Author Topic: dazuko possible?  (Read 5218 times)

unsolicited

  • Veteran
  • ***
  • Posts: 50
    • View Profile
dazuko possible?
« on: April 07, 2009, 10:12:20 pm »
Ref: http://forum.linuxmce.org/index.php?topic=640.0

The last time I looked at c/klamav for on the fly virus scanning, it needs dazuko, which needed compatibility. (That last still true?)

And compatibility meant recompiling the kernel.

If I go through all that ... am I simply going to end up with an un-updateable (linuxmce wise), and probably broken, appliance?
c. 2009 - ALL rights reserved. No duplication, in whole or in part, permitted.

Silent18

  • Guest
Re: dazuko possible?
« Reply #1 on: September 21, 2009, 09:02:06 am »
That's an affinity meant recompiling the kernel.



_________________
SPAM removed
« Last Edit: September 21, 2009, 08:23:45 pm by Zaerc »

wierdbeard65

  • Guru
  • ****
  • Posts: 449
    • View Profile
    • My Quest
Re: dazuko possible?
« Reply #2 on: September 21, 2009, 03:06:44 pm »
That's an affinity meant recompiling the kernel.
Not entirely sure what you mean by this.

I can say that I've installed ClamAV using apt-get without any recompile, if that helps...
Paul
If you have the time to help, please see where I have got to at: http://wiki.linuxmce.org/index.php/User:Wierdbeard65

pigdog

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1105
    • View Profile
Re: dazuko possible?
« Reply #3 on: September 21, 2009, 05:05:17 pm »
Hi,

I think (not 100% sure - been a while and getting old) I installed Clam back in Dapper with no problems via add software GUI.

Been through all the upgrades to 9.04 without having to compile.

unsolicited

  • Veteran
  • ***
  • Posts: 50
    • View Profile
Re: dazuko possible?
« Reply #4 on: September 21, 2009, 05:14:15 pm »
I think (not 100% sure - been a while and getting old) I installed Clam back in Dapper with no problems via add software GUI.

Been through all the upgrades to 9.04 without having to compile.

I can say that I've installed ClamAV using apt-get without any recompile, if that helps...

Please note, and be sure ... I am talking about on the fly scanning.

Definitely, for as long as I can remember, I've been able to install klamav (clamav) via the repository. I have never been able to enable the on the fly live scanning aspect of it, however, with only that, and no further or additional effort.

So, please, confirm you have added on the fly, real time, scanning.
c. 2009 - ALL rights reserved. No duplication, in whole or in part, permitted.

pigdog

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1105
    • View Profile
Re: dazuko possible?
« Reply #5 on: September 21, 2009, 05:42:39 pm »
Hi,

Well, I've only seen 1 virus come into my wife's machine via email.

It was on either 8.10 or 9.04.

Klam reported it immediately.

At one time I thought Clam/Klam was forensic only until this happened.

Am I missing something re: what "on the fly" is suppose to be.

unsolicited

  • Veteran
  • ***
  • Posts: 50
    • View Profile
Re: dazuko possible?
« Reply #6 on: September 21, 2009, 07:39:44 pm »
Hi,

Well, I've only seen 1 virus come into my wife's machine via email.

It was on either 8.10 or 9.04.

Klam reported it immediately.

At one time I thought Clam/Klam was forensic only until this happened.

Am I missing something re: what "on the fly" is suppose to be.

Yes.

I'm paraphrasing ... there are only a few ways for 'bad things' to hit your computer. Certain well defined ways, such as web browsing, or e-mail, have settings wherein clamav gets a peek at it before it actually lands on your FILE SYSTEM. There are many ways in which a bad thing can hit your file system - you could write a file with some app that does so, or you may put, or have put, a bad thing on your file system, a file system you use on another's machine, or they on yours.

Normally, unless you tell clamav to check your system, you'll never know when this last happens. So, clamav has a facility to schedule scans. (Problem is, when something is detected, well, it's already there. The damage has been done.)

On the fly interacts with the file system so that clamav gets a peek at it before anything lands from anywhere.

But clamav does not, and can not, do so by itself. Dazuko (compatibility?) is a kernel module that exposes an interface wherein things are allowed to have a peek before a file, from wherever, by whomever, actually gets to the disk. Clamav can take advantage of such a facility, but not until that facility is made available to it.

Here's a way to test ... turn off clamav web protection long enough to get the standard test virus (who's name and location escapes me at the moment), onto your system. [You can turn the web protection back on.] Now copy that file, anywhere, even to a different name in the same directory. It should not be able to land - if it can't, you have on the fly protection going. [In fact, you shouldn't be able to get the file in the first place - you only turned off web protection, not on the fly detection.]

If it lands, you are essentially unprotected. Until you run your next scan. And by then the damage has been done. (Suppose it only damages a little bit of a file ... how will you know what to fix?)

Now ... suppose it takes several days to complete a system scan ...
- how many bad things could have landed in the meantime?
c. 2009 - ALL rights reserved. No duplication, in whole or in part, permitted.

pigdog

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1105
    • View Profile
Re: dazuko possible?
« Reply #7 on: September 21, 2009, 10:29:44 pm »
Hi,

I saw this for avira.

http://ubuntuforums.org/showthread.php?t=6085&page=2

Everything else looked like you still needed to compile.

http://dazuko.org/indexold.shtml.