headers
Tomasz Kojm | 4 Apr 2012 17:50
Favicon

Re: Can I join the Mac dev of clamAV

On Wed, 4 Apr 2012 22:58:01 +0800 boyd yang <boyd.yang <at> gmail.com> wrote:
> Hi Guys,
> 
> Cay I join the Mac Dev of clamav?
> How can I know something about Mac dev of clamav?

Hi,

are you a mac developer? Have you ever played with ClamAV on OS X?

Regards,

--

-- 
   oo    .....         Tomasz Kojm <tkojm <at> clamav.net>
  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
     \..........._         0DCA5A08407D5288279DB43454822DC8985A444B
       //\   /\              Wed Apr  4 17:48:26 CEST 2012
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Permalink | Reply |
headers
boyd yang | 5 Apr 2012 17:29
Picon

Re: Can I join the Mac dev of clamAV

Yes, I have been developing on Mac for years.

I built the clamav and examined the ClamAuth on 10.7.3. It works.
I think we can add a system tray icon on up-right cormer of Desktop, and
pop up window for on-access virus.
An installer is also needed.

>Thu Apr  5 23:21:49 2012 -> ClamAuth: /Applications/clam_ISmsi_ext
copy.exe: ClamAV-Test-File FOUND
>Thu Apr  5 23:21:49 2012 -> ClamAuth: /Applications/clam_ISmsi_ext
copy.exe: ClamAV-Test-File FOUND

On Wed, Apr 4, 2012 at 11:50 PM, Tomasz Kojm <tkojm <at> clamav.net> wrote:

> On Wed, 4 Apr 2012 22:58:01 +0800 boyd yang <boyd.yang <at> gmail.com> wrote:
> > Hi Guys,
> >
> > Cay I join the Mac Dev of clamav?
> > How can I know something about Mac dev of clamav?
>
> Hi,
>
> are you a mac developer? Have you ever played with ClamAV on OS X?
>
> Regards,
>
> --
>   oo    .....         Tomasz Kojm <tkojm <at> clamav.net>
>  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
>     \..........._         0DCA5A08407D5288279DB43454822DC8985A444B
(Continue reading)

Permalink | Reply |
headers
Tomasz Kojm | 5 Apr 2012 18:09
Favicon

Re: Can I join the Mac dev of clamAV

On Thu, 5 Apr 2012 23:29:53 +0800 boyd yang <boyd.yang <at> gmail.com> wrote:
> Yes, I have been developing on Mac for years.

Cool!

> I built the clamav and examined the ClamAuth on 10.7.3. It works.
> I think we can add a system tray icon on up-right cormer of Desktop, and
> pop up window for on-access virus.
> An installer is also needed.
> 
>> Thu Apr  5 23:21:49 2012 -> ClamAuth: /Applications/clam_ISmsi_ext
> copy.exe: ClamAV-Test-File FOUND
>> Thu Apr  5 23:21:49 2012 -> ClamAuth: /Applications/clam_ISmsi_ext
> copy.exe: ClamAV-Test-File FOUND

In clamd.conf you can enable the VirusEvent directive and point it to
some shell script. Whenever clamd finds a virus, it'll call that script
and set up two environment variables:

$CLAM_VIRUSEVENT_FILENAME -> path to infected file
$CLAM_VIRUSEVENT_VIRUSNAME -> virus name

I think a script that integrates with Growl would be a good start!

Thanks,

--

-- 
   oo    .....         Tomasz Kojm <tkojm <at> clamav.net>
  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
     \..........._         0DCA5A08407D5288279DB43454822DC8985A444B
(Continue reading)

Permalink | Reply |
headers
boyd yang | 7 Apr 2012 18:04
Picon

Re: Can I join the Mac dev of clamAV

I studied the ClamAuth driver code.
It's one-way notification now.

Yes, Growl can be used for the one-way notification.

There maybe the case that the virus file runs for few seconds before the
clamd quarantines or deletes it.

The Mac's kernel authentication has another advantage which is not used in
the driver, the open/execute action of virus file can be refused in the
driver before its running, like DazukoFS or fanotify.

So a two-way communication is needed, driver get response from user about
whether to accept or refuse the file operation.

Fanotify is one part of Linux kernel (>2.6?), which filter file access and
refuse or accept it. I once raise a bug of it:
http://lkml.indiana.edu/hypermail/linux/kernel/1110.1/00292.html.
I think we can use fanotify on Linux too, then it becomes driverless.

On Fri, Apr 6, 2012 at 12:09 AM, Tomasz Kojm <tkojm <at> clamav.net> wrote:

> On Thu, 5 Apr 2012 23:29:53 +0800 boyd yang <boyd.yang <at> gmail.com> wrote:
> > Yes, I have been developing on Mac for years.
>
> Cool!
>
> > I built the clamav and examined the ClamAuth on 10.7.3. It works.
> > I think we can add a system tray icon on up-right cormer of Desktop, and
> > pop up window for on-access virus.
(Continue reading)

Permalink | Reply |
headers
Tomasz Kojm | 10 Apr 2012 19:29
Favicon

Re: Can I join the Mac dev of clamAV

On Sun, 8 Apr 2012 00:04:55 +0800 boyd yang <boyd.yang <at> gmail.com> wrote:
> I studied the ClamAuth driver code.
> It's one-way notification now.
> 
> Yes, Growl can be used for the one-way notification.
> 
> There maybe the case that the virus file runs for few seconds before the
> clamd quarantines or deletes it.
> 
> The Mac's kernel authentication has another advantage which is not used in
> the driver, the open/execute action of virus file can be refused in the
> driver before its running, like DazukoFS or fanotify.
> 
> So a two-way communication is needed, driver get response from user about
> whether to accept or refuse the file operation.

Yes, that's planned for next versions.

Please let me know if you're interested in contributing to this driver.

> Fanotify is one part of Linux kernel (>2.6?), which filter file access and
> refuse or accept it. I once raise a bug of it:
> http://lkml.indiana.edu/hypermail/linux/kernel/1110.1/00292.html.
> I think we can use fanotify on Linux too, then it becomes driverless.

We'll support fanotify in ClamAV 0.98.

--

-- 
   oo    .....         Tomasz Kojm <tkojm <at> clamav.net>
  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
(Continue reading)

Permalink | Reply |
headers
Dale Walsh | 7 Apr 2012 11:03

Re: Can I join the Mac dev of clamAV


On Apr 04, 2012, at 11:50 AM, Tomasz Kojm wrote:

> On Wed, 4 Apr 2012 22:58:01 +0800 boyd yang <boyd.yang <at> gmail.com>  
> wrote:
>> Hi Guys,
>>
>> Cay I join the Mac Dev of clamav?
>> How can I know something about Mac dev of clamav?
>
> Hi,
>
> are you a mac developer? Have you ever played with ClamAV on OS X?
>
> Regards,

Some people claim to be a Mac developer and after examination of some  
of the builds they provide, it is clear they are nothing more than  
people with the ability to compile software on Mac OS X who posses a  
little programming knowledge and very limited programming skill.

While I think it is great that someone wishes to help in the Mac  
development department and I hope they bring their A-game because  
nothing annoys me more than having to rebuild something for someone  
else because the binaries they downloaded weren't built properly and  
this in turn reflect a poor reputation of the ClamAV developers for  
allowing such software to be released/distributed based on the  
implication that it endorses the binary distribution.

My early 10.4.x work can be seen at:
(Continue reading)

Permalink | Reply |

Gmane