[Samba] scannedonly samba anti-virus vfs module
Olivier Sessink
lists at olivier.pk.wau.nl
Tue Dec 11 19:48:09 GMT 2007
James R Grinter wrote:
> On Sun, Dec 09, 2007 at 11:28:36AM +0100, Olivier Sessink wrote:
>> daemons. The daemon scans files. If a certain file is clean, a second
>> file is created with prefix .scanned:. The samba module simply looks if
>> such a .scanned: file exists, and is newer than the pertinent file. If
>> this is the case, the file is shown to the user. If this is not the
>
> I have a suggestion for extending this idea. There should be a mechanism
> to allow the file to be rescanned again whenever the pattern file is updated.
it's possible. But realize that this happens fairly often (the clamAV
database, for example, changes about 3 times each day). If your samba
server has several terabytes of data, it will be continuously scanning.
Before the scanning is finished, the database would be renewed already.
So I'm not sure if this is a very realistic option to deploy. Can you
give some examples from situations in which you would deploy this option?
To implement this, the tricky thing is to tell the vfs module what the
most recent database is. Currently all communucation is one-way. The vfs
module tells the AV-daemon only if it hits a file that has not been
scanned yet. So if the AV-daemon is offline, most of the data on the
samba server is still available. If the module has to check if the
scanning time is older than the AV-database, it becomes quite dependent
on the AV-daemon.
regards,
Olivier
More information about the samba
mailing list