Aegis is a virus scanner for GNOME with a simple and intuitive user interface. Aegis 2.0 is a ground-up rewrite of the Aegis Virus Scanner. It was developed as a modular and flexible system that can support multiple backends for monitoring and scanning. Even the user interface is decoupled so that it would not be hard to write an interface for another desktop such as KDE.

The old Aegis was a simple "on-demand" scanner - you ran the application, chose a directory, and the program scanned it for you. Aegis 2.0 is a background scanner - it resides in your desktop's notification area, and watches for new or modified files in your home directory. When it finds an infected file, it shows a dialog, allowing you to delete or quarantine the file.

Scanning

The Aegis 2.0 backend uses a private instance of the Clam AntiVirus server, instead of the File::Scan module used by the old Aegis, which has not been updated for some time. However, as mentioned previously, Aegis 2.0 is capable of using any scanner backend that is available.

Monitoring

File system monitoring is achieved using GnomeVFS. This is actually just a thin layer on top of Gamin. However, as with the scanner backend, any other monitoring backed can be used, so it would be trivial to implement a new monitoring backend using (for example) Sys::Gamin, in order to decouple Aegis from GTK/Gnome (for example, to provide a KDE interface).

Please note that since Aegis 2.0 is a userland application, it cannot block other processes from accessing infected files. However, if something like a kernelspace virus scanner were to be developed, Aegis could easily be modified to support it (perhaps using D-Bus as an IPC system).

Future Plans

Once the Glib interface to D-Bus is widely available, D-Bus support will be added to Aegis. This will allow other applications to interact with the scanner - for example to request that a file or a bytestream be scanned.