after going through several links like kauth (http://developer.apple.com/technotes/tn2005/tn2127.html),
KauthORama source, mac osx internals by amit singh, http://developer.apple.com/documentation/Darwin/Conceptual/KernelProgramming
and many mailing list discussions I find myself really confused.
My simple question is, with currently supported kpis is
virus-scan application really feasible?
It requires hooking of system calls, use kauth vnode scope, so
far so good. But opening file for virus scan (low level open), denying access,
such functions deal with file system structures.
Links like http://developer.apple.com/documentation/Darwin/Reference/KPI_Reference/vnode/index.html
are not much developer friendly as most of the functions have “Discussion” as “Description
forthcoming”, link was last updated on 2006-06-20.
If such an application is really feasible, could anybody please provide
some hints for where to look for?
- vishal shetye