Hello Matt, with Kernel 2.6.36 the fanotify API was introduced that allows to make ClamAV an online virus scanner. Since Kernel 3.8.0 the major errors of the implementation have been resolved. So it is usable now.
As a prove of concept I created a project at https://github.com/xypron/skyldav which I am using on my Linux computers and which already helped me to identify viruses while opening downloaded files. A usable application should provide the following: - A KDE or a Gnome system tray application which notifies a user if a virus has been discovered and which allows to schedule complete system scans. - A deamon scanning files before read and at close after write. This daemon should discover mount events and automatically add new mounts to the list of watched mounts, e.g. when a network drive is connected or a medium loaded. I am aware of some coding for the fanotify API in the source trunk but it seems to provide neither of: - a system tray application - the capability to watch complete mounts - the capability to add new mounts to the watchlist Best regards Heinrich Schuchardt _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net