Re: request for comment: generic kernel interface for malware vendors

From: James Morris
Date: Mon Jul 21 2008 - 07:18:51 EST


On Mon, 21 Jul 2008, Eric Paris wrote:

[ITYM anti-malware vendors...]

> First I'd like to thank Sophos who stepped up and originally wrote a lot
> of this code. They might not recognize it since I've gotten my hands on
> it, but they were nice enough to get the ball rolling by giving me some
> GPL code which addressed near every request people on the malware list
> had.

We need a document explaining what the problem being solved actually is.

What is the rationale for adding malware scanning to the Linux kernel?
How does it benefit people? Why does it need to be in the kernel? What
are the general requirements, and how does this interface meet those ?
Does this interface represent an approach suitable to a range of
anti-malware vendors ?

(I'm assuming the fundamental question of whether malware scanning is a
good idea or not is not up for discussion, because there'll never be
consensus).



- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/