[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Anti-virus for use in para-virtualized Xen

  • To: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
  • From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
  • Date: Wed, 04 Apr 2007 17:48:40 +0100
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 04 Apr 2007 09:46:41 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=lxujFr/WlvXhfRclCpuPNGC3x6a2z/wo6Ov2RtA/o/HMgjmfFTOQuZQ+SmHTEKvlUpvDFfAy7W6rnNbhD01mkTk48dkT073tXUse5y3vXL9PVKvUjGDE4IHQVR/nFBFRF4/VE5AOM+bkwXgj2cC0iKEdlQQtm3qUBTFwLZ9gT6A=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Petersson, Mats wrote:
-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Nico Kadel-Garcia
Sent: 04 April 2007 16:42
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Anti-virus for use in para-virtualized Xen

I've been looking at anti-virus software for Xen use on Linux systems, on both Dom0 and DomU, in industrial environments. Reviewing documentation on various packages seems to show that all the commercial ones insist on sticking kernel modules into a limited set of standard known kernels. This of course creates some serious risks until the anti-virus packages are developed in and tested in Xen environments, especially for para-virtualized environments.

I presume the reason they have a standard set of kernels is that they
"meddle" with the kernel and don't supply source-code, which means that
a Xenified kernel doesn't match the expected kernel layout, and thus
can't use the module? [And it's understandable from some aspects that
the AV guys don't really want the V-guys to see the source-code...]
Has anyone out there been using any such commercial packages? Or am I stuck with tools like ClamAV to avoid complicating my life with unfortunate kernel interactions?

Possibly stuck...
Well, yes, that's all logical presumption, matching my logical presumptions. But you see, the world is not logical. A cautious designer would recognize that this is a risk and leave modules available for operating in userland without futzing with the kernel. A paranoid designer would insist that control of the kernel is mandatory to protect the anti-virus software itself: I'm looking for real experience with the stuff to make informed opinions, not try to spin plausible scenaries. (Note: it's not you I'm cranky at, it's vendors who can't spell "userland".)

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.