Re: [Xen-users] Anti-virus for use in para-virtualized Xen

To:	"Petersson, Mats" <Mats.Petersson@xxxxxxx>
Subject:	Re: [Xen-users] Anti-virus for use in para-virtualized Xen
From:	Nico Kadel-Garcia <nkadel@xxxxxxxxx>
Date:	Wed, 04 Apr 2007 17:48:40 +0100
Cc:	xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Wed, 04 Apr 2007 09:46:41 -0700
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=Nzuvt3RDs4xJ74crsiHn48M/FwNXgKzFdAr8ej7fCJLGWTphW+tbxCRikJ/251n4A6Xnk2/KgDRTrDwBaF2H29b0rwqcWT4Kb8ZNWfyFL776Y6OyoFaCzTGh7JKRdCVS1ifiAtQCO9sDyEwP6RZVw3JkExFan1Lscn8MbnV+SbU=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=lxujFr/WlvXhfRclCpuPNGC3x6a2z/wo6Ov2RtA/o/HMgjmfFTOQuZQ+SmHTEKvlUpvDFfAy7W6rnNbhD01mkTk48dkT073tXUse5y3vXL9PVKvUjGDE4IHQVR/nFBFRF4/VE5AOM+bkwXgj2cC0iKEdlQQtm3qUBTFwLZ9gT6A=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<907625E08839C4409CE5768403633E0B018E1B8A@xxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<907625E08839C4409CE5768403633E0B018E1B8A@xxxxxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 1.5.0.10 (Windows/20070221)

Petersson, Mats wrote:

-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf OfNico Kadel-Garcia
Sent: 04 April 2007 16:42
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Anti-virus for use in para-virtualized Xen
I've been looking at anti-virus software for Xen use on Linuxsystems,on both Dom0 and DomU, in industrial environments. Reviewingdocumentation on various packages seems to show that all thecommercialones insist on sticking kernel modules into a limited set of standardknown kernels. This of course creates some serious risks until theanti-virus packages are developed in and tested in Xen environments,especially for para-virtualized environments.
I presume the reason they have a standard set of kernels is that they
"meddle" with the kernel and don't supply source-code, which means that
a Xenified kernel doesn't match the expected kernel layout, and thus
can't use the module? [And it's understandable from some aspects that
the AV guys don't really want the V-guys to see the source-code...]
Has anyone out there been using any such commercial packages? Or am Istuck with tools like ClamAV to avoid complicating my life withunfortunate kernel interactions?
Possibly stuck...

Well, yes, that's all logical presumption, matching my logicalpresumptions. But you see, the world is not logical. A cautious designerwould recognize that this is a risk and leave modules available foroperating in userland without futzing with the kernel. A paranoiddesigner would insist that control of the kernel is mandatory to protectthe anti-virus software itself: I'm looking for real experience with thestuff to make informed opinions, not try to spin plausible scenaries.(Note: it's not you I'm cranky at, it's vendors who can't spell "userland".)


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

Re: [Xen-users] Anti-virus for use in para-virtualized Xen