On Sat, Sep 07, 2019 at 09:33:11AM -0700, Pablo Di Noto wrote: > Hello, > > > > I think you may be overstating the problem of running anti-virus on > > Qubes. If you could find an AV that updates its virus definitions via > > signed RPMs, then it can be made to work without a lot of effort. > > > > The issue in this case is two fold: The designated ~antivius~ endpoint > protection solution (Sentinel One in our case) offers no support for > Fedora, specially an oldish one like F25. Also, the whole compliance point > is to have the endpoint report frequently its compliance status, which dom0 > would not do. > And, of course, this solution has its own update mechanism, so it cannot be > made work with the RPM proxy Qubes offers.
1) Create a standalone VM called sys-net-work based on Debian. 2) Install your AV there. 3) When you are at work boot that one and map your firewall to it instead of the standard sys-net. This is equivalent to a non hypervisor OS as sys-net is the root of the system and through it flows all network traffic. This should check your management's tick box as sentinel will report back that it is running. And it should meet your needs as you can stay on qubes OS and additionally remap to sys-net when you are home so you need not run their closed source "security" software when you are not obliged to. > > > > Beyond that, you could still do it without RPMs, assuming the AV program > > requires all of its data to be signed. > > > > - > > > > Whatever AV installation you had in dom0 would also need to be installed > > in a template as well... this allows DispVMs to scan your various > > working VMs while still maintaining isolation. The definition update > > mechanism for the template would be the same as for dom0 (i.e. import an > > RPM, or some other signed data file via qvm-copy). > > > > I see no issue with that. > Unfortunately, from my company point of view, having only all VMs with the > endpoint security software would not make me compliant. > > Thanks for your comments! > ///Pablo > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/ca6a5923-15f7-42c2-a0c4-d2179b61abcd%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190909021817.ajikm7itfqxwwehw%40host.localdomain.
signature.asc
Description: PGP signature
