Virus scanner for samba file server

Martin Radford martin at zamenhof.demon.co.uk
Wed Jan 10 23:16:59 GMT 2001 

> >> The product is called VirusScan, you can download an evaluation from:
> >> http://www.nai.com/asp_set/buy_try/try/products_evals.asp
> >> 
> > Great!  Thanks a ton.  Just to be clear, this software is suitable to be ran
> > on a server?  -m
> 
> I only ask because the VirusScan software seems to be aimed at the desktop
> and not intended to protect a file or email server from distributing
> infected files or emails.  -m

It's *not* an on-access scanner (which is the way that traditional
Windows anti-virus products generally work), so it's not a substitute
for running an on-access scanner on the clients.

We (that is, my employers) have run the McAfee product on Windows
NT/9x/3.1 for a year or so, having moved from Dr Solomon's (which NAI
bought out and merged with the McAfee product line).  We've recently
started using Samba on production file servers, and since our site
licence covers the Unix products we thought it would be worth running
it to protect against the risks of transferring viruses in departments
which are sluggish in keeping their desktop virus software up-to-date.
(First-level IT support, including installation and upgrading of
anti-virus software is devolved to individual departments - the joys
of working at a University.)

The realistic way to run the Unix version of the NAI product is to
schedule scans to run overnight.  Unfortunately, that does leave a gap
between the saving of the file to the server and its disinfection.

To the best of my knowledge, we've not looked at doing virus scanning
on our mail servers, and since I don't have any role in administering
the mail system I don't know how feasible it would be.  I think NAI do
have a product that does mail scanning but I know nothing about it.

I don't know how suitable the Samba architecture is to hooking in a
virus scanner to do some kind of on-access scanning; for example,
triggering a scan on "file open for read/execute" and "file close (if
originally opened for writing)".  Expert opinions?

Martin
-- 
Martin Radford              |   "Only wimps use tape backup: _real_ 
martin at zamenhof.demon.co.uk | men just upload their important stuff  -o)
Registered Linux user #9257 |  on ftp and let the rest of the world  /\\
- see http://counter.li.org |       mirror it ;)"  - Linus Torvalds _\_V

More information about the samba mailing list