From: Theodore Tso <tytso@mit.edu>
To: tvrtko.ursulin@sophos.com
Cc: david@lang.hm, davecb@sun.com, Adrian Bunk <bunk@kernel.org>,
Peter Dolding <oiaohm@gmail.com>,
rmeijer@xs4all.nl, Mihai Don??u <mdontu@bitdefender.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
malware-list@lists.printk.net,
linux-security-module@vger.kernel.org,
malware-list-bounces@dmesg.printk.net,
Casey Schaufler <casey@schaufler-ca.com>,
Pavel Machek <pavel@suse.cz>,
capibara@xs4all.nl, Alan Cox <alan@lxorguk.ukuu.org.uk>,
Arjan van de Ven <arjan@infradead.org>
Subject: Re: [malware-list] scanner interface proposal was: [TALPA] Intro to a linux interface for on access scanning
Date: Mon, 18 Aug 2008 10:25:11 -0400 [thread overview]
Message-ID: <20080818142511.GC8184@mit.edu> (raw)
In-Reply-To: <20080818131628.1C2A22FE82F@pmx1.sophos.com>
On Mon, Aug 18, 2008 at 02:15:24PM +0100, tvrtko.ursulin@sophos.com wrote:
> Then there is still a question of who allows some binary to declare itself
> exempt. If that decision was a mistake, or it gets compromised security
> will be off. A very powerful mechanism which must not be easily
> accessible. With a good cache your worries go away even without a scheme
> like this.
I have one word for you --- bittorrent. If you are downloading a very
large torrent (say approximately a gigabyte), and it contains many
pdf's that are say a few megabytes a piece, and things are coming in
tribbles, having either a indexing scanner or an AV scanner wake up
and rescan the file from scratch each time a tiny piece of the pdf
comes in is going to eat your machine alive....
- Ted
next parent reply other threads:[~2008-08-18 14:25 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <alpine.DEB.1.10.0808180444390.12859@asgard.lang.hm>
[not found] ` <20080818131628.1C2A22FE82F@pmx1.sophos.com>
2008-08-18 14:25 ` Theodore Tso [this message]
2008-08-18 15:31 ` [malware-list] scanner interface proposal was: [TALPA] Intro to a linux interface for on access scanning tvrtko.ursulin
2008-08-18 15:31 ` Alan Cox
2008-08-18 13:42 ` David Collier-Brown
2008-08-18 17:53 ` Alan Cox
2008-08-18 18:13 ` david
2008-08-18 15:58 ` tvrtko.ursulin
2008-08-18 17:13 ` david
2008-08-18 16:15 ` Eric Paris
2008-08-18 16:15 ` Alan Cox
2008-08-18 16:54 ` douglas.leeder
2008-08-18 16:40 ` Alan Cox
2008-08-18 17:28 ` Eric Paris
2008-08-18 17:25 ` Alan Cox
2008-08-18 17:54 ` Eric Paris
2008-08-18 18:30 ` Eric Paris
2008-08-18 18:51 ` Alan Cox
2008-08-18 18:35 ` Jan Harkes
2008-08-18 18:46 ` Eric Paris
2008-08-18 19:04 ` david
2008-08-20 2:44 ` [malware-list] scanner interface proposal was: [TALPA] Intro linux interface for for " david
2008-08-20 15:15 ` Eric Paris
2008-08-20 17:33 ` david
2008-08-20 19:26 ` Eric Paris
2008-08-21 0:42 ` david
2008-08-20 17:50 ` david
2008-08-21 14:35 ` [malware-list] scanner interface proposal was: [TALPA] Intro linux interface " douglas.leeder
2008-08-21 21:19 ` david
2008-08-22 15:09 ` [malware-list] scanner interface proposal was: [TALPA] Intro linux interface for " Pavel Machek
2008-08-23 7:28 ` david
2008-08-18 19:32 ` [malware-list] scanner interface proposal was: [TALPA] Intro to a linux interface for on " Jan Harkes
2008-08-18 17:38 ` david
2008-08-18 17:29 ` david
2008-08-18 17:39 ` Eric Paris
2008-08-18 18:09 ` david
2008-08-18 18:34 ` Eric Paris
2008-08-18 17:07 ` david
2008-08-19 8:40 ` tvrtko.ursulin
2008-08-18 22:40 ` Pavel Machek
2008-08-18 23:07 ` Eric Paris
2008-08-19 1:15 ` Peter Dolding
2008-08-19 8:09 ` douglas.leeder
2008-08-19 11:08 ` Peter Dolding
[not found] ` <20080819114040.2FD1B336880@pmx1.sophos.com>
2008-08-20 3:03 ` Peter Dolding
2008-08-18 16:28 ` douglas.leeder
[not found] <alpine.DEB.1.10.0808180951470.15109@asgard.lang.hm>
2008-08-19 8:31 ` tvrtko.ursulin
2008-08-19 16:07 ` david
2008-08-19 12:34 ` David Collier-Brown
[not found] <20080818101625.85CA12FE876@pmx1.sophos.com>
2008-08-18 10:35 ` douglas.leeder
2008-08-18 12:13 ` david
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080818142511.GC8184@mit.edu \
--to=tytso@mit.edu \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=bunk@kernel.org \
--cc=capibara@xs4all.nl \
--cc=casey@schaufler-ca.com \
--cc=davecb@sun.com \
--cc=david@lang.hm \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=malware-list-bounces@dmesg.printk.net \
--cc=malware-list@lists.printk.net \
--cc=mdontu@bitdefender.com \
--cc=oiaohm@gmail.com \
--cc=pavel@suse.cz \
--cc=rmeijer@xs4all.nl \
--cc=tvrtko.ursulin@sophos.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.