[wongarsu]

There is no equivalent on Linux. That's why linux has no online antivirus scanners (scanners that scan the file as it's opened) while this is a basic feature of every antivirus program on Windows.

Linux has device mappers (dm-crypt, dm-raid and friends). But those sit below the file system, emulating a device. Window's file system filter drivers sit above the file system, intercepting API calls to and from the file system. That's super useful if you want to check file contents on access, track where files are going, keep an audit log of who accessed a file, transparently encrypt single files instead of whole volumes, etc. But you pay the price for all that flexibility in performance.

[Spivak]

Sure there is, you're talking about fanotify.

https://man7.org/linux/man-pages/man7/fanotify.7.html

https://lwn.net/Articles/339399/

It even lets you block the access until the scan/decision is made.

[account42]

> That's super useful if you want to check file contents on access, track where files are going, keep an audit log of who accessed a file, transparently encrypt single files instead of whole volumes

Or if you just want to generally make the filesystem so slow that everyone has to invent their own pack files just to avoid file system api calls as much as possible.

[SSLy]

What are the APIs related to this named?

[mastax]

IO Minifilter drivers are the modern version: https://learn.microsoft.com/en-us/windows-hardware/drivers/i...