Computer Virus and Server-based Virus Protection

Only available on StudyMode
  • Download(s) : 59
  • Published : January 11, 2011
Open Document
Text Preview
Diploma Thesis
University of Applied Sciences Furtwangen, Germany Faculty of Computer Science - Computer Networking

Server-based Virus-protection On Unix/Linux

by Rainer Link

Advisor: Advisor: Finished: Public Release:

Prof. Hannelore Frank Prof. Dr. Rainer Mueller May, 28 2003 August, 2003

Evaluation and development of server-based anti-virus solutions, running on Linux/Unix, using the Internet Content Adaption Protocol (ICAP). The diploma thesis covers proof-of-concept solutions for web proxy (Squid), eMail server (sendmail/postfix) and file server (Samba), with focus on the latter one aiming to provide a (fully-featured) product.

On 07/21/1999, I sent the first patch to the maintainer of the AMaViS project (A Mail Virus Scanner,, GPL’ed1 ) fixing the AntiViral Toolkit Pro/Linux call. Since then - among other stuff - I wrote and maintained several anti-virus modules (and still do). So, with the help of other people, AMaViS supports a wide range of anti-virus products. But wouldn’t it be easier to maintain only one anti-virus module, implementing a common protocol, to support all those anti-virus scanners? Also, back in 1999, I was looking for an on-access virus scanning solution for Samba fileservers2 , receiving a first Linux kernel-based solution via email in June ’99. More than a year later, I came across the Samba Virtual File System (VFS)3 . A half year later, I digged into the Samba VFS and started to work on a small piece of code which eventually became the samba-vscan project: onaccess file scanning directly integrated into Samba (GPL’ed, too). As nearly all the code I wrote past years was put under an Open Source License, I decided to release this thesis under the terms of the GNU Free Documentation License.

GNU General Public License, see see e.g. 3 see e.g. id=219140&forum id=4829 2



Overview of the Thesis
Chapter 1 gives an overview of computer-viruses and some other types of malware. As well as anti-virus technologies and anti-virus deployment. Chapter 2 explains possible means to integrate third party anti-virus scanners into scripts and programs. Chapter 3 discusses the Internet Content Adaption Protocol (ICAP) with the focus to use this protocol for an anti-virus service. The developed ”icapclient” utility for scanning any file on disk using an ICAP anti-virus facility will be dissected, too. The results of some performance testings will be discussed as well. Chapter 4 explains briefly the use of AMaViS for protecting the mail server and the ICAP integration. Chapter 5 shows two possible concepts for on-access, real-time scanning of Samba shares; focused on the direct Samba integration as implemented by the samba-vscan project. Results of file retrieval tests illustrates impacts on performance. Chapter 6 discusses concepts for protecting HTTP/FTP transfers. Chapter 7 summerizes the results and gives a short future outlook.

First of all, I’d like to thank my advisors Prof. Hannelore Frank and Prof. Dr. Rainer Mueller for their support, feedback and suggestions. A professional thank you goes to the following persons and/or companies: • SuSE Linux AG for funding this diploma thesis and my AMaViS work for three years. • Travis Priest, Rui Ataide (Symantec USA) and Gerald Maronde (Symantec Germany) for providing me with the latest Symantec AntiVirus Engine product before it was public available and for various ICAP/Symantec AntiVirus Scan Engine related discussions. • Martin Stecher (WebWasher AG) for some email exchange about ICAP and WebWasher; Oxana Herzog and Elka Plattmann for sending a special trial evaluation key for the WebWasher CSM suite. • Christian Hofmann of DATSEC for offering the latest Kaspersky AntiVirus for File servers and a one year license key.

tracking img