samba virus wrapper

Barry Smoke barry at arhosting.com
Mon Oct 15 11:35:12 GMT 2001


With the speed at which some of today's viruses spread, I don't think a cron
is good enough.  we need something that detects files written to a share,
and scans them immediately...maybe from a queue, or something.

preexec and postexec would be a start, where at, user specific file areas
are scanned.


-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
Behalf Of Joel Hammer
Sent: Friday, October 12, 2001 10:38 PM
To: Barry Smoke; samba at lists.samba.org
Subject: Re: samba virus wrapper


On Fri, Oct 12, 2001 at 10:04:19PM -0500, Barry Smoke wrote:
> o.k...mcafee works great on linux...
> It is our qmail scanner now....
> but, in order to even half assed protect the server, I would have to be
> running a cron job hourly(or sooner) on every samba share.
>
> Is there any way to queue files written to a samba share, so that they are
> not immediately scanned, but are scanned as soon as possible....then if
> infected, mcafee can clean, and notify the user that wrote the file, or
the
> sys admin.  If un-cleanable, send it to /var/infected, or something.
>
Don't know a thing about virus scanners but:
Can't the cron job (or daemon) just scan those files modified since the last
scan?
(For example, my Opera doesn't have plugins. To play audio files, I just
save
the link to a particular directory. I have a simple script in the background
watching that directory. As soon as a link arrives, the script plays it.
Rather nice, actually. I can download a bunch of links and then play them
all sequentially without further operator intervention.)
Could you just have multiple daemons, one for each share?
Could you start the daemon with a prexec when the user accesses the share?
The
nice part there is if the scanner daemon doesn't start, you could disallow
share access.
I posted a suggestion several days ago regarding having an upload share(s)
and download share(s), with the former unreadable and the latter
unwritable. Then, a daemon (could be just a script in the background) could
monitor the upload share, scan any file there, and process it as desired
after the scan is complete. Nobody responded to my suggestion.
(If I were a pro, I would never allow a client to overwrite a file in a
common directory, but would always backup the file before writing the new
one.)
Joel


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba





More information about the samba mailing list