> Hi!
>
> > > On Mon, Aug 18, 2008 at 02:15:24PM +0100,
tvrtko.ursulin@sophos.com
> > wrote:
> > > > Then there is still a question of who allows some binary to declare
> > itself
> > > > exempt. If that decision was a mistake, or it gets compromised
> > security
> > > > will be off. A very powerful mechanism which must not be easily
> > > > accessible. With a good cache your worries go away even without a
> > scheme
> > > > like this.
> > >
> > > I have one word for you --- bittorrent. If you are downloading a very
> > > large torrent (say approximately a gigabyte), and it contains many
> > > pdf's that are say a few megabytes a piece, and things are coming in
> > > tribbles, having either a indexing scanner or an AV scanner wake up
> > > and rescan the file from scratch each time a tiny piece of the pdf
> > > comes in is going to eat your machine alive....
> >
> > Huh? I was never advocating re-scan after each modification and I even
> > explicitly said it does not make sense for AV not only for performance but
> > because it will be useless most of the time. I thought sending out
> > modified notification on close makes sense because it is a natural point,
> > unless someone is trying to subvert which is out of scope. Other
> > have
>
> Why do you think non-malicious applications won't write after close /
> keep file open forever?
