in Samba

[Simon Harrison]

Thanks for the information, but in this way bugs in the virus scanner can
crash the kernel!  Since virus scanners are non-trivial I wouldn't fancy
having the stability issues of changing a kernel in this way.  I suppose it
depends on how it will be implemented.

Samba gives a cross-platform solution, and I think the biggest threat is
from networked Windows PCs (which are not likely to be running NFS clients).
By patching Samba instead of the kernel I get to cover AIX, Solaris,
FreeBSD, SCO etc...

-Simon.

------Original Message------
From: James Sutherland <jas88 at cam.ac.uk>
To: Multiple recipients of list SAMBA-TECHNICAL
<samba-technical at samba.org>
Sent: May 16, 2000 4:44:50 PM GMT
Subject: Re: On-access virus checking in Samba


On Wed, 17 May 2000, Simon Harrison wrote:

> I want to implement on-access virus checking of a Samba share.
> I've 'hooked' dos_open() in lib/doscalls.c, performed a virus check before
> the 'wrapped' open(), and I simply return false if the file is found to
> contain a virus (prohibiting access), and write all the details to the
logs
> (name of virus etc...).
>
> A few questions:
>
> 1) Should I be hooking dos_open() or something else for this?
> 2) Where would I hook if I wanted 'on close' scanning?
> 3) Would it be worth submitting the code as a patch, even though it relies
> on a proprietry virus scanner interface?  Or is the Samba community
> generally not interested in this kind of thing?

It sounds like an interesting/useful feature; however, why are you doing
it by patching Samba? You don't mention which platform you're on, but if
it's Linux, there is a move afoot to introduce a related capability (to
intercept syscalls a la ptrace, and modify the return value etc.)
system-wide. This way, you'd get the same functionality even if the file
is accessed via, say, an NFS client, FTP etc.


James.

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup