Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756290AbYHFKQc (ORCPT ); Wed, 6 Aug 2008 06:16:32 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753288AbYHFKKe (ORCPT ); Wed, 6 Aug 2008 06:10:34 -0400 Received: from pmx1.sophos.com ([213.31.172.16]:51382 "EHLO pmx1.sophos.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758055AbYHFKK3 (ORCPT ); Wed, 6 Aug 2008 06:10:29 -0400 In-Reply-To: <20080805225524.GB4006@fieldses.org> To: "J. Bruce Fields" Cc: Eric Paris , linux-kernel@vger.kernel.org, malware-list@lists.printk.net Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.2 September 26, 2006 From: tvrtko.ursulin@sophos.com Date: Wed, 6 Aug 2008 11:09:34 +0100 X-MIMETrack: S/MIME Sign by Notes Client on Tvrtko Ursulin/Dev/UK/Sophos(Release 7.0.2|September 26, 2006) at 06/08/2008 11:10:23, Serialize by Notes Client on Tvrtko Ursulin/Dev/UK/Sophos(Release 7.0.2|September 26, 2006) at 06/08/2008 11:10:23, Serialize complete at 06/08/2008 11:10:23, S/MIME Sign failed at 06/08/2008 11:10:23: The cryptographic key was not found, Serialize by Router on Mercury/Servers/Sophos(Release 7.0.3|September 26, 2007) at 06/08/2008 11:09:36, Serialize complete at 06/08/2008 11:09:36 Content-Type: text/plain; charset="US-ASCII" Message-Id: <20080806101028.B87BA2FE88B@pmx1.sophos.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1992 Lines: 49 J. Bruce Fields wrote on 05/08/2008 23:55:24: > On Mon, Aug 04, 2008 at 05:00:16PM -0400, Eric Paris wrote: > > Please contact me privately or (preferably the list) for questions, > > comments, discussions, flames, names, or anything. I'll do complete > > rewrites of the patches if someone tells me how they don't meet their > > needs or how they can be done better. I'm here to try to bridge the > > needs (and wants) of the anti-malware vendors with the technical > > realities of the kernel. So everyone feel free to throw in your two > > cents and I'll try to reconcile it all. These 5 patches are part 1. > > They give us a working able solution. > > > > >From my point of view patches forthcoming and mentioned below should > > help with performance for those who actually have userspace scanners but > > also could presents be implemented using this framework. > > > > > > Background > > ++++++++++ > > There is a consensus in the security industry that protecting against > > malicious files (viruses, root kits, spyware, ad-ware, ...) by the way > > of so-called on-access scanning is usable and reasonable approach. > > Can you point to any helpful explanations of that concensus? I can't, but everyone is doing it so that is at least an implied consensus. > Off-hand it's surprising. (A defense that depends on cataloging every > possible individual attack sounds difficult!) Maybe it is not how you imagine it? It is not a database of every possible individual attack but there are more intelligent methods. But I am not an expert in this field to explain it better.. Tvrtko Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom. Company Reg No 2096520. VAT Reg No GB 348 3873 20. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/