Re: ClamAV

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Aldrich wrote:
Is there any to do on-access scanning with ClamAV *without* having Dazuko? Someone posted a problem here earlier and it got me thinking. We *know* we have a problem doing on-access scanning with ClamAV, and surely someone has thought about trying to find a way around not being able to use Dazuko. Why are we still having this problem with Dazuko??? Can someone not come up with a better way to interface between file access calls and the antivirus than having a kernel module that has to be recompiled each time? Not to mention that due to an incompatibility with the way the kernel is compiled, we can't compile Dazuko.

Just something for some folks who can program to chew on. :-) I'm sure there are some really good programmers out there. I'm not one of them, unfortunately, or I'd take a crack at it. :-)

It is possible that a userland solution could be produced using the INOTIFY feature in the newer kernels. I have yet to use this myself so have little knowledge on its limitations but reading the manual page it look like directories can be monitored, so an opt in scheme that monitored 'disc' by monitoring all of the directories in them and scanning newly created/altered files would work. This would find virus files once they been created (but may not be able to delete them if another process has the handle open).

So there would be some windows of vulnerability, but this may be good enough.

An alternative for CIFS servers is to modify the SAMBA system to run Clamav on the files as they are written, so that file server clients see a on write scan behaviour from the server. This is also a partial solution.

Of course this would need a programmer to find time to do this. I have the skills but not the time, ho hum!

Howard

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux