Dazuko
The Dazuko project provides a virtual device driver allowing (userland) applications to execute online file access control. It was originally developed by Avira GmbH (formerly known as H+BEDV Datentechnik GmbH) to allow on-access virus scanning. Other uses include a file-access monitor/logger or external security tools. Dazuko operates by intercepting file access calls and passing the file information to a userland application. The application then has the opportunity to tell the virtual device driver to allow or deny the file access. The application also receives information about the file access event, such as accessed file name, type of access, process id, and user id.
| Tags | Operating System Kernels Monitoring Security |
|---|---|
| Licenses | GPL BSD Revised |
| Operating Systems | POSIX BSD FreeBSD Linux |
| Implementation | C |
Recent releases
- 06 Sep 2008 20:42
Release Notes: This version adds support for the new RedirFS 0.3 API.
- 22 Mar 2007 13:00
Release Notes: Support for Linux kernel versions 2.6.19 through 2.6.21has been added. Minor fixes are included to support Dazuko-based applications using threads and/or the Dazuko Trusted Application Framework. The Lua language binding has been significantly updated. The userland DazukoIO library was cleaned up internally to improve readability and remove unnecessary global variables.
- 29 Nov 2006 13:39
Release Notes: A name cache leak on Linux systems has been discovered and fixed. Linux users are strongly encouraged to upgrade.
- 04 Oct 2006 01:35
Release Notes: Optional support has been added for syscall hooking with Linux 2.6. LSM remains the default method of event interception for Linux 2.6.
- 06 Aug 2006 16:10
Release Notes: An internal API change causing compile problems under FreeBSD has been fixed. Several changes were made to support the latest Linux 2.6 internal APIs.
Recent comments
Re: race conditions with AntiExploit and ClamAV ;-(
I recommed installing the new 2.1.0 version of Dazuko. This version has much better support for multiple applications.
It is also a known problem that ClamAV sometimes causes problems (because of a poor usage of the Dazuko API). By not including system paths used by ClamAV (such as /var) you should be able to avoid this problem.
This was briefly discussed in the dazuko-help mailing list:
race conditions with AntiExploit and ClamAV ;-(
I use AntiExploit 1.3beta5 along with ClamAV, for forther virus & exploit detections. but as long as a virus etected, the system hangs up.
Then I PING my computer from another one in the LAN, it replies; by ssh does'nt reply, and ANY user-mode process dosen't reply.
I reboot the computer and start clamd alonely, then everything is O.K. I tried an application written by myself, which is simply registered with dazuko in the READ ONLY mode, it is all right with clamd. Even I change the simple appliction to register in "r+" mode, still everything is O.K. No other than dazuko is registered by clamd and AntiVirus simultaneously and a infected file detected, things went wrong.
Then I believe there must be something wrong within them. can anybody give me some advice?
My Linux kernel version is 2.6.12, dazuko of 2.0.6, clamav of 0.86.1, AntiExploit of 1.3b5.
Thanks.
Best regards.
albcamus
Heartbeat
- Popularity Score
- 109.91
- Vitality Score
- 6.76
- Subscriptions
- 39
