On Thu, 29 Nov 2007 11:27:45 -0500 Jon Masters <[EMAIL PROTECTED]> wrote:
> On Thu, 2007-11-29 at 11:12 +1100, James Morris wrote: > > On Wed, 28 Nov 2007, [EMAIL PROTECTED] wrote: > > > > > So as there is no question the current code does some ugly things it is > > > even more true that we would be even more happy to use an official API. > > > > How about becoming involved in creating that official API ? > > Sophos are interested in doing so, and we have spoken about this several > times recently over the phone. This is why they sent the email in > question yesterday, to kickstart debate. And that's awesome. I am trying > to bring a few of these folks together at the moment, so that we can get > a solution that is acceptable to upstream at some point in the future. > > So, rather than criticise their current code, or their intentions, or > blanketly dismiss the virus protection market, perhaps we can focus > instead on the fact that there is a known third party who wishes to > perform a task that is not well supportable at this moment. We can all > agree the syscall table hacking isn't such a good idea - but these guys > are *very* open to listening to useful alternative suggestions. > > They (virus protection folks) generally think they want to intercept > various system calls, such as open() and block until they have performed > a scan operation on the file. I explained the mmap issue to several of > these companies recently, in quite some detail, and I know they are > interested in listening this time around :-) At the end of the day, what > I have been lead to believe is that they don't care whether they > intercept syscall entries, or use a better method, they just want to > scan files and take some action if a file is "bad". That's it really. > > I have been trying to put together an exact feature set that is needed > from these different vendors, so we can discuss it further here, and > hopefully actually get somewhere, too. There have been a few delays > after I pointed out the mmap issues at some length. > Perhaps this kind of scanning belongs in the application. Couldn't an apache or samba have a plugin to do it? -- Stephen Hemminger <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
