Manualshelf

Installation manual

ManualsBrandsESET ManualsComputer equipmentNOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER
11121314151617181920
13
of the NOD32LFS/NOD32BFS product and thus it must be compiled and installed into the kernel prior the NOD32 on-
access scanner (nod32dac daemon) initialization. On the other hand the Dazuko technique make on-access scanning
independent of used le system type. It is also suitable for controlling le system objects via Network File System (NFS),
Nettalk and Samba.
The additional installation of the Dazuko module can be non-wished for Linux OS system administrators which
carry on the critical systems where source code and/or conguration le appropriate to the currently running kernel
is not available or the kernel is rather monolithic than modular. In this case the second discussed on-access scanning
technique based on the preload LIBC library comes in handy.
IMPORTANT: Before we provide user with the detailed information related with the on-access scanner conguration
and operation, we would like to point out that any NOD32 on-access scanner is not assumed to provide protection of
whole le system where installed. It has been developed and tested to protect primarily the le systems mounted
externally. If this is not your case, you will have to count on exclusion of multiple directories from le access control
to prevent system from hang-up. Typical directory to be excluded in this case is ‚/dev‘ directory or directories used by
NOD32LFS/NOD32BFS.
4.2.1. On-access scanner powered by Dazuko
This section contains information concerned with operation, installation and conguration of on-access scanner
using Dazuko kernel module.
4.2.1.1. Operation principle
On-access scanner ‘nod32dac’ (NOD32 Dazuko powered le Access Controller) is a resident program (daemon)
providing permanent monitoring and control over the le system. Scanning of each le system object is performed
upon customizable le access event of the user and/or operating system. The following le access types are supported
by the current version:
ON_OPEN events
This le access type is controlled once the rst bit of the integer parameter event_mask’ in the main NOD32
conguration le (section [dac]) is 1. In this case ON_OPEN bit of Dazuko access mask is set on.
ON_CLOSE events
This le access type is controlled once second bit of the integer parameter ’event_mask’ in the main NOD32
conguration le (section [dac]) is 1. In this case ON_CLOSE bit and ON_CLOSE_MODIFIED bit of Dazuko access mask
is set on.
Note that some of the kernel versions do not support interception of the ON_CLOSE events. In this case problems
could be detected when running nod32dac module.
ON_EXEC events
This le access type is controlled once third bit of the integer parameter event_mask’ in the main NOD32
conguration le (section [dac]) is 1. In this case ON_EXEC bit of Dazuko access mask is set on.
By using this mechanism all opened, closed and executed regular les are scanned by daemon nod32d for viruses.
Based on the result of this scanning the access to the les is denied or allowed.
chapter 4 / Integration with Linux/BSD File System