On Nov 29 2007 11:27, Jon Masters wrote: > >They (virus protection folks) generally think they want to intercept >various system calls, such as open() and block until they have performed >a scan operation on the file. I explained the mmap issue [...]
If open and close was everything, then that would be wonderful. You could only wonder how many false positives scanners could bring up if they checked every write() for signatures - not to mention performance bogdown. >they just want to scan files and take some action if a file is >"bad". That's it really. > struct security->dentry_open sounds like the candidate, together with relayfs with submits filenames to userspace. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/