On Wed, 28 Nov 2007 19:52:46 GMT, Alan Cox said: > > It might be better to identify the services (gateway, samba, file > > server whatever) that are actually dealing with possible infected > > "external" files and then define some generic interface that would > > allow you to check those as the data appears. > > I am wondering if the right interface is actually more related to the > existing audit interfaces ?
The problem there is that the audit interface just *records* - it doesn't have the ability to say "No, I don't *think* so.." that the LSM interface has.
pgpXm36zMhFT9.pgp
Description: PGP signature
