摘要： 提出了一个基于应用程序监控的病毒防范框架ViTrack。操作系统对被监控程序引入系统的新文件强制标注可疑标记。任何具有可疑标记的文件首次被访问时，内核将强制调用指定的杀毒程序对该文件进行病毒检查。该机制对用户透明、可定制且不会被应用程序绕开。与ClamAV 的协同测试表明，ViTrack 以较小的性能代价，有效阻断了病毒通过常用应用程序入侵系统的途径。

关键词: 病毒；程序监控；Linux；访问控制；病毒扫描

Abstract: The paper introduces a new anti-virus framework under Linux based on application monitoring. Each of the new files introduced by monitored applications is marked with a suspected label. When a file with suspected label is accessed at first time, anti-virus scanning will be performed. The mediation is done in kernel, thus transparent and mandatory to users. The results of testing with ClamAV show the framework effectively prevents viruses from entering system via common applications with low performance cost.

Key words: Virus; Application monitor; Linux; Access control; Virus scan