oiaohm wrote: > James McKenzie wine really should never be used to run anti-viruses. I agree with this statement. However, we have to remember that folks THINK that only Windows has viruses. Until the the turn point is reached that all OSs have viruses, then we have to think about supporting them in Wine. > Anti-virus is a host OS problem. You can sit wine on top of clamfs. fanotify that should hopefully merge this year will enable Linux side anti-virus better under it. > > Again, I agree wholeheartedly with you. I have ClamAV for my Macs. Why? Because: 1. There are viruses for the Mac and other UNIXes. 2. Windows viruses will 'pass through' my system and infect unprotected Windows systems. I've even educated my father about virus protection. And that is some feat. > I forget to say it also depends on the RDBMS you are running as well. http://wiki.postgresql.org/wiki/SEPostgreSQLv8.4 This beast exists that is Selinux friendly. > > http://wiki.postgresql.org/wiki/SEPostgreSQL Really there is a full SELinux compatible stack under development. > > Yes, but I'm also looking for the turnpoint where Wine will use Oracle Clients (yes, they do exist for Linux/MacOSX/Solaris, I work with them) and for MS SQL. Yes, I know about SEPostGRESQL. However, the latter is not in major use as are the first two. I would love to see a good spread of RDBMS activity within the SELinux project and we may soon see this. > Part of the issue with databases is there will to run secuirty different to the rest of the OS. There is even SELinux reaching up into the X11 server. > > > Again, SELinux affects all parts of Linux. It is designed to do so. However, we also have to include the use of Windows API conversion calls as well. If a virus affects the kernel, we need to know how to stop or mitigate its effects. SELinux will prevent some but not all activity and some viruses have been designed to look like they are doing legitimate activity. That is always the hard part. User education is always the key in virus prevention. Telling users not to click on that 'install' button is paramount, but then you will always have the rouge user or the ID10t that will click anyways. Then you have to clean up the mess and hope that you got it all. But we should really get back to Wine and what it can and cannot do. Right now, it cannot run a native AV program, and I agree that it should not be able to for file scanning. James McKenzie
