2009/1/15 Scott Ritchie scott@open-vote.org:
There has been demand to implement a ClamAV powered on-access file scan within Wine. That should fill that niche nicely, and also more elegantly since we don't have to run a Wine process to check the Wine system. This has the added benefit of making it harder to compromise the virus checker itself, especially since that can then reside outside the user's home folder. In a very real way, we could handle Windows security better than Windows.
Yes. Attempting to run the virus checker on the system you're protecting is basically *insane*. An outboard checker on a different OS is a ridiculously better idea.
The main problem with restricting access outside an app's WINEPREFIX is not that it's a bad idea (it's a great idea), but that it could lead to undue overconfidence on the part of users and an expectation that this will actually meaningfully increase security.
- d.