Network File Sharing (NFS) allows a computer to share directories and files with other computers over a network. It consists of two main parts: a server and one or more clients. NFS is a client/server system, but, the hosts involved can be both. It can share file systems over the network (export) and import file systems from other hosts (mount). The NFS Server hosts the files and directories. Any computer that accesses those files and directories is considered an NFS Client.
McAfee VirusScan Enterprise for Linux (VSEL) can be installed on both NFS Server and an NFS Client.
NFS Exports
An NFS export is any directory exported by an NFS Server that can be imported or mounted on client systems.
For example, an NFS export from an NFS Server:
[root@testnfs ~]# cat /etc/exports
/root/testnfs *(rw)
/export *(rw,sync,no_root_squash)
How VSEL operates on an NFS Server
When VSEL is installed on a system that acts as an NFS Server, VSEL scans the files during a file open or close on the local file system. But, any write operation on an NFS exported file system from a remote NFS Client does not get scanned. All read operations from an NFS Exported file system are scanned during the file open call that is issued during a read access.
NOTE: Suppose that VSEL is installed on an NFS Server, but not on the NFS Client. If an infection is written to the mounted share, the NFS client writes it to the exported share on the NFS server. A subsequent read action might not trigger a detection if the NFS Client accesses the data from its own client cache (caching is enabled by default on NFS Client) rather than reading from the server.
How VSEL operates on an NFS Client
When VSEL is installed on a computer that acts as an NFS Client, it scans files during any file open or file close calls on a local file system. When accessing files from a remote computer acting as an NFS Client, VSEL scans the files on both file open and file close calls.
Detection and quarantine
If VSEL is installed on an NFS Client, a detection while writing to the NFS Server gets detected at the client.
See
KB73298 for information about quarantining infected files from remote systems.
