How do I get the unix filename for a wine handle?
Kuba Ober
kuba at mareimbrium.org
Mon Jun 26 07:41:31 CDT 2006
> > just for sake of completeness: how about enhancing ClamAV so that it
> > takes a fd (instead of a filename) as its input ?
>
> It looks like as if fd are already supported somehow. Need to have a closer
> look at that ...
>
> But I found an even better alternative: ClamAV supports a STREAM command
> which allows a client to send a string to the scanner. This allows to scan
> a string even before it is written to disk.
I think that this will totally kill performance. Many programs can create
temporary files that later get deleted. There's no point in monitoring writes
to those.
The only way to tell is to wait until the handle gets closed by wine. Then I
imagine you'd use fstat on a copy of the handle and see if there are any hard
links (i.e. directory entries) pointing to that inode, and if there are (i.e.
if the file is still acessible), only then you'd scan it. You'd also need to
keep track of any handle copies that wine holds, if there are any -- I don't
know offhand if wine itself duplicates "user" file handles, nor whether
there's a windows API to do so.
Similarly, programs such as databases may reorganize huge swaths of file(s),
writing a lot of stuff that has no relevance to a virus scanner.
I think that no-brainer approaches will result in exactly the same
performance-robbing solution as McAffe and Symantec products evolved to.
I think there needs to be some more serious thinking done before implementing
your project.
Cheers, Kuba
More information about the wine-devel
mailing list