note the key word in the phrase "filter DRIVER". Linux modules can intercep
any I/O directed toward them. and the filesystem layer can intercept any
filesystem call. And there are filesystem modules.
M$ seems to treat everything as a disk file (even "pipes" are implemented
as temporary files).
Have you tried catching the display IO ???
HSM has existed on UNIX based machines for a long time.
> How would I do this on Linux? How would virus detection and HSM
> coexist? (HSM would have to be 'above' the virus detector, since it
> makes no sense to try and scan a file that's been migrated until it
> gets recalled back to disk.)
I would expect the same way the NFS module interceps file system calls.
There is NO reason a custom filesystem cannot be layered over other
filesystems. It might not be done today (though the references to "userfs"
keep showing up in such discussions).
I do question the validity of virus detection though. Once examined, fix the
vulnerability. No more virus.
Virus detection can never be completely done. And it imposes a constantly
increasing overhead since you must be able to identify all pre-existing
viruses. This list of "pre-existing" will be constantly growing.
Fix the vulnerability. Then there won't be a virus.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/