samba virus wrapper

Barry Smoke barry at
Mon Oct 15 11:35:12 GMT 2001

With the speed at which some of today's viruses spread, I don't think a cron
is good enough.  we need something that detects files written to a share,
and scans them immediately...maybe from a queue, or something.

preexec and postexec would be a start, where at, user specific file areas
are scanned.

-----Original Message-----
From: samba-admin at [mailto:samba-admin at]On
Behalf Of Joel Hammer
Sent: Friday, October 12, 2001 10:38 PM
To: Barry Smoke; samba at
Subject: Re: samba virus wrapper

On Fri, Oct 12, 2001 at 10:04:19PM -0500, Barry Smoke wrote:
> o.k...mcafee works great on linux...
> It is our qmail scanner now....
> but, in order to even half assed protect the server, I would have to be
> running a cron job hourly(or sooner) on every samba share.
> Is there any way to queue files written to a samba share, so that they are
> not immediately scanned, but are scanned as soon as possible....then if
> infected, mcafee can clean, and notify the user that wrote the file, or
> sys admin.  If un-cleanable, send it to /var/infected, or something.
Don't know a thing about virus scanners but:
Can't the cron job (or daemon) just scan those files modified since the last
(For example, my Opera doesn't have plugins. To play audio files, I just
the link to a particular directory. I have a simple script in the background
watching that directory. As soon as a link arrives, the script plays it.
Rather nice, actually. I can download a bunch of links and then play them
all sequentially without further operator intervention.)
Could you just have multiple daemons, one for each share?
Could you start the daemon with a prexec when the user accesses the share?
nice part there is if the scanner daemon doesn't start, you could disallow
share access.
I posted a suggestion several days ago regarding having an upload share(s)
and download share(s), with the former unreadable and the latter
unwritable. Then, a daemon (could be just a script in the background) could
monitor the upload share, scan any file there, and process it as desired
after the scan is complete. Nobody responded to my suggestion.
(If I were a pro, I would never allow a client to overwrite a file in a
common directory, but would always backup the file before writing the new

To unsubscribe from this list go to the following URL and read the

More information about the samba mailing list