FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-22-2009, 02:17 PM
Holger Rauch
 
Default On Access Virus Scanner Recommendation

Hi to everybody,

I'm thinking about using NOD32 on a Debian system for on access virus
scanning (i.e. scan a file when it's created or its contents are
modified in some way).

I'm aware that there's the Dazuko module, but allegedly it doesn't
seem to support NFSv3 or NFSv4 file systems since NFS uses socket
communication to write files not "ordinary" file system calls and
Dazuko can only handle these.

So, my questions are:

- Which virus scanner would you recommend for a central file server
running Debian Lenny offering FTP, OpenAFS, NFSv4 and SSH/SCP access?

- Is Dazuko a recommended solution? If so, which version? (I ask this
because there are several available by now)

- If not, what would be possible and practical alternatives for Dazuko
and/or NOD32?

Thanks in advance for any hints & kind regards,

Holger
 
Old 11-24-2009, 10:49 AM
Holger Rauch
 
Default On Access Virus Scanner Recommendation

Hi to everybody,

I'm thinking about using NOD32 on a Debian Lenny system for on
access virus scanning (i.e. scan a file when it's created and/or its
contents are modified in some way).

I'm aware that there's the Dazuko module, but allegedly it doesn't
seem to support NFSv3 or NFSv4 file systems since NFS uses socket
communication to write files not "ordinary" file system calls and
Dazuko can only intercept these.

So, my questions are:

- Which virus scanner capable of performing on acces scanning would
you recommend for a central file server running Debian Lenny
offering FTP, OpenAFS, NFSv4 and SSH/SCP access?

- Is Dazuko a recommended solution? If so, which version? (I ask this
because there are several available by now)

- If not, what would be possible and practical alternatives for
Dazuko and/or NOD32?

Thanks in advance for any hints & kind regards,

Holger
 
Old 11-24-2009, 11:56 AM
Umarzuki Mochlis
 
Default On Access Virus Scanner Recommendation

2009/11/24 Holger Rauch <holger.rauch@empic.de>

Hi to everybody,



I'm thinking about using NOD32 on a Debian Lenny system for on

access virus scanning (i.e. scan a file when it's created and/or its

contents are modified in some way).



I'm aware that there's the Dazuko module, but allegedly it doesn't

seem to support NFSv3 or NFSv4 file systems since NFS uses socket

communication to write files not "ordinary" file system calls and

Dazuko can only intercept these.



So, my questions are:



- Which virus scanner capable of performing on acces scanning would

*you recommend for a central file server running Debian Lenny

*offering FTP, OpenAFS, NFSv4 and SSH/SCP access?



- Is Dazuko a recommended solution? If so, which version? (I ask this

*because there are several available by now)



- If not, what would be possible and practical alternatives for

*Dazuko and/or NOD32?



Thanks in advance for any hints & kind regards,



http://www.clamav.net/download/third-party-tools/3rdparty-fs/
*

* * * Holger

* * *
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)



iEYEARECAAYFAksLyFIACgkQbiVtWpZdKQJfEACfULTCbdEVKV zOZhRGZarl+bEH

7pAAn2ORw3x4J0fjFgDpT8aPLXqokBDG

=eToI

-----END PGP SIGNATURE-----




--
Regards,

Umarzuki Mochlis
http://gameornot.net
 
Old 11-24-2009, 01:49 PM
Tzafrir Cohen
 
Default On Access Virus Scanner Recommendation

On Tue, Nov 24, 2009 at 12:49:38PM +0100, Holger Rauch wrote:
> Hi to everybody,
>
> I'm thinking about using NOD32 on a Debian Lenny system for on
> access virus scanning (i.e. scan a file when it's created and/or its
> contents are modified in some way).
>
> I'm aware that there's the Dazuko module, but allegedly it doesn't
> seem to support NFSv3 or NFSv4 file systems since NFS uses socket
> communication to write files not "ordinary" file system calls and
> Dazuko can only intercept these.

Why is that a problem? Do you have Windows clients accessing the system
through NFS?


--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-25-2009, 08:26 AM
Holger Rauch
 
Default On Access Virus Scanner Recommendation

Hi,

On Tue, 24 Nov 2009, Tzafrir Cohen wrote:

> [...]
> Why is that a problem? Do you have Windows clients accessing the system
> through NFS?

Not necessarily, but I'd like to be on the safe side. Furthermore,
there seem to be many Dazuko versions around:

- dazuko-source_2.3.3-1_all.deb
- dazuko-2.3.4.tar.gz
- dazuko-3.0.0-birthday.tar.gz
- dazuko-2.3.5-pre1.tar.gz
- dazukofs-3.1.1.tar.gz
- dazuko-2.3.7.tar.gz

So, which is the "best" one, especially when compiling the module for
a 64bit Linux kernel???

Thanks in advance & kind regards,

Holger
 
Old 11-25-2009, 10:15 AM
Tzafrir Cohen
 
Default On Access Virus Scanner Recommendation

On Wed, Nov 25, 2009 at 10:26:12AM +0100, Holger Rauch wrote:
> Hi,
>
> On Tue, 24 Nov 2009, Tzafrir Cohen wrote:
>
> > [...]
> > Why is that a problem? Do you have Windows clients accessing the system
> > through NFS?
>
> Not necessarily, but I'd like to be on the safe side.

On what safe side?

Can you give an example of a threat you wish to mitigate with such a
scan?

Are you aware of the overhead?

Are you aware of the potential threat that someone might trigger a
security hole in either the module or the (omnipotent) scanner by
reading a specially-crafted file?

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-25-2009, 07:05 PM
Holger Rauch
 
Default On Access Virus Scanner Recommendation

Rehi,

please see my answers below.

On Wed, 25 Nov 2009, Tzafrir Cohen wrote:

> > > [...]
> > > Why is that a problem? Do you have Windows clients accessing the system
> > > through NFS?
> >
> > Not necessarily, but I'd like to be on the safe side.
>
> On what safe side?
>
> Can you give an example of a threat you wish to mitigate with such a
> scan?

A Windows client using WinSCP to a directory that's both NFS and CIFS
exported, perhaps? Furthermore, free NFS v3/v4 clients for Windows can
become available and then this threat can become real...

>
> Are you aware of the overhead?

No, can't judge it, to be honest.

> Are you aware of the potential threat that someone might trigger a
> security hole in either the module or the (omnipotent) scanner by
> reading a specially-crafted file?

Yes, but that can always be the problem, regardless of the underlying
file system.

Greetings,

Holger
 
Old 11-27-2009, 08:19 PM
Paul Johnson
 
Default On Access Virus Scanner Recommendation

Holger Rauch wrote:

> I'm thinking about using NOD32 on a Debian system for on access virus
> scanning (i.e. scan a file when it's created or its contents are
> modified in some way).

Why, when it's so much easier to not allow connections from insecure
operating systems prone to virus infection to start with?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-30-2009, 06:23 AM
Holger Rauch
 
Default On Access Virus Scanner Recommendation

Hi,

On Fri, 27 Nov 2009, Paul Johnson wrote:

> Holger Rauch wrote:
>
> > I'm thinking about using NOD32 on a Debian system for on access virus
> > scanning (i.e. scan a file when it's created or its contents are
> > modified in some way).
>
> Why, when it's so much easier to not allow connections from insecure
> operating systems prone to virus infection to start with?

Because disallowing these connections (unfortunately) is not an option
since Windows clients are used in my company and they too need to be
able to both access and modify files on our file server.

What's even more interesting though is: Which is the right Dazuko
version to choose? There are several of them around.

Kind regards,

Holger
 
Old 11-30-2009, 10:03 AM
Berni Elbourn
 
Default On Access Virus Scanner Recommendation

Holger Rauch wrote:

Hi,

On Fri, 27 Nov 2009, Paul Johnson wrote:


Holger Rauch wrote:


I'm thinking about using NOD32 on a Debian system for on access virus
scanning (i.e. scan a file when it's created or its contents are
modified in some way).

Why, when it's so much easier to not allow connections from insecure
operating systems prone to virus infection to start with?


Because disallowing these connections (unfortunately) is not an option
since Windows clients are used in my company and they too need to be
able to both access and modify files on our file server.

What's even more interesting though is: Which is the right Dazuko
version to choose? There are several of them around.

Kind regards,

Holger



Or look at it the other way round....

Linux is not vulnerable to windows virus. Note the careful wording ;-)
So don't waste valuable server cpu cycles on-access scanning on a Linux
server. Instead protect your Linux with things like rkhunter.


Also all your windows PCs already have to run on-access scanners anyway
- right.


So a virus should never get near the server anyway at least in theory...

In practice virus do often get through simply because the virus profiles
available for both server and clients PCs are always one step behind the
crooks. Best you can do is have have regular full virus scans on the
Windows PCs hard disks to fix once the anti-virus companies catch up.


You could be very sociable and scan the files at quiet times on the
server and quarantine...clamav does a nice job at no cost. You can also
use it as a quality check on your commercial scanner.


Good luck,

Berni


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:04 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org