Re: libmalware.so: Dazuko Linux/BSD On-Access scanning and control

All of lore.kernel.org
 help / color / mirror / Atom feed

From: 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com>
To: linux-kernel@vger.kernel.org
Subject: Re: libmalware.so: Dazuko Linux/BSD On-Access scanning and control
Date: Wed, 13 Aug 2008 16:00:39 -0400	[thread overview]
Message-ID: <48A33D67.5090603@gmail.com> (raw)
In-Reply-To: <87bpzw1zbo.fsf@basil.nowhere.org>

Andi Kleen wrote:
> 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com> writes:
> 
>> (FYI. Dazuko may have trailblazed some of the issues now under
>> discussion re: libmalware.so. It has worked well for me.
> 
> Against what exactly did it protect you? Please give a concrete example.
> 
> -Andi
> 

1. This came in a few minutes ago:

Aug 13 14:56:31 tux antivir[6381]: AntiVir ALERT: [EML/FakeLink.F] 
/jail/tbird/root/.thunderbird/0r2957kg.default/Mail/L
ocal Folders/Junk.XXX <<< Contains detection pattern of EML/FakeLink.F 
in EML form

2. I have not retained the logs of "suspicious scripts" in my browser, 
but have come across perhaps 4 blocked scripts within the last month. 
Admittedly at dodgy sites.

XSS attacks are platform independent, and are a significant concern.

Please note that when I say it has worked well for me, I am not saying 
that it has saved my bacon! :-)

1. I am referring to the mechanics of having the Kernel/userland app 
stop processing when it finds a malware signature or heuristic detection.

2. Am also referring to the totally manageable (IMHO) overhead.

I've mentioned my experience with Dazuko/antivir only because it may be 
useful to the ongoing discussion about the nature of libmalware.so.

3. I am frankly waiting for a bug to get into my upstream distribution 
chain - through a hijacking or some wonderful DNS prank - at which point 
I ..hope.. a signature or heuristic will block my root-enabled make install.

4. Again, my hope for libmalware.so/dazuko is a realtime 
integrity-management link.

     prev parent reply	other threads:[~2008-08-13 20:00 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-13 18:49 libmalware.so: Dazuko Linux/BSD On-Access scanning and control 7v5w7go9ub0o
2008-08-13 19:37 ` Andi Kleen
2008-08-13 20:00   ` 7v5w7go9ub0o [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48A33D67.5090603@gmail.com \
    --to=7v5w7go9ub0o@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.