Re: virus scan application

Subject: Re: virus scan application

From: Michael Smith <email@hidden>

Date: Sat, 4 Aug 2007 11:57:39 -0700

Delivered-to: email@hidden

On Aug 3, 2007, at 10:07 AM, Vishal Shetye wrote:

after going through several links like kauth (http://developer.apple.com/technotes/tn2005/tn2127.html),
KauthORama source, mac osx internals by amit singh, http://developer.apple.com/documentation/Darwin/Conceptual/KernelProgramming and many mailing list discussions I find myself really confused.
My simple question is, with currently supported kpis is virus-scan application really feasible?

The Kauth interface was designed with input from a number of anti-virus software developers.

It requires hooking of system calls,

It does not. There is no supported mechanism for 'hooking' system calls, and such activity is explicitly forbidden.

use kauth vnode scope, so far so good. But opening file for virus scan (low level open), denying access, such functions deal with file system structures.

That's not correct. For starters, there is no "low level open", and no form of open or access denial requires any access to private filesystem datastructures.

If such an application is really feasible, could anybody please provide some hints for where to look for?

You are already looking right at the necessary mechanisms.

= Mike

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/email@hidden This email sent to email@hidden

Follow-Ups:

RE: virus scan application
- From: "Vishal Shetye" <email@hidden>

References:

>virus scan application (From: "Vishal Shetye" <email@hidden>)