Mar Matthias Darin wrote:
I have done some research on this already... If you store the file in a disk buffer (say max 100K at a shot using tmpfs for speed), then scan the buffer, it does indeed work.
How short can this buffer go? Does this file needs to be seekable?
Where your problem is going to occur, as with havp, is in notifing the user that their file was trashed unless the P2P software incorporates the antivirus scanning inline with the downloading. In such a manner, the P2P can notify the user that the transfer was abort and why.
One way would be to overwrite the matched signatures with zero, that would defang the file. Another way would be to use this in conjunction with desktop virus scanner where the gateway antivirus would provide "defence in depth", There is no fit all approach here.
raj _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
