Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: virus scan application

On Aug 3, 2007, at 10:07 AM, Vishal Shetye wrote:
after going through several links like kauth (http://developer.apple.com/technotes/tn2005/tn2127.html ),
KauthORama source, mac osx internals by amit singh, http://developer.apple.com/documentation/Darwin/Conceptual/KernelProgramming and many mailing list discussions I find myself really confused.

My simple question is, with currently supported kpis is virus-scan application really feasible?
It requires hooking of system calls, use kauth vnode scope, so far so good. But opening file for virus scan (low level open), denying access, such functions deal with file system structures. 

No, they don't.

They deal with you:

(1) Exempting your virus scan daemon from such checks when it makes requests, by having it register its process with your KEXT

(2) Your KEXT hooking the kauth hooks you are interested in, sending a message to user space, doing your work there (including calling back into the kernel and getting a "free pass""on scanining before the scanner is allowed to open the file)

(3) You sending the result back to the KEXT as to whether the action should be allowed or denied

(4) Your KEXT allowing/denying the kauth operation that started this chain of events.

-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-kernel/email@hidden

This email sent to email@hidden
References: 
 >virus scan application (From: "Vishal Shetye" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.