Samba allows you to make your Linux server act as a file server for Windows workstations connected on a network. Since such file servers generally contain shared network resources, protecting the server is essential to the system's security. To actively protect Windows workstation from, for instance contracting viruses that might be stored inside files residing on a Linux samba (SMB/CIFS) server, on-access scanning is required. On-access scanning is provided by F-Prot Antivirus for Linux using the Preloadable Library Call Wrapper (f-prot.so) and the F-Prot Antivirus Daemon scanner (f-protd).
This is how you do it
Exactly how this is done depends on your distribution and how you start the samba server. In general, you will need
to edit your samba startup script, usually called /etc/init.d/smb or /etc/init.d/samba and add the string:
LD_PRELOAD=/usr/local/f-prot/tools/f-prot.soto the beginning of the line where smbd is started.
RedHat example:
In the file
/etc/init.d/smbchange the line:
daemon smbd $SMBDOPTIONS
to:
LD_PRELOAD="/usr/local/f-prot/tools/f-prot.so" daemon smbd $SMBDOPTIONS
SuSE example (from SuSE 8.2):
In the file
/etc/init.d/smbchange the line:
startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}
to:
LD_PRELOAD=/usr/local/f-prot/tools/f-prot.so startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}
Please note: You might further want to limit the scope of file scanning by setting scanning rules in /etc/f-prot.so.conf. See the man page for f-prot.so for detailed information regarding /etc/f-prot.so.conf, f-prot.so in general and its configuration options.
Back to Index Next