Re: Norton Antivirus
Re: Norton Antivirus
- Subject: Re: Norton Antivirus
- From: Michael Smith <email@hidden>
- Date: Thu, 18 May 2006 22:18:56 -0700
On May 18, 2006, at 6:49 PM, Jeremy Pereira wrote:
Does anybody know by any chance how NAV hooks into the OS? Does it
use the recommended method as described here:
http://developer.apple.com/technotes/tn2005/tn2127.html#SECANTIVIRUS
The mechanism described in that technote was developed partly in
response to the needs and concerns of anti-virus software developers.
The reason I am asking is that I'm trying to understand what effect
it might have on my VFS kext.
Without knowing what your VFS kext does, specifically, it's hard to
offer you much extra help. Typically you can expect an AV product to
watch file operations that either affect the contents of files, or
depend on their contents (open, execute, etc.). These intercepts
will occur between the lookup operation and the corresponding access
operation, and may result in secondary operations against the file.
e.g. for an execute operation, you might expect to see a file looked
up, then opened, read, closed, then executed. If you aren't keeping
state dependent on VNOP call ordering, you should never know that
something is snooping.
= Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden