[Libguestfs] [PATCH v3 0/7] Feature: Yara file scanning
Daniel P. Berrange
berrange at redhat.com
Mon Feb 20 10:26:32 UTC 2017
On Sun, Feb 19, 2017 at 07:09:51PM +0200, Matteo Cafasso wrote:
> Rebase patches on top of 1.35.25.
>
> No changes since last series.
Can you explain the motivation behind adding the APis to libguestfs ?
Since the libguestfs VM is separate from the real VM, it can't
be relying on any live process state to scan for malicious code,
so must be exclusively considering the file contents.
Could yara not simply use the existing libguestfs APIs to do its
work. At the simplest case this might be having the FS fuse mounted
at a location. Alternatively having it directly use the C API to
access content it needs would be safer against malicious symlinks.
Perhaps there's performance benefits todoing it by adding new APIs ?
If so do you have any info on the scale of the benefit ?
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
More information about the Libguestfs
mailing list