On 2013 Feb 17, at 15:44 , [email protected] wrote: > Hi. > > Would appreciate some views and comments here... > > We're being pressured by our "Risk and Compliance" group to install antivirus > on our Unix (Solaris and AIX) and Linux (Red Hat / Centos) servers. > Historically we've not installed AV software on these platforms because there > haven't been viruses to worry about. I'm not sure that has changed, but we > need a better argument than "There are no Unix/Linux viruses" apparently. > > So, I'd be interested in hearing if: > > a) you run AV software on your Unix/Linux servers
No > b) if not, have you had to argue it away? Briefly only. > c) if so, is this due to any external compliance issue Both internal and external. The simple response was "There is no antivirus software that exists to scan against viruses that attack Unix based systems." Each one of the Linux based AV tools scans against Windows malware signatures only. A few choice quotes from the vendors pointing out that they protected against Windows malware, and we put the burden back on the compliance team and pointed out that if we did this, we were still not compliant with what they were claiming we needed compliance with (malware protection for Unix based malware). It also helped when we pointed out "The AV software for "unix" doesn't run on half our Unix operating systems." AIX was on that list. Software may now be available, but it wasn't when we hunted (admittedly more than a few years ago). Now, if they came back and said "we need to protect against Unix based systems being a vector to Windows", that we were prepared to deal with and investigate appropriate tools on those servers that could feasibly be a vector. (SMB servers mainly for us, we relied on Exchange to handle Windows email). Knowing what they really are trying to protect, with the classic line of "Tell me your problem, not your desired solution" sometimes helps. Of course, by the time you got here, you should already have a good relationship with your compliance team. If not, that's a bigger problem. Your interactions with them should be regular, proactively looking for problems, and you should be almost as familiar with policy as they are. ---- "The speed of communications is wondrous to behold. It is also true that speed can multiply the distribution of information that we know to be untrue." Edward R Murrow (1964) Mark McCullough [email protected] _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
