Operation principle

The On-access scanner libesets_pac.so (ESETS Preload library based file Access Controller) is a shared objects library which is activated at system start up. This library is used for LIBC calls by file system servers such as FTP server, Samba server etc. Every file system object is scanned based on customizable file access event types. The following event types are supported by the current version:

Open events

This file access type is activated if the word ‘open’ is present in the ‘event_mask’ parameter in the esets.cfg file ([pac] section).

Create (close) events

This file access type is activated if the word ‘create’ is present in the ‘event_mask’ parameter in the esets.cfg file ([pac] section). In this case, all file descriptor and FILE stream create/close functions of the LIBC are intercepted.

Exec events

This file access type is activated if the word ‘exec’ is present in the ‘event_mask’ parameter in the esets.cfg ([pac] section). In this case, all exec functions of the LIBC are intercepted.

 

All opened, closed and executed files are scanned by the ESETS daemon for viruses. Based on the result of such scans, access to given files is denied or allowed.