2.5. Malware Scan (MS)

This is not really an access control model, but rather a system protection model against malware. Execution, reading and transmission of malware infected files can be prevented.

This model should be used, if data, especially programs, are transferred from other systems to prevent a widespread malware infection. However, only malware known by the scanner algorithm can be be detected. On Linux this is the bliss virus in variants A and B and a few DOS viruses. Platform independent macro or java viruses will have to be included later.

Currently, this is only a working demonstration model, because too few viruses are detected. However, it is rather simple to add more scan strings, if you want to. From version 1.2.0, there is a generic interface to add other scanning engines.

For more details see our paper on "Approaches to Integrated Malware Detection and Avoidance" for The Third Nordic Workshop on Secure IT Systems (Nordsec'98)