Kenny Lussier wrote: > On Thu, Jun 25, 2009 at 9:05 AM, Alex Hewitt<hewitt_t...@comcast.net> wrote: > >> Kenny, if you have a mandate to install anti-virus/anti-malware does that >> mean that whoever mandated this wants to scan all files on the servers for >> PC infections? Although these things typically have no effect on Linux >> systems they might be a problem for Windows boxes that are reading/writing >> files on the servers. If that is the case, ClamAV would be a good >> solution... >> > > Alex, > > The mandate actually isn't that intelligent. It was a broad statement > of "You have to have anti-virus and anti-malware software on all of > your servers", and when we wrote a compensating control that stated > "This is not needed on Linux servers", someone Googled Linux +virus > and found "rootkit". Thus, the mandate for "Anti-rootkit software" > (and yes, that is what the audit sheet calls it...... ) > > None of the Windows servers or workstations in the company have any > access to the servers that are in question. The servers are extremely > isolated in their own firewalled island, with no sharing allowed :-) > Windows systems can read/write to anything on that network. I could > probably install ClamAV on every box and call it a day, and they would > be perfectly happy. However, I would like to go beyond the letter of > the mandate and do something that is at least useful. If I can compile > a list of known rootkits and their properties, I can write Tripwire > recipes and add that to our tool chain. > > Thanks, > Kenny > > Certainly a downside to putting ClamAV on all these systems is the waste of resources. That would be my main objection under the circumstances you presented...
-Alex _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/