RTMDS is available now for testing. At the moment, installation will need to be done manually. To install, run these commands (if you dont know what these mean, I recommend you wait for an installer and not do this manually):

yum --enablerepo=asl-2.0-testing install kmod-dazuko

This should install the dazuko and redirfs modules. You will then need to add in these modules to your system. If you have kernel protection mode set, you will need to reboot to load the modules.

Add these lines to /etc/init.d/asl-mod:

modprobe redirfs
modprobe dazuko

Then you will need to reboot or load these modules. Once they are loaded, check to make sure you have this device:
/dev/dazuko

It should look like this:
crw------- 1 root root 247, 0 Oct 1 11:57 /dev/dazuko

Finally, modify clamd to tie into the kernel to check files for bad things by adding this to clamd:
ClamukoScanOnAccess yes

# Set access mask for Clamuko.
# Default: no
ClamukoScanOnOpen yes
ClamukoScanOnClose yes
ClamukoScanOnExec yes

# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
ClamukoIncludePath /var/www
ClamukoIncludePath /tmp
ClamukoIncludePath /var/tmp
ClamukoIncludePath /home
ClamukoIncludePath /var/spool/samba
ClamukoIncludePath /var/lib/vmware/
ClamukoIncludePath /var/cache/coolkey
ClamukoIncludePath /dev/shm
ClamukoIncludePath /usr/local/psa/tmp
ClamukoIncludePath /var/asl/data/suspicious

And if you need to exclude anything, add in the full path to the exclusions like this:
ClamukoExcludePath /some/path

Check to make sure these directories exist for your system - if they do not, remove them from the list. Otherwise dazuko wont initialize properly.

And comment out this:

User clamav

clamd has to run as root to be able to see all the files on the system. If this gives you pause thats understandable, however keep in mind that an ASL kernel is immune to buffer and heap overflows so an attack on clamd of that nature is not likely to work. We're also going to be putting out RBAC policies in the very near future for things like clamd, apache and other apps.

Also, you can tell clamd to watch the entire filesystem - but you will add additional, and possibly un-needed load to the system. From a security perspective, its definitely the right thing to do, but if your users can change files in /bin, for example, watch /bin for malware is a bit of a waste. If root can write to /bin, root can also disable clamd or exclude /bin. So the included directories above were put together based on an assumption of the directories that users can write to - and therefore likely places for malware. If we missed a standard directory, let us know.

Also, the kernel hook works on read and execute, not on write. So malware can be written to a location, it can not be read or executed. This is partially a limitation of dazuko, and also by design. dazuko doesnt hook writes, but we chose that because it lets your users files remain on the system - in a locked state if you will - until you can figure out what to do with it. This is sort of a quarantine in place, if you will.

This is test software, so please use them at your own risk. We are using them on our production boxes, but this is still testing software and is not part of ASL yet. If it breaks, we want to know, but its not supported yet.