Re: [malware-list] scanner interface proposal was: [TALPA] Introto a linux interface for on access scanning

From: Theodore Tso
Date: Mon Aug 18 2008 - 10:25:43 EST

Next message: Alex Chiang: "Re: [PATCH 1/1] PCI: acpi_pcihp, run _OSC on a root bridge"
Previous message: Jaswinder Singh: "BUG: checkpatch"
Next in thread: tvrtko . ursulin: "Re: [malware-list] scanner interface proposal was: [TALPA] Intro to a linuxinterface for on access scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 18, 2008 at 02:15:24PM +0100, tvrtko.ursulin@xxxxxxxxxx wrote:
> Then there is still a question of who allows some binary to declare itself
> exempt. If that decision was a mistake, or it gets compromised security
> will be off. A very powerful mechanism which must not be easily
> accessible. With a good cache your worries go away even without a scheme
> like this.

I have one word for you --- bittorrent. If you are downloading a very
large torrent (say approximately a gigabyte), and it contains many
pdf's that are say a few megabytes a piece, and things are coming in
tribbles, having either a indexing scanner or an AV scanner wake up
and rescan the file from scratch each time a tiny piece of the pdf
comes in is going to eat your machine alive....

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alex Chiang: "Re: [PATCH 1/1] PCI: acpi_pcihp, run _OSC on a root bridge"
Previous message: Jaswinder Singh: "BUG: checkpatch"
Next in thread: tvrtko . ursulin: "Re: [malware-list] scanner interface proposal was: [TALPA] Intro to a linuxinterface for on access scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]