> * Those who want an unobtainable, perfect solution.
>
> I'm not criticising, each has their position. However, I was attempting
> to explain that I do fully "get it" by running through an example of how
> to work around more elementary on-access scanning schemes. I know that
> (no matter what marketing exists to the contrary), it is never possible
> to have perfect anti-malware software. But I do think there is a time
> and a place for Linux to help make some folks feel safer - on access
> file scanning isn't evil, and you don't have to use it! Freedom! :-)
>
> Having spoken to a few people, I've created the following mailing list,
> so we can rant away and come up with a list of requirements to present
> for further discussion. Note that this is a case where I actually expect
> people to be *happy* with yet another email list :-)
>
>
http://lists.printk.net/cgi-bin/mailman/listinfo/malware-list
>
> Please sign up, and encourage interested third parties to do so too.
> Let's work this all out. Then I'll come back sometime over the holidays
> with a summary and some followup.
>
>> If I had to design a virus scanner interface, I'd e.g. create a library*
>> providing an {open|mmap}_and_scan() function that would give me a clean
>> copy/really-private mapping of a scanned file, and a scan_{blob,file}()
>> function that would scan a block of memory/a file.
>
> Although I'm open to the idea, I'm almost 100% convinced that nobody is
> going to buy modifying userspace applications one at a time. I think
> there is a legitimate feeling of this needing to be massaged by the
> kernel on some level. But I might be wrong - don't flame me.
>
> Jon.
