On-access scanner using preload LIBC library

The On-access scanner is invoked by user(s) access and/or operating system access to file system objects. This also explains the term On-access; the scanner is triggered on any attempt to access a selected file system object.

In the following sections, we will also describe the integration of the On-access scanner powered by Dazuko with Linux/BSD file system services. Using Dazuko may not be feasible in all situations, including system administrators who maintain critical systems where:

the source code and/or configuration files related to the running kernel are not available,

the kernel is more monolithic than modular,

the Dazuko module simply does not support the given OS.

In any of these cases, the On-access scanning technique based on the preload LIBC library should be used. See the following topics in this section for detailed information. Please note that this section is relevant only for Linux OS users and contains information regarding the operation, installation and configuration of the On-access scanner using the preload library ‘libesets_pac.so’.