The Dazuko module includes the official Dazuko Antivirus scanner interface, which is actively supported by many professional antivirus products.

This means that the actual scanning is done by separate user space daemons, which have to be obtained from their respective vendors. Some of these scanner daemons are available for free, for example the ClamAV daemon.

To minimize the scanning overhead, all scanning results can be cached with a configurable lifetime. The complete cache can be invalidated on every scanner or pattern update. Single results are invalidated automatically at each write access.

If you are interested, a paper on Approaches to Integrated Malware Detection and Avoidance for The Third Nordic Workshop on Secure IT Systems is available. This paper covers the MS (Malware Scan) module which has been obsoleted and deprecated by the Dakuzo module. The caching and invalidation logic is still valid.

---

Table of Contents: RSBAC Handbook
Back: Security Models