Re: [Xen-users] Anti-virus for use in para-virtualized Xen

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] Anti-virus for use in para-virtualized Xen
From:	"Mark Greenbank" <mark.greenbank@xxxxxxxxx>
Date:	Wed, 4 Apr 2007 12:41:40 -0400
Delivery-date:	Wed, 04 Apr 2007 09:40:40 -0700
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=SuUA4Lh0sfo3dDCI2eH118gdAni5715YkKkA2F2qSwcvhmY60a1d1pzc2bJQrrda4J5imOtFLeQtR4f+V8AEYabrf8GOMN0YD4XPuDsUTuGXfPsXUaRehfJUM1FMc/lZCkTmAsiW0pvtZcpAlhYKvlcHXPPkWJOeBUnG5/Ozxps=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=UcEi3B7zp3N1ZuKG/5hIwbMZV3X33I6e604WrIl/dGsHYJ1Vdif2KT08aanTZxCcgYrtFZvIo3IiqZ91d81wAk9KnLHBNzMqsJOgXUEzA/DsN0MgO/vDr8wgD9O3zoqT1nzSlsgqbh/TYEDFeXfCaohkR0KEpR3T3V/TWGn9jvg=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<907625E08839C4409CE5768403633E0B018E1B8A@xxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<4613C74D.4080402@xxxxxxxxx> <907625E08839C4409CE5768403633E0B018E1B8A@xxxxxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

On 4/4/07, Petersson, Mats <Mats.Petersson@xxxxxxx> wrote:

> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto: xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
> Nico Kadel-Garcia
> Sent: 04 April 2007 16:42
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-users] Anti-virus for use in para-virtualized Xen
>
>
> I've been looking at anti-virus software for Xen use on Linux
> systems,
> on both Dom0 and DomU, in industrial environments. Reviewing
> documentation on various packages seems to show that all the
> commercial
> ones insist on sticking kernel modules into a limited set of standard
> known kernels. This of course creates some serious risks until the
> anti-virus packages are developed in and tested in Xen environments,
> especially for para-virtualized environments.

I presume the reason they have a standard set of kernels is that they
"meddle" with the kernel and don't supply source-code, which means that
a Xenified kernel doesn't match the expected kernel layout, and thus
can't use the module? [And it's understandable from some aspects that
the AV guys don't really want the V-guys to see the source-code...]

This is a serious limitation with the way the kernel is architected -- a defined kernel interface (e.g., DDI/DKI for both function calls and structures) and loadable modules/drivers are not encouraged, which means that there is a proliferation of customized kernels out there. This really limits the utility of the Linux kernel in a production envronment. I myself am stuck at Core 5 for my (production) laptop since I'm worried that upgrading to the latest+greatest disto will break my VMWare installation and various other components that depend on interfacing with the kernel. I'd love to move to Core 6 but I don't have enough pain to live with having to hack the VMWare modules. With Core 7 around the corner, I suspect that my motivation to hack will increase :)

Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

Re: [Xen-users] Anti-virus for use in para-virtualized Xen