freshmeat.net: Project details for Dazuko

21:51 UTC

[Project]

Dazuko - Default branch

Section: Unix

Added: Tue, Nov 11th 2003 06:56 UTC (4 years, 8 months ago)

Updated: Thu, Mar 22nd 2007 13:00 UTC (1 year, 4 months ago)

About:
Dazuko provides a device driver allowing 3rd-party (userland) applications to execute file access control. It was originally developed by H+BEDV Datentechnik GmbH to allow on-access virus scanning. Other uses include a file-access monitor/logger or external security implementations. It operates by intercepting file access calls and passing the file information to a 3rd-party application. The 3rd-party application then has the opportunity to tell the device driver to allow or deny the file access. The 3rd-party application also receives information about the access event, such as accessed file, type of access, process id, and user id.

Author:
John Ogness [contact developer]

Homepage:
http://www.dazuko.org/
Tar/GZ:
http://www.dazuko.org/files/dazuko-2.3.3.tar.gz
Changelog:
http://www.dazuko.org/CHANGELOG
Debian package:
http://www.dazuko.org/files/dazuko-source_2.3.3-1_all.deb
CVS tree (cvsweb):
http://cvs.savannah.gnu.org/viewcvs/dazuko/dazuko/
Mailing list archive:
http://mail.gnu.org/archive/html/dazuko-devel/

Trove categories: [change]
[Development Status] 5 - Production/Stable
[License] OSI Approved :: BSD License (revised), OSI Approved :: GNU General Public License (GPL)
[Operating System] POSIX :: BSD :: FreeBSD, POSIX :: Linux
[Programming Language] C
[Topic] Security, System :: Monitoring, System :: Operating System Kernels

Dependencies: [change]
No dependencies filed

Project admins: [change]
» John Ogness (Owner)

» Rating: 8.50/10.00 (Rank N/A)
» Vitality: 0.01% (Rank 3867)
» Popularity: 1.67% (Rank 3186)

(click to enlarge graphs)

   Record hits: 19,151
   URL hits: 6,110
   Subscribers: 41

Other projects from the same categories:
cosign
MasarLabs System Monitor
Idel
IMLogger
TkLogSpy

Users who subscribed to this project also subscribed to:
MeshLab
mkautosmb
Astro::DSS Module
gcc
Cherokee

Add comment · Rate this project · Subscribe to new releases · Ignore this project · Email this project to a friend · Project record in XML

Branches

Branch Version Last release License URLs

Default 2.3.3 22-Mar-2007 BSD License (revised)

Development 2.0.1-pre3 28-Mar-2004 BSD License (revised)

Comments

[»] race conditions with AntiExploit and ClamAV ;-(
by albcamus - Jul 22nd 2005 00:11:15

I use AntiExploit 1.3beta5 along with ClamAV, for forther virus & exploit detections. but as long as a virus etected, the system hangs up.

Then I PING my computer from another one in the LAN, it replies; by ssh does'nt reply, and ANY user-mode process dosen't reply.

I reboot the computer and start clamd alonely, then everything is O.K. I tried an application written by myself, which is simply registered with dazuko in the READ ONLY mode, it is all right with clamd. Even I change the simple appliction to register in "r+" mode, still everything is O.K. No other than dazuko is registered by clamd and AntiVirus simultaneously and a infected file detected, things went wrong.

Then I believe there must be something wrong within them. can anybody give me some advice?

My Linux kernel version is 2.6.12, dazuko of 2.0.6, clamav of 0.86.1, AntiExploit of 1.3b5.

Thanks.

Best regards.
albcamus

--
有书为患��

[reply] [top]

[»] Re: race conditions with AntiExploit and ClamAV ;-(
by John Ogness - Sep 8th 2005 13:36:22

I recommed installing the new 2.1.0 version of Dazuko. This version has much better support for multiple applications.

It is also a known problem that ClamAV sometimes causes problems (because of a poor usage of the Dazuko API). By not including system paths used by ClamAV (such as /var) you should be able to avoid this problem.

This was briefly discussed in the dazuko-help mailing list:
http://lists.gnu.org/archive/html/dazuko-help/2005-02/msg00008.html

[reply] [top]