Theodore Tso <tytso@xxxxxxx> wrote on 18/08/2008 15:25:11:
On Mon, Aug 18, 2008 at 02:15:24PM +0100, tvrtko.ursulin@xxxxxxxxxxwrote:itselfThen there is still a question of who allows some binary to declaresecurityexempt. If that decision was a mistake, or it gets compromisedschemewill be off. A very powerful mechanism which must not be easily
accessible. With a good cache your worries go away even without a
like this.
I have one word for you --- bittorrent. If you are downloading a very
large torrent (say approximately a gigabyte), and it contains many
pdf's that are say a few megabytes a piece, and things are coming in
tribbles, having either a indexing scanner or an AV scanner wake up
and rescan the file from scratch each time a tiny piece of the pdf
comes in is going to eat your machine alive....
Huh? I was never advocating re-scan after each modification and I even
explicitly said it does not make sense for AV not only for performance but
because it will be useless most of the time. I thought sending out
modified notification on close makes sense because it is a natural point,
unless someone is trying to subvert which is out of scope. Other have
suggested time delay and lumping up.
Also, just to double-check, you don't think AV scanning would read the
whole file on every write?