Search My Blog

Thursday, October 7, 2010

ClamAV and it's GUI user interface KlamAV needs Dazuko to Run Auto Scans.

ClamAV and it's GUI user interface KlamAV needs Dazuko to Run Auto Scans. So, what is Dazuko and why can't I find it in my Fedora and other Linux Distro's Repositories?

This Dazuko project provides a virtual device driver allowing (userland) applications to execute online file access control. It was originally developed by Avira GmbH (formerly known as H+BEDV Datentechnik GmbH) to allow on-access virus scanning. Other uses include a file-access monitor/logger or external security tools.

Dazuko operates by intercepting file access calls and passing the file information to a userland application. The application then has the opportunity to tell the virtual device driver to allow or deny the file access. The application also receives information about the file access event, such as accessed file name, type of access, process id, and user id.

A Stackable Filesystem to Allow Online File Access Control

A mechanism is needed, which allows userspace applications to perform online file access control. DazukoFS aims to be that mechanism.

Read more...
http://dazuko.dnsalias.org/wiki/index.php/Main_Page

Dazuko-based Applications

From Dazuko

Jump to: navigation, search
Clam AntiVirus
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.
wmmon
The Window Maker dock app wmmon was modified to provide a front-end for a DazukoFS test application. The test application also demonstrates DazukoFS's ability to interact safely with non-privileged processes. (screenshot)
Below is a list of applications that are known to use the legacy Dazuko 2.x virtual device driver.
avast! antivirus
avast! antivirus software is based on the ALWIL Software virus scanning technology since 1988. The product is currently available as a public beta of their popular antivirus program, avast! 4, ported to the GNU/Linux operating system. The beta version is free to download.
AVG Linux Edition
AVG for Linux File Server is a product based on the AVG for Linux scanning kernel. The AVG for Linux kernel provides comprehensive and reliable protection against viruses for Linux powered machines.
Avira AntiVir UNIX Workstation/Server
These are commercial products that provide on-access virus protection for your GNU/Linux or FreeBSD system. The Workstation version is available at no charge for personal use.
Clam AntiVirus
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.
F-Secure Client/Server Security
F-Secure Linux Client / Server Security is an integrated, out-of-the-box ready security solution with strong real-time antivirus protection, host intrusion prevention (HIPS) functionality protecting against unauthorized connection attempts from network, unauthorized system modifications, user space and kernel rootkits, now including protection against spyware and riskware too.
NOD32 for Linux File Server
NOD32 is the ideal choice for real-time resident or on-demand protection of your Linux File System Servers.
Panda Security for Linux
Panda Security for Linux offers straightforward, uniform protection for network workstations thanks to a powerful and intuitive interface giving you integrated protection which is easily implemented for all employees using the Linux operating system.
Quick Heal for Linux
Quick Heal AntiVirus for Linux protects the system from computer viruses, prevent their spreading and disinfect the infected files. It contains GUI and Command line scanner.
Go there...
http://dazuko.dnsalias.org/wiki/index.php/Dazuko-based_Applications


FAQ

From Dazuko

Jump to: navigation, search

The information on this page refers to DazukoFS 3.x versions. The FAQ for Dazuko 2.x can be found on the page FAQ (Dazuko 2.x).


Contents

[hide]


General

What is DazukoFS?

DazukoFS is a stackable filesystem that provides a mechanism to allow applications to control file access on a system. By installing the driver and mounting DazukoFS on top of directory trees, your system will be able to support file access control applications that are based on DazukoFS.

How do I use DazukoFS?

In order to use DazukoFS you must first build and insert the kernel module. After mounting DazukoFS on top of directory trees you wish to have monitored, you can run applications that take advantage of the file access control features of DazukoFS.

A list of applications known to work with DazukoFS can be found on the applications page.

If you are interested in building your own applications, check out the DazukoFS interface specification. You may also want to look at the test program provided with DazukoFS for a working reference.

What operating systems are supported by DazukoFS?

The current release of DazukoFS supports many Linux 2.6 kernels.

What license is DazukoFS under?

The DazukoFS driver is available under the GPL. The DazukoFS userspace library is avilable under the LGPL.

Does DazukoFS detect file accesses over Samba, Netatalk, and NFS?

Yes. As long as DazukoFS is mounted before the services are started, file access control can be performed by Dazuko-based applications.

I don't know anything about compiling kernels. Can I just download a pre-compiled binary of Dazuko?

One of the greatest advantages of free operating systems is also for many a problem. That is, they can be customized to support exactly the hardware and features you desire thereby maximizing your system performance (and satisfaction). However, since DazukoFS must load into the kernel itself, DazukoFS must be compiled with exactly the same code that your kernel was compiled with. With so many different kernel configuration possibilities, it is impossible to precompile a binary for each one.

Therefore, the only way you can get a compiled DazukoFS is by compiling it yourself. In the future, operating system distributors may offer DazukoFS as a pre-compiled binary, which has already been built for their pre-compiled kernel. This would make DazukoFS much easier for people to use.

What does Avira GmbH (formerly known as H+BEDV Datentechnik GmbH) have to do with Dazuko?

Avira GmbH is an anti-virus company based in Tettnang, Germany. In order to allow on-access file scanning for the GNU/Linux operating system, they developed Dazuko (called the "AvGuard kernel module" at the time). However, it was felt that releasing the module source code as free software would not only broaden the available user base, but also provide an opportunity to create a common interface for 3rd party file access control. Avira GmbH has copyright for the 1.x and 2.x versions of Dazuko.

DazukoFS 3.x was a complete rewrite from scratch done independently from Avira GmbH. However, since DazukoFS was written by the same Dazuko maintainer and with active support from the Dazuko community, it only seemed appropriate to keep the same name.

Where did the name "Dazuko" come from?

Since Dazuko originated from a german company, it was felt that the name should somehow reflect something german. Dazuko's main function is to provide an interface for "file access control", or in german, "Dateizugriffskontrolle". Alles klar?

How is "Dazuko" pronounced?

'dah-tsu-ko'

Troubleshooting - general

Troubleshooting - "make"

What does "make: command not found" mean?

The program "make" cannot be found on your system. This is usually because it is not installed on your system. Make sure you install the "make" package.

What does "gcc: command not found" mean?

The program "gcc" cannot be found on your system. This is usually because it is not installed on your system. Make sure you install the "gcc" package. If you use a compiler other than "gcc" then you can specify your compiler by setting the CC environment variable.

Troubleshooting - inserting the module

When I run the GNU/Linux command "insmod" I get an error. What is wrong?

Please look in /var/log/messages to see what the real problem is. Usually kernel messages are logged to this file.

Troubleshooting - running the test program

When I run the test program, it says "dazukofs_open() failed: No such file or directory". What is wrong?

Has the DazukoFS kernel module been loaded? You can verify this by checking if it is listed as one of the supported filesystems:

$ cat /proc/filesystems | grep dazukofs 

When I run the test program, it says "dazukofs_open() failed: Permission denied". What is wrong?

Make sure you are running the test program as root.

Troubleshooting - running Dazuko-based programs

Go there...
http://dazuko.dnsalias.org/wiki/index.php/FAQ#What_is_DazukoFS.3F

Installation HOWTO

From Dazuko

Jump to: navigation, search

This page briefly outlines 5 steps to compiling and installing DazukoFS. If you do not have experience compiling kernel modules or working with stackable filesystems, it is recommended that you first read through the DazukoFS documentation before installing DazukoFS.


The information on this page refers to DazukoFS 3.x versions. Information about installing Dazuko 2.x can be found on the page Installation HOWTO (Dazuko 2.x).


Step 1: Get your kernel source code

DazukoFS is available as a kernel module. Once a kernel module is loaded it becomes one with your kernel, calling and sharing the same set of functions as the kernel. This is why the kernel source code is required in order to build DazukoFS.

Many distributions provide packages with the kernel source code. If you do not plan on building a new kernel, make sure you install the proper kernel source packages for your distribution.

Step 2: Compile DazukoFS

DazukoFS was written to work with a particular kernel version. Refer to the README included in the package to see which version it was written for. In order to support other kernel versions, various patches have been included in the package. If DazukoFS was not written for your running kernel, a patch may be available to modify DazukoFS code for your kernel.

As an example, to patch the DazukoFS code to support the openSUSE 11.1 kernel, you would give the command:

$ patch -p1 < patches/patch-opensuse-11.1 

Once the DazukoFS code has been patched (if it was necessary to do so), you can compile DazukoFS with:

$ make 

You may need to manually edit the Makefile to specify where your kernel sources are located if they are not in the default location.

Please read over the FAQ if you encounter problems.

Step 3: Insert DazukoFS

Once you have successfully compiled DazukoFS, the final step is to insert the module into the kernel. To do this, you must have root priveledges. This can be done with the command:

# /sbin/insmod dazukofs.ko 

If you don't get any messages, this is a good sign. To verify that the module has been loaded correctly, type:

$ cat /proc/filesystems | grep dazukofs 

If you see "dazukofs" then the DazukoFS driver has been successfully loaded.

Step 4: Test DazukoFS

File access contol is only possible on directory trees where DazukoFS has been mounted. To test DazukoFS, you can create a test directory and mount DazukoFS on top of it. You will need to be root in order to perform the mount:

# mkdir /tmp/testmnt # mount -t dazukofs /tmp/testmnt /tmp/testmnt 

Once a DazukoFS mount exists, an application is able to handle file access control on that mount. To test DazukoFS, you can try out the test program (showfiles) included in the test subdirectory. You can build the test program with:

$ cd test $ make 

By default DazukoFS will only operate with processes that are running as root. Therefore you need to be root when you run the test program.

# ./showfiles 

Once the test program is running, open up another terminal or shell. Create some file within the /tmp/testmnt directory. As files are accessed, the test program should output various information. The test program always permits the accesses, however another application could be written that denies file accesses in certain conditions.

The test program can be ended by hitting Ctrl-C. The DazukoFS filesystem can be unmounted with:

# umount /tmp/testmnt 

Step 5: Install DazukoFS

After you have verified that DazukoFS works correctly on your system, you will probably want to install it on the system (so that it is easily available). From the original DazukoFS source code directory (not the test directory) you can run (as root):

# make dazukofs_install 

This performs the necessary actions to install the DazukoFS device driver to your system.


Go there...
http://dazuko.dnsalias.org/wiki/index.php/Installation_HOWTO

Don

No comments: