samba virus wrapper
David Collier-Brown
davecb at canada.sun.com
Fri Oct 12 10:35:37 GMT 2001
Barry Smoke wrote:
| We were invaded by multiple viruses on our samba server today.
...
| Some of these
| latest viruses also invade network connections also, and I
| have seen discussion of this on this list. I was able to
| protect against nimda with the veto files global option, but
| all of our jpegs are now3 .vbs from another virus
...
| There are several scanners that work on linux, but that I
| know of, none that can integrate into samba to provide on the
| fly scanning of anything written to the server.
Hmmn: this could be done by a vfs module, which
on open(file,O_WRONLY|O_RDWR|O_APPEND) opens the file
with mode 700 (or chmods it to 700), writes the
data and then chmods it to 0 and passes it to a
commercial virus scanner. On completion, it's
permission are reset to normal.
1) This will make all writes slow.
2) There is a window during writing during which
a program running as the same user can read it,
virus and all.
3) There is also a window induced by MS Windows apps
sometimes writing to a madcap name and then issuing
a rename. If the rename occurs before the virus scan
completes, something Will Go Wrong.
4) depending on the virus scanner, scanning log
files which are being appended to will eat CPU.
Many of these issues can be resolved by a virus-scanning
company: if you already have McAfee, I recommend you
have a word with them.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Americas Customer Engineering, | some people and astonish the rest.
SunPS Integration Services. | -- Mark Twain
(905) 415-2849 | davecb at canada.sun.com
More information about the samba
mailing list