Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759011AbYHOOTi (ORCPT ); Fri, 15 Aug 2008 10:19:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754517AbYHOOT3 (ORCPT ); Fri, 15 Aug 2008 10:19:29 -0400 Received: from pmx1.sophos.com ([213.31.172.16]:48546 "EHLO pmx1.sophos.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753689AbYHOOT2 (ORCPT ); Fri, 15 Aug 2008 10:19:28 -0400 In-Reply-To: <20080815135537.GN13048@mit.edu> To: Theodore Tso Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, malware-list@lists.printk.net Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.2 September 26, 2006 From: douglas.leeder@sophos.com Date: Fri, 15 Aug 2008 15:19:23 +0100 X-MIMETrack: S/MIME Sign by Notes Client on Douglas Leeder/Dev/UK/Sophos(Release 7.0.2|September 26, 2006) at 2008-08-15 15:19:21, Serialize by Notes Client on Douglas Leeder/Dev/UK/Sophos(Release 7.0.2|September 26, 2006) at 2008-08-15 15:19:21, Serialize complete at 2008-08-15 15:19:21, S/MIME Sign failed at 2008-08-15 15:19:21: The cryptographic key was not found, Serialize by Router on Mercury/Servers/Sophos(Release 7.0.3|September 26, 2007) at 15/08/2008 15:19:25, Serialize complete at 15/08/2008 15:19:25 Content-Type: text/plain; charset="US-ASCII" Message-Id: <20080815141930.58BB43765DB@pmx1.sophos.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1243 Lines: 38 Theodore Tso wrote on 2008-08-15 14:55:37: > On Fri, Aug 15, 2008 at 02:22:27PM +0100, douglas.leeder@sophos.com wrote: > > > > This is a problem for current anti-malware scanning, as virus data updates > > come every few hours > > Every few hours?!? I hadn't noticed Windows AV programs getting > updates that frequently, at least not the ones that I've been familiar > with. (Semantec, Norton, McAfee) >From one of our Linux machines that configured to update normally: Fri 15 Aug 2008 15:02:23 BST Fri 15 Aug 2008 12:52:19 BST Fri 15 Aug 2008 08:32:24 BST Fri 15 Aug 2008 04:12:27 BST Fri 15 Aug 2008 02:02:23 BST That was the sort of time period I remember being told - but the AV products probably don't make a song and dance about a small virus data updates so you probably wouldn't notice them. -- Douglas Leeder Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom. Company Reg No 2096520. VAT Reg No GB 348 3873 20. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/