FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 01-22-2009, 12:27 PM
Craig White
 
Default Antivirus for CentOS? (yuck!)

On Thu, 2009-01-22 at 14:15 +0100, Ralph Angenendt wrote:
> Anne Wilson wrote:
> > I'm sure there are plenty of people that can give Ralph detailed information
> > about using it efficiently.
>
> Sorry, I do not want to know how to "use clamav efficiently", I am just
> wondering what good clamav will do on a server, as there aren't really
> any hooks into file writing or reading. Sure, I can hook up clamav into
> my email stream or into my proxy on that machine for filtering out
> requests to people who use windows boxes behind those.
>
> But I do not understand which sense clamav makes on a linux server, if
> there are no hooks into the kernel (I know about dazuko, but a) we don't
> ship it and b) last time I looked at it I couldn't get it to run
> properly without a *huge* speed penalty).
>
> As far as I know there is no AntiVirus solution for Linux which works
> the same as all the solutions under Windows do. And if you do not have
> real time scanning on a server/workstation, an anti virus scanner
> doesn't do you any good, as the time frame for attacks is just too
> large. Either you get it on the first shot or you can just forget about
> it.
>
> So again: If you want to be PCI-DSS compliant - what's the use of
> clamav?
----
re: the last question, I simply don't know.

I do know that I have an 'unsupported' version of Symantec Anti-Virus
for Linux which came with their 'End Point Protection' package which I
gather is a 'real-time' package but I am not interested in finding out
what that would do to performance of the system.

I also know that samba has a 'vfs' option for using clamd on your
samba/Windows file server.

Craig

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 12:46 PM
John Plemons
 
Default Antivirus for CentOS? (yuck!)

I use AVG, they have a nice and clean Real Time Scanning piece of
software for Linux

see http://www.grisoft.com for general info

http://www.avg.com/download-7?prd=avl

to download for the different flavors of Linux....

I use it on my Linux boxes as well as all of my Windows Clients and
Servers as well, bang for buck its one of the best out and much better
than that crappy Symantic brand AV....

john plemons

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 12:49 PM
Ralph Angenendt
 
Default Antivirus for CentOS? (yuck!)

Matt Shields wrote:
> On Thu, Jan 22, 2009 at 8:15 AM, Ralph Angenendt
> <ra+centos@br-online.de<ra%2Bcentos@br-online.de>
> > As far as I know there is no AntiVirus solution for Linux which works
> > the same as all the solutions under Windows do. And if you do not have
> > real time scanning on a server/workstation, an anti virus scanner
> > doesn't do you any good, as the time frame for attacks is just too
> > large. Either you get it on the first shot or you can just forget about
> > it.
> >
> Check out BitDefender http://www.bitdefender.com

Bitdefender for Samba which only scans stuff on network shares and
Bitdefender for Mail Servers which does the same clamav and
amavisd/exiscan/whatever can do. No security products which "protect"
servers itself, just hooks into the windows world.

Supports the point I tried to make

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 12:54 PM
Ralph Angenendt
 
Default Antivirus for CentOS? (yuck!)

John Plemons wrote:
> I use AVG, they have a nice and clean Real Time Scanning piece of
> software for Linux

Oh. So maybe dazuko now isn't a resource hog anymore?

Thanks, that is the first time I've heard about a component like that.

Cheers,

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 01:55 PM
Kwan Lowe
 
Default Antivirus for CentOS? (yuck!)

> Yes, I know, it's really really embarrassing to have to ask but I'm
> being pushed to the wall with PCI DSS Compliance procedure
> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> we don't need to install an anti-virus or find an anti-virus to run on
> our CentOS 5 servers.
>
> Whatever I do - it needs to be convincing enough to make the PCI
> compliance guy tick the box.
>
> So:
>
> 1. Has anyone here gone though such a procedure and got good arguments
> against the need for anti-virus?

We are going through the same thing. The initial rollout was planned
for only PCI critical systems, but has been expanded to SOX and
business-critical servers. Given the extreme rarity of Unix/Linux
related viruses, we did question why we needed to run an AV solution
at all. However, we do have shares that are accessible via Windows and
Mac users, so these were targeted. Per our compliance officer, though
a rigid interpretation of the PCI documentation might not require full
scans of every server, or even scanning every server, we would go
beyond the spec. Thus, at some point we're expecting that all servers
will require some sort of AV product.


> 2. Alternatively - what linux anti-virus (oh, the shame of typing this
> word combination ) do you use which doesn't affect our systems
> performance too much.


The AV solution we were told to use was Sophos AV. Our environment is
primarily AIX with a few Linux systems. Though the Linux systems had
(mostly) equivalent features to the Windows product, the AIX solution
was essentially a command line driven scan similar to ClamAV.

Now, SophosAV on Linux requires some kernel hooks for the on-access
scan. If Sophos-compiled binaries are not available for your kernel
then you'd need to build them on the machine. I.e., you'd require GCC
and the kernel-dev packages. Per our security requirements (not PCI
specific), we do not have compilers and dev libraries on anything but
development servers. Sophos also did not have an SLA as to when new
binaries would be released after a new kernel.

Which leads to an interesting conundrum. The Sophos product cannot do
on-demand scanning without a dev environment (and compiling elsewhere
was not a documented process from Sophos). So we were left with the
command line, cron driven scanner. Given that the files we would
target were often temporary (e.g., uploaded documents, files to be
pushed into a doc manager), it made little sense to scan daily.
Instead, you'd need to script processes to watch directories and
holding areas.

The rest of the problems were primarily with the AIX client.

Anyhoo, the AV products don't put too much load on the system,
depending on your scan requirements. They can do so though. E.g., if
you scan compressed files, do on demand, scan across shares, etc..

>
> The reviewed servers run both Internet-facing web applications and
> internal systems, mostly using proprietary protocol for internal
> communications. They are being administrated remotely via IPSec VPN
> (and possibly in the future also OpenVPN).
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 02:32 PM
Matt
 
Default Antivirus for CentOS? (yuck!)

> None... clamav, amavis, etc... are used for protecting Windows boxes
> behind the Linux boxes. If you aren't running any Windows hosts on the

FYI, clamav also detects linux based viruses. There are linux based
viruses. Rkhunter is also good to run on a linux server as well.

http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses

Of course if you keep your passwords secure and up to date on patches
you 'should' not get any viruses on a linux box. Nothing is certain
though. Its very little effort to install clamav and rkhunter.

Matt
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 04:18 PM
"nate"
 
Default Antivirus for CentOS? (yuck!)

Amos Shapira wrote:

> 2. Alternatively - what linux anti-virus (oh, the shame of typing this
> word combination ) do you use which doesn't affect our systems
> performance too much.

I highly recommend Sophos antivirus:

http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0/linux/

They seem to cost more than the competition but it's because they
have a better product.

Glad I don't have to deal with credit card numbers anymore the
security around that stuff was a pain.

nate


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 05:17 PM
Morten Torstensen
 
Default Antivirus for CentOS? (yuck!)

Rainer Traut wrote:
> Am 22.01.2009 02:19, schrieb Amos Shapira:
>
>> 2. Alternatively - what linux anti-virus (oh, the shame of typing this
>> word combination ) do you use which doesn't affect our systems
>> performance too much.
>
> http://www.f-prot.com/products/corporate_users/unix/
> has some Linux AV products.

And just for completeness, Symantec has AV for Linux too... it is better
there than on the Windows platform, but that doesn't say much. The
advantage of Symantec is that it is a well-known brand, so in some cases
it can be a easy option to push through red-tape bureaucrats.

--

//Morten Torstensen
//Email: morten@mortent.org
//IM: morten.torstensen@gmail.com

I can't listen to that much Wagner. I start getting the urge to conquer
Poland.
-- Woody Allen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 05:27 PM
John Plemons
 
Default Antivirus for CentOS? (yuck!)

But again you said it, Symantic is trash....

With my history of machine crashes caused by their I can do it better
altitude, Run don't walk from Symantic....

John Plemons


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-22-2009, 06:01 PM
Adam Tauno Williams
 
Default Antivirus for CentOS? (yuck!)

> Adam Tauno Williams wrote:
> > > 1. Has anyone here gone though such a procedure and got good arguments
> > > against the need for anti-virus?
> > There is no good argument against running malware detection on any
> > sever.
> > > 2. Alternatively - what linux anti-virus (oh, the shame of typing this
> > > word combination ) do you use which doesn't affect our systems
> > > performance too much.
> > CLAMAV works well.
> What do you do with clamav on a linux server?

You scan the server for malware.

There is nothing special about LINUX here. The whole "don't run
services as root" business is just so much noise. It isn't about
protecting the *server* it is about protecting the *data* which is
accesses [hopefully] by services which are *not* root. It is about the
data and the clients that connect to the server.

I've seen CLAMAV find malware on web servers (maybe it isn't common...
because no one is checking). Someone's crappy PHP code [is there any
other kind?] allows malware to get injected into, and served, from the
server. No root access anywhere, or required. It isn't about
protecting the OS or the system, it is about protecting the data, the
applications [from exploit], and the end-users [so the server isn't an
attack vector]. Assuming none of the services on you server can be
exploited is just wrong headed; and the exploiter does not need to
"own" the server (aka have root) in order to do mischief. Access to
your data is probably more valuable than whacking your server.

The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots
of malware is served from LINUX servers. Scanning a server for
signatures is just another way to proof (not prove) that a server has
not been compromised and that data accessed by the server is secure.
Which is what things like PCI/DSS is about - protecting the *data*.

> What do you think it protects you against on a linux server?

"against a linux server?" ?


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 01:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org