Re: [malware-list] scanner interface proposal was: [TALPA] Intro toa linux interface for on access scanning (fwd)

[david]

On Mon, 18 Aug 2008, tvrtko.ursulin@xxxxxxxxxx wrote:

> David Lang wrote on 18/08/2008 02:25:44:
>
> > what is not covered by this design that is covered by the threat model
> being
> > proposed?
> >
> > what did I over complicate in this design? or is it the minimum feature
> set
> > needed?
> >
> > are any of the features I list impossible to implement?
>
> One more thing - this proposal does not work where there are no extended
> attributes (whether at all or they are disabled at mount time). I think
> that is a serious flaw or at least disadvantage compared to the posted
> implementation.

good point. I should have listed that.

I don't see it as a serious flaw, people who care about this feature can 
just pick an appropriate filesystem to use.

but if extended attributes are not found a strict implementation could 
fall back to scanning on every file access (the extended attributes are 
being used to cache the results of the scans)

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/