Propriatory Anti-virus worse then Viruses.
Posted Oct 24, 2006 3:11 UTC (Tue) by drag
Parent article: Critical Linux security API is still a kludge (Inquirer)
Ok... Doesn't your system already have a API for responding to file system events?
So setup a daemon to monitor inotify events on user-writable directories and run clamav (or favorite alternative) on files that got written to. That should be all you'd ever need.
That's it. What else would you need?
Set it up as a service for KDE or Gnome. I am sure that the Beagle guys would be able to integrate it so that files get scanned when they get indexed. Something like that to make it efficient as possible, but the basic concept is very simple.
Oh and that isn't good enough and root gets infected then your screwed anyways.
Also somebody needs to point out to the author of that article that propriatory antivirus software has openned up more holes by running this complex crap as root then any thing remotely virus-like.
to post comments)