Re: libmalware.so: Dazuko Linux/BSD On-Access scanning and control
From: 7v5w7go9ub0o
Date: Wed Aug 13 2008 - 16:00:59 EST
Andi Kleen wrote:
7v5w7go9ub0o <7v5w7go9ub0o@xxxxxxxxx> writes:
(FYI. Dazuko may have trailblazed some of the issues now under
discussion re: libmalware.so. It has worked well for me.
Against what exactly did it protect you? Please give a concrete example.
-Andi
1. This came in a few minutes ago:
Aug 13 14:56:31 tux antivir[6381]: AntiVir ALERT: [EML/FakeLink.F]
/jail/tbird/root/.thunderbird/0r2957kg.default/Mail/L
ocal Folders/Junk.XXX <<< Contains detection pattern of EML/FakeLink.F
in EML form
2. I have not retained the logs of "suspicious scripts" in my browser,
but have come across perhaps 4 blocked scripts within the last month.
Admittedly at dodgy sites.
XSS attacks are platform independent, and are a significant concern.
Please note that when I say it has worked well for me, I am not saying
that it has saved my bacon! :-)
1. I am referring to the mechanics of having the Kernel/userland app
stop processing when it finds a malware signature or heuristic detection.
2. Am also referring to the totally manageable (IMHO) overhead.
I've mentioned my experience with Dazuko/antivir only because it may be
useful to the ongoing discussion about the nature of libmalware.so.
3. I am frankly waiting for a bug to get into my upstream distribution
chain - through a hijacking or some wonderful DNS prank - at which point
I ..hope.. a signature or heuristic will block my root-enabled make install.
4. Again, my hope for libmalware.so/dazuko is a realtime
integrity-management link.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/