John Aldrich wrote:
Is there any to do on-access scanning with ClamAV *without* having Dazuko?
Someone posted a problem here earlier and it got me thinking. We *know* we
have a problem doing on-access scanning with ClamAV, and surely someone has
thought about trying to find a way around not being able to use Dazuko. Why
are we still having this problem with Dazuko??? Can someone not come up
with a better way to interface between file access calls and the antivirus
than having a kernel module that has to be recompiled each time? Not to
mention that due to an incompatibility with the way the kernel is compiled,
we can't compile Dazuko.
Just something for some folks who can program to chew on. :-) I'm sure
there are some really good programmers out there. I'm not one of them,
unfortunately, or I'd take a crack at it. :-)
It is possible that a userland solution could be produced using the
INOTIFY feature in the newer kernels. I have yet to use this myself so
have little knowledge on its limitations but reading the manual page it
look like directories can be monitored, so an opt in scheme that
monitored 'disc' by monitoring all of the directories in them and
scanning newly created/altered files would work. This would find virus
files once they been created (but may not be able to delete them if
another process has the handle open).
So there would be some windows of vulnerability, but this may be good
enough.
An alternative for CIFS servers is to modify the SAMBA system to run
Clamav on the files as they are written, so that file server clients see
a on write scan behaviour from the server. This is also a partial solution.
Of course this would need a programmer to find time to do this. I have
the skills but not the time, ho hum!
Howard
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
