Return-Path: <linux-kernel-owner+w=401wt.eu-S1759011AbYHOOTi@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1759011AbYHOOTi (ORCPT <rfc822;w@1wt.eu>);
	Fri, 15 Aug 2008 10:19:38 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754517AbYHOOT3
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Fri, 15 Aug 2008 10:19:29 -0400
Received: from pmx1.sophos.com ([213.31.172.16]:48546 "EHLO pmx1.sophos.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753689AbYHOOT2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 15 Aug 2008 10:19:28 -0400
In-Reply-To: <20080815135537.GN13048@mit.edu>
To: Theodore Tso <tytso@mit.edu>
Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org,
       malware-list@lists.printk.net
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to	alinuxinterfaceforonaccess
 scanning
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 7.0.2 September 26, 2006
From: douglas.leeder@sophos.com
Date: Fri, 15 Aug 2008 15:19:23 +0100
X-MIMETrack: S/MIME Sign by Notes Client on Douglas Leeder/Dev/UK/Sophos(Release 7.0.2|September
 26, 2006) at 2008-08-15 15:19:21,
	Serialize by Notes Client on Douglas Leeder/Dev/UK/Sophos(Release 7.0.2|September
 26, 2006) at 2008-08-15 15:19:21,
	Serialize complete at 2008-08-15 15:19:21,
	S/MIME Sign failed at 2008-08-15 15:19:21: The cryptographic key was not
 found,
	Serialize by Router on Mercury/Servers/Sophos(Release 7.0.3|September 26, 2007) at
 15/08/2008 15:19:25,
	Serialize complete at 15/08/2008 15:19:25
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20080815141930.58BB43765DB@pmx1.sophos.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1243
Lines: 38

Theodore Tso <tytso@mit.edu> wrote on 2008-08-15 14:55:37:

> On Fri, Aug 15, 2008 at 02:22:27PM +0100, douglas.leeder@sophos.com 
wrote:
> > 
> > This is a problem for current anti-malware scanning, as virus data 
updates 
> > come every few hours
> 
> Every few hours?!?  I hadn't noticed Windows AV programs getting
> updates that frequently, at least not the ones that I've been familiar
> with.  (Semantec, Norton, McAfee)

>From one of our Linux machines that configured to update normally:
Fri 15 Aug 2008 15:02:23 BST
Fri 15 Aug 2008 12:52:19 BST
Fri 15 Aug 2008 08:32:24 BST
Fri 15 Aug 2008 04:12:27 BST
Fri 15 Aug 2008 02:02:23 BST

That was the sort of time period I remember being told - 
        but the AV products probably don't make a song and 
dance about a small virus data updates so you probably wouldn't notice 
them.

-- 
Douglas Leeder

Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/