SpIDer Guard for SMB

SpIDer Guard for SMB is a monitor of shared file system directories used by SMB file server Samba. This component is designed to monitor actions applied to files in Samba shared directories. It operates as a resident monitor and controls basic actions in the protected file system (creation, opening, closing, and read or write operation). Once the component intercepts such operation, it checks whether the file was modified and if so, a task to scan the file is created and sent to the file scanner Dr.Web File Checker. If the file requires scanning, Dr.Web File Checker initiates the scanning by scanning engine Dr.Web Scanning Engine.

To avoid conflicts between SpIDer Guard for SMB and SpIDer Guard, which may occur when scanning files in shared Samba directories, it is recommended to additionally configure SpIDer Guard by performing one of the following:

add shared Samba directories to the exclusion scope (specify these directories in ExcludedPath parameter)

add the Samba process (smbd) to the list of ignored processes (specify smbd in ExcludedProc parameter).

 

The SpIDer Guard for SMB monitor uses a special VFS SMB module for the integration with the Samba server. With SpIDer Guard for SMB, several versions of this module which are built for various versions of Samba are supplied. However, the supplied versions of the VFS SMB module may be incompatible with the version of Samba installed on your file server. It may occur, for example, if the Samba server uses the CLUSTER_SUPPORT option.

In case of incompatibility of the VFS SMB module with the Samba server, build the VFS SMB module for your Sambа server from the supplied source codes manually (including the compatibility with the CLUSTER_SUPPORT option if necessary).

The procedure of building the VFS SMB module from the supplied source codes is described in Appendix G.

 

Details:

Operation Principles

Command-Line Arguments

Configuration Parameters