I studied the ClamAuth driver code. It's one-way notification now. Yes, Growl can be used for the one-way notification.
There maybe the case that the virus file runs for few seconds before the clamd quarantines or deletes it. The Mac's kernel authentication has another advantage which is not used in the driver, the open/execute action of virus file can be refused in the driver before its running, like DazukoFS or fanotify. So a two-way communication is needed, driver get response from user about whether to accept or refuse the file operation. Fanotify is one part of Linux kernel (>2.6?), which filter file access and refuse or accept it. I once raise a bug of it: http://lkml.indiana.edu/hypermail/linux/kernel/1110.1/00292.html. I think we can use fanotify on Linux too, then it becomes driverless. On Fri, Apr 6, 2012 at 12:09 AM, Tomasz Kojm <tk...@clamav.net> wrote: > On Thu, 5 Apr 2012 23:29:53 +0800 boyd yang <boyd.y...@gmail.com> wrote: > > Yes, I have been developing on Mac for years. > > Cool! > > > I built the clamav and examined the ClamAuth on 10.7.3. It works. > > I think we can add a system tray icon on up-right cormer of Desktop, and > > pop up window for on-access virus. > > An installer is also needed. > > > >> Thu Apr 5 23:21:49 2012 -> ClamAuth: /Applications/clam_ISmsi_ext > > copy.exe: ClamAV-Test-File FOUND > >> Thu Apr 5 23:21:49 2012 -> ClamAuth: /Applications/clam_ISmsi_ext > > copy.exe: ClamAV-Test-File FOUND > > In clamd.conf you can enable the VirusEvent directive and point it to > some shell script. Whenever clamd finds a virus, it'll call that script > and set up two environment variables: > > $CLAM_VIRUSEVENT_FILENAME -> path to infected file > $CLAM_VIRUSEVENT_VIRUSNAME -> virus name > > I think a script that integrates with Growl would be a good start! > > Thanks, > > -- > oo ..... Tomasz Kojm <tk...@clamav.net> > (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg > \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B > //\ /\ Thu Apr 5 18:06:10 CEST 2012 > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
