On Sun, 8 Apr 2012 00:04:55 +0800 boyd yang <boyd.y...@gmail.com> wrote: > I studied the ClamAuth driver code. > It's one-way notification now. > > Yes, Growl can be used for the one-way notification. > > There maybe the case that the virus file runs for few seconds before the > clamd quarantines or deletes it. > > The Mac's kernel authentication has another advantage which is not used in > the driver, the open/execute action of virus file can be refused in the > driver before its running, like DazukoFS or fanotify. > > So a two-way communication is needed, driver get response from user about > whether to accept or refuse the file operation.
Yes, that's planned for next versions. Please let me know if you're interested in contributing to this driver. > Fanotify is one part of Linux kernel (>2.6?), which filter file access and > refuse or accept it. I once raise a bug of it: > http://lkml.indiana.edu/hypermail/linux/kernel/1110.1/00292.html. > I think we can use fanotify on Linux too, then it becomes driverless. We'll support fanotify in ClamAV 0.98. -- oo ..... Tomasz Kojm <tk...@clamav.net> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Apr 10 19:26:06 CEST 2012 _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net