Out of curiosity, how do you check the user’s rights? Are you opening
another file via ZwCreateFile? If so, you may be running into re-entrancy
problems with filter drivers above you.
Marc
-----Original Message-----
From: xxxxx@T-Systems.de [mailto:xxxxx@T-Systems.de]
Sent: Wednesday, February 28, 2001 3:34 AM
To: File Systems Developers
Subject: [ntfsd] problem with file system filter driver and virus
scannersHello everybody,
i have developed a file system filter driver, which attaches to some
specified file system devices to check the user’s rights in
case of an
IRP_MJ_CREATE.The filter driver works well as long as i don’t have a virus scanner
(McAfee, NAV, …) installed.
If my filter driver starts AFTER the virus scanner, it works.
If my filter driver starts BEFORE the virus scanner, it stops
working as
soon as the virus scanner’s filter driver attaches to the
same devices
objects.I tried to find out, why this happens and came to this: the
virus scanner’s
filter driver doesn’t use the pointer returned by
IoAttachDeviceToDeviceStack() (or IoAttacheDevice()
respectively) but sends
all requests with IoCallDriver() directly to the file system driver
itsself, i.e. skips all underlying filter drivers.Does anybody know, if my assumption is true? Is there another
way to filter
the file system or to force the virus scanner to send the
requests the
right way?
Alternatively: is there a way to start my filter driver right
after the
virus scanner loaded and attached to all devices?Thanks in advance.
Lothar
You are currently subscribed to ntfsd as: xxxxx@bionetrix.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com