[OpenAFS] Re: On-Access Virus Scanning
Andrew Deason
adeason@sinenomine.net
Sun, 20 Dec 2009 21:36:50 -0500
On Sun, 20 Dec 2009 09:46:31 -0500
Jason Edgecombe <jason@rampaginggeek.com> wrote:
> It might be possible to kludge something together using the verbose
> fileserver logs and a virus scanning daemon with AFS administrator
> privileges, but I'm not sure if anyone has done such a thing. I think
> most folks rely on client-side virus scanning.
The fileserver audit logs would be a better choice than the normal logs
with debugging turned up, I think. 1.5 has the ability to send audit
logs to a sysv message queue, too, which can be more convenient for live
processing.
It would not be difficult to write a tool to read in output from the
audit logs, read the corresponding FID from the fileserver, and scan it
for viruses. However, that would probably result in you finding out that
a file as a virus _after_ the client has successfully read the file (and
has probably opened/executed/etc it). I also have not heard of anyone
doing such a thing.
--
Andrew Deason
adeason@sinenomine.net