samba virus wrapper

David Collier-Brown davecb at canada.sun.com
Fri Oct 12 10:35:37 GMT 2001


Barry Smoke wrote:
| We were invaded by multiple viruses on our samba server today.  
...
|						Some of these
| latest viruses also invade network connections also, and I 
| have seen discussion of this on this list.  I was able to 
| protect against nimda with the veto files global option, but 
| all of our jpegs are now3 .vbs from another virus
...
| There are several scanners that work on linux, but that I 
| know of, none that can integrate into samba to provide on the 
| fly scanning of anything written to the server.

	Hmmn: this could be done by a vfs module, which
	on open(file,O_WRONLY|O_RDWR|O_APPEND) opens the file	
	with  mode 700 (or chmods it to 700), writes the
	data and then chmods it to 0 and passes it to a
	commercial virus scanner.  On completion, it's
	permission are reset to normal.

	1) This will make all writes slow.
	2) There is a window during writing during which
	   a program running as the same user can read it,
	   virus and all.
	3) There is also a window induced by MS Windows apps
	   sometimes writing to a madcap name and then issuing
	   a rename.  If the rename occurs before the virus scan
	   completes, something Will Go Wrong.
	4) depending on the virus scanner, scanning log
	   files which are being appended to will eat CPU.

	Many of these issues can be resolved by a virus-scanning
	company: if you already have McAfee, I recommend you 
	have a word with them.

--dave
--
David Collier-Brown,           | Always do right. This will gratify 
Americas Customer Engineering, | some people and astonish the rest.
SunPS Integration Services.    |                      -- Mark Twain
(905) 415-2849                 | davecb at canada.sun.com




More information about the samba mailing list