Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning
From: david
Date: Fri Aug 15 2008 - 01:34:03 EST
On Thu, 14 Aug 2008, david@xxxxxxx wrote:
again, libmalware.so is not referring to any specific body of code, it's
referring to the concept that the handling of open/mmap/read/etc and scanning
is done via a userspace library rather then by the kernel. if everyone can
agree on that concept then hashing out the details of _which_ library it gets
put in is a smaller detail.
one reason to layer scanners is that you could have one that just checks
to see if the file was deployed from a OS package, if it was (and still
has the same hash as the package manager thinks it should have) it sets a
flag that other scanners could look for (if they see it they can skip
scanning the file)
David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/