Re: [lopsa-discuss] Unix/Linux antivirus software

[Ash Palmer]

Hello,
        The method I deploy is a combination of OSSEC and
        rkhunter. OSSEC is a Host Intrusion Detection System which in
        some regards could be considered an Anti-Virus utility.

        I find that OSSEC is very useful for a variety of reasons.

        "OSSEC is an Open Source Host-based Intrusion Detection System
        that performs log analysis, file integrity checking, policy
        monitoring, rootkit detection, real-time alerting and active
        response." -- http://www.ossec.net/

        AV/ClamAV are deployed to check files that are exposed to
        Windows machines such as Email or NFS but are rarely effective
        in protecting Linux/UNIX machines from the uncommon and quickly
        patched Linux Viruses in the wild.

        This response and alert system may be enough to satisfy the
        requesters of the Anti-Virus installation. 

Food for thought,

--
Ash Palmer



On Sun, 17 Feb 2013 20:44:31 +0000 (GMT)
"jrmailgate-lo...@yahoo.co.uk" <jrmailgate-lo...@yahoo.co.uk> wrote:

> Hi.
> 
> Would appreciate some views and comments here...
> 
> We're being pressured by our "Risk and Compliance" group to install
> antivirus on our Unix (Solaris and AIX) and Linux (Red Hat / Centos)
> servers. Historically we've not installed AV software on these
> platforms because there haven't been viruses to worry about. I'm not
> sure that has changed, but we need a better argument than "There are
> no Unix/Linux viruses" apparently.
> 
> So, I'd be interested in hearing if:
> 
> a) you run AV software on your Unix/Linux servers
> b) if not, have you had to argue it away?
> c) if so, is this due to any external compliance issue?
> 
> 
> We're not running servers under any external compliance (such as
> PCI), so it's only internal policy we're dealing with.
> 
> If you think I'm wrong and I should be running AV software, I'd
> appreciate that feedback as well, although I'd be really interested
> in understanding why.
> 
> Thanks for any comments!
> 
> Julian
> 
> _______________________________________________
> Discuss mailing list
> Discuss@lists.lopsa.org
> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
> This list provided by the League of Professional System Administrators
>  http://lopsa.org/

signature.asc
Description: PGP signature

_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
 http://lopsa.org/