[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080814223918.GC6370@elf.ucw.cz>
Date: Fri, 15 Aug 2008 00:39:18 +0200
From: Pavel Machek <pavel@...e.cz>
To: "Press, Jonathan" <Jonathan.Press@...com>
Cc: tvrtko.ursulin@...hos.com, Arjan van de Ven <arjan@...radead.org>,
Adrian Bunk <bunk@...nel.org>, davecb@....com,
Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
malware-list@...ts.printk.net,
Mihai Don??u <mdontu@...defender.com>
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon
access scanning
Hi!
> > Okay, so goal of libmalware.so is to "not allow data in the black list
> > to pass through Linux server". Threat model is windows machines trying
> > to copy infected files through the server.
>
> That's only part of the threat model.
Yes, that's the part libmalware.so proposal solves. Given scary number
of 0 Linux viruses in wild, it seems to solve the problem pretty well.
> > it actually _works_, 100% of time, for apps using it.
>
> Again that's a big condition.
Yep, so... why don't you propose something better? I'm pretty sure
100% reliable scanning is impossible without modifying applications,
but hey, you can prove me wrong.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists