[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH v3 0/7] Feature: Yara file scanning

On Sun, Feb 19, 2017 at 07:09:51PM +0200, Matteo Cafasso wrote:
> Rebase patches on top of 1.35.25.
> No changes since last series.

Can you explain the motivation behind adding the APis to libguestfs ?

Since the libguestfs VM is separate from the real VM, it can't
be relying on any live process state to scan for malicious code,
so must be exclusively considering the file contents.

Could yara not simply use the existing libguestfs APIs to do its
work. At the simplest case this might be having the FS fuse mounted
at a location. Alternatively having it directly use the C API to
access content it needs would be safer against malicious symlinks.

Perhaps there's performance benefits todoing it by adding new APIs ?
If so do you have any info on the scale of the benefit ?

|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]