dazuko and External AV

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

dazuko and External AV

Saurabh Suman-2
Hi
I am trying to configure my anti-virus with dazuko-2.3.4 for real time scanning. The problem is, I am using external anti-virus engine.
I have to get access to file from dazuko using GetAccess then I send the filename to my av engine's Socket to scan.
As dazuko has already locked the access to file and scanner tries to scan before returning access, my av scanner hangs as it can not open file to scan.
Can anyone suggest me the better way to approach the solution?
Note: I've to use external engine only.
---
Thanks & Regards
Saurabh
--------------------------------------------------------------------------------
Subscribe to MicroWorld's free security newsletter @ http://www.mwti.net/support/newsletter_subscribe.asp





_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

RE: dazuko and External AV

Tikka, Sami
> -----Original Message-----
> From: dazuko-devel-bounces+sami.tikka=[hidden email]
> [mailto:dazuko-devel-bounces+sami.tikka=[hidden email]
g] On Behalf Of Saurabh Suman

> I am trying to configure my anti-virus with dazuko-2.3.4 for
> real time scanning. The problem is, I am using external
> anti-virus engine.
> I have to get access to file from dazuko using GetAccess then
> I send the filename to my av engine's Socket to scan.
> As dazuko has already locked the access to file and scanner
> tries to scan before returning access, my av scanner hangs as
> it can not open file to scan.
> Can anyone suggest me the better way to approach the solution?

Dazuko does not lock the file in any way.

You problem probably is that your dazuko application is single-threaded and
the sequence of events is like this:

Application A opens file F -> dazuko intercepts and sends message to Dazuko
application -> Dazuko application sends scan request to external anti-virus
application -> external anti-virus application opens the file F -> dazuko
intercepts and tries to send message to Dazuko application, but it is busy
waiting for reply from external anti-virus application -> dazuko puts
external anti-virus application to sleep waiting for Dazuko application to
call dazukoGetAccess (but that never happens because it waiting for the
external anti-virus application)

=> the system is deadlocked. ("Been there, done that, got the lowsy t-shirt"
:)

There are two ways around this:

1) You can make dazuko application have more than 1 thread or processes. When
dazuko application sees a file is being opened by the external anti-virus
application, it should immediately allow the access. You should have many
threads/processes just in case there are many simultaneous file accesses in
your system. If ever there is a situation when there are no idle dazuko
application threads/processes when the external anti-virus application opens
a file, a deadlock will happen.

2) Better way is to have your external anti-virus application register to
dazuko as a trusted application. This way dazuko will never intercept file
accesses from the external anti-virus application. See "README.trusted" in
dazuko sources.

Basically, this can all be summarized: You should make sure your dazuko
application is always reponsive.

-- Sami


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel