Home » Mailing list archives » linux-kernel » 2008 » August » 22

Re: [malware-list] scanner interface proposal was: [TALPA] Intro linux interface for for access scanning

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Pavel Machek <pavel@...>
To: <david@...>
Cc: Eric Paris <eparis@...>, Jan Harkes <jaharkes@...>, Alan Cox <alan@...>, <tvrtko.ursulin@...>, Theodore Tso <tytso@...>, <davecb@...>, Adrian Bunk <bunk@...>, linux-kernel <linux-kernel@...>, <malware-list@...>, Casey Schaufler <casey@...>, Arjan van de Ven <arjan@...>
Subject: Re: [malware-list] scanner interface proposal was: [TALPA] Intro linux interface for for access scanning
Date: Friday, August 22, 2008 - 11:09 am

Hi!

...

That's contrary to the threat model ('it is just a scanner').

(Plus you can't do it. mmap. Of course you can pass viruses between
two cooperating applications... and you can do it through filesystem,
too. And you probably can make un-cooperating network server serve
viruses, as long as the network server uses mmap.)

This is the thing that makes antivirus ugly, its unique to the
antivirus, plus it can't be done. I.e. bad goal.


							Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Theodore Tso, (Mon Aug 18, 10:25 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 12:28 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 11:31 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Pavel Machek, (Mon Aug 18, 6:40 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Mon Aug 18, 7:07 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Peter Dolding, (Mon Aug 18, 9:15 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Tue Aug 19, 4:09 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Peter Dolding, (Tue Aug 19, 7:08 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 1:07 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Tue Aug 19, 4:40 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Mon Aug 18, 12:15 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 1:29 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Mon Aug 18, 1:39 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 2:09 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Mon Aug 18, 2:34 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Alan Cox, (Mon Aug 18, 12:15 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Mon Aug 18, 1:28 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Alan Cox, (Mon Aug 18, 1:25 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Mon Aug 18, 1:54 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Jan Harkes, (Mon Aug 18, 2:35 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Mon Aug 18, 2:46 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Jan Harkes, (Mon Aug 18, 3:32 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 3:04 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Tue Aug 19, 10:44 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Pavel Machek, (Fri Aug 22, 11:09 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Sat Aug 23, 3:28 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Wed Aug 20, 11:15 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Thu Aug 21, 10:35 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Thu Aug 21, 5:19 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Wed Aug 20, 1:50 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Wed Aug 20, 1:33 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Wed Aug 20, 3:26 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Wed Aug 20, 8:42 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Eric Paris, (Mon Aug 18, 2:30 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Alan Cox, (Mon Aug 18, 2:51 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 1:38 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 12:54 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Alan Cox, (Mon Aug 18, 12:40 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Alan Cox, (Mon Aug 18, 11:31 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., David Collier-Brown, (Mon Aug 18, 9:42 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 2:13 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., Alan Cox, (Mon Aug 18, 1:53 pm)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 11:58 am)
Re: [malware-list] scanner interface proposal was: [TALPA] I..., , (Mon Aug 18, 1:13 pm)