On Mon, Sep 3, 2012 at 3:33 AM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
The thing is, that anti-virus is always after-the-fact. The damage has
been done,
Huh? No. Most modern anti-virus apps (even for Linux) include "on-access" scanning so that the file is identified as infected (by signature, heuristics, whatever) BEFORE being loaded.
So the file is "quarrantined" (renamed or moved to a special folder, usually) and cannot harm the system, as it´s never executed.
The drawback used to be that on-access scanning required use of the ´dazuko´ kernel module... which back in the 2.4 kernel days** meant lots of hair pulling and which nowadays was last updated on early 2011 but looks orphaned since 3/2011 and looking for a new maintainer as per notice on its wiki*
No idea if newer Linux AVs are using other tricks for on-access file scanning....
FC
* http://dazuko.dnsalias.org/wiki/index.php/Main_Page
** http://pages.citebite.com/y4w7g6v8looq
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
