VFS Virus Scanner idea...

bdavids1 at gmu.edu bdavids1 at gmu.edu
Thu Sep 12 19:43:00 GMT 2002

I manage some NetWare servers.  Yes, there is such software.  It uses 
the File System Event Services API Novell has.  Just hooks into every 
write, or every read & every write (depending on how you configure anti-
virus software).

There are some gotchas when it comes to server based anti-virus.  
Assuming you have up to date virus definitions, the server will not 
allow a virus to be written to the server.  An infected workstation 
still may create lots of problems for you though.  Lovebug on high end 
workstations produced about 5000 packets per second to the fileserver 
(scanning directories for files it could infect).

Viruses that delete files or overwrite them with nulls are still able 
to execute on unprotected workstations, and can destroy data stored on 
a fileserver.  There is no way for a server to detect the difference 
between a well intentioned delete request and a malicious one.

I think there may already be some Linux Anti-Virus that works in this 
way.  I'm not too sure, as we're a Novell shop.

Brian Davidson
George Mason University

> I was at a meeting today and one of the participants came up to me 
> after 
> the meeting to ask a Samba-related question.  The problem he is 
> facing 
> is that he's got a bunch of Windows clients which are, of course, 
> vulnerable to viruses and such.  During the meeting there was some 
> discussion of software that would run on a Novell NetWare server 
> and scan 
> for windows viruses in "real time".  The question was: could this 
> be done 
> with Samba?
> After thinking a moment it occurred to me that it should be 
> possible to 
> build a Samba VFS layer that would do virus scanning *iff* there 
> is Open 
> Source virus scanning software available.  Files could be scanned 
> on open, 
> create, close.
> I don't know if this idea has been suggested before.  I think it 
> would be
> a very nice feature for Samba if it could be made to work.
> Chris -)------

More information about the samba-technical mailing list