No subject


Mon Dec 1 11:34:25 GMT 2003 

sending a delete request does actually delete the file and does not move
it into the recycle bin.

This is also an async process. There is no blocking to wait for the
operation to complete or return. It is simply an event. Using this
method, under windows, to scan for a virus will not work. Since this
mechanism is event driver, you can not block the FSD request to wait for
the scan to complete. It must be done in a kernel-leve file system
filter driver so that you can control the synchronicity of the scan
operation.

Maybe under Linux, this event mechanism is different, but, if it is not,
is will be possible for users to open the file, execute the virus before
the event receiver has had the opportunity to scan the file for a virus.

Jamey

-----Original Message-----
From: samba-ntdom-admin at lists.samba.org
[mailto:samba-ntdom-admin at lists.samba.org] On Behalf Of Michael
Heironimus
Sent: Saturday, November 10, 2001 11:17 AM
To: samba at lists.samba.org; samba-ntdom at lists.samba.org
Subject: Re: Patch for events like "On Create", "On Modify"...


On Sat, Nov 10, 2001 at 03:21:17PM -0200, Daniel William Schultz wrote:
> Why don't create one patch for "On Create/Modify" event ? We could use

> it for checking viruses "on the fly", dont you think ?

I haven't tried this module so I can't personally vouch for its function
(I can't even say if it compiles with the current release of samba), but
if you do a web search on "samba-fu" you should find a few references to
samba-fu 0.1. This is a VFS module that pretty much does what you're
looking for - it allows you to specify an arbitrary command to be run on
the successful completion of a number of actions.

If you need a delaying action for your boss you might point out that on
a busy server scanning every file will generate a great deal of overhead
and may slow it down unacceptably. While I'm very much in favor of doing
virus scans of Samba shares, an automatic nightly full scan plus the
occasional manual scan if you have a virus outbreak might be a better
policy. That combined with a well-thought-out antivirus policy on the
desktop side should take care of most of your problems.

-- 
Michael Heironimus

More information about the samba mailing list