Re: On Access Virus Scanner Recommendation
Hi Berni On Mon, 30 Nov 2009, Berni Elbourn wrote: Or look at it the other way round Linux is not vulnerable to windows virus. Note the careful wording ;-) So don't waste valuable server cpu cycles on-access scanning on a Linux server. The problem is that I can't rely on all client PCs having up-to-date virus scanner software, so this measure would be some kind of safety net. Instead protect your Linux with things like rkhunter. Thanks for that hint. I will take it into account. Also all your windows PCs already have to run on-access scanners anyway - right. Yes, but one can never rely that all local virus scanner databases are up-to-date. Some people might disable automatic updates... (You can always have some kind of policy, but that's just a piece of paper). So a virus should never get near the server anyway at least in theory... Right, but theory is more often than not contradicted by practice... ;-) In practice virus do often get through simply because the virus profiles available for both server and clients PCs are always one step behind the crooks. Yes, exactly, that's what I'm worried about and that's the reason why I want to add some kind of safety net to the central file server since I don't want it to turn into some kind of central virus distributor. Best you can do is have have regular full virus scans on the Windows PCs hard disks to fix once the anti-virus companies catch up. Yes, I'm aware of that. You could be very sociable and scan the files at quiet times on the server and quarantine...clamav does a nice job at no cost. You can also use it as a quality check on your commercial scanner. Yes, I know about clamav. Nevertheless, I'm still interested in getting NOD32 to run on that server and that requires Dazuko. Since there are quite a few Dazuko versions floating around on the net, which one is recommended for Debian Lenny amd64? Thanks kind regards, Holger signature.asc Description: Digital signature
Re: On Access Virus Scanner Recommendation
Holger Rauch wrote: Hi, On Fri, 27 Nov 2009, Paul Johnson wrote: Holger Rauch wrote: I'm thinking about using NOD32 on a Debian system for on access virus scanning (i.e. scan a file when it's created or its contents are modified in some way). Why, when it's so much easier to not allow connections from insecure operating systems prone to virus infection to start with? Because disallowing these connections (unfortunately) is not an option since Windows clients are used in my company and they too need to be able to both access and modify files on our file server. What's even more interesting though is: Which is the right Dazuko version to choose? There are several of them around. Kind regards, Holger Or look at it the other way round Linux is not vulnerable to windows virus. Note the careful wording ;-) So don't waste valuable server cpu cycles on-access scanning on a Linux server. Instead protect your Linux with things like rkhunter. Also all your windows PCs already have to run on-access scanners anyway - right. So a virus should never get near the server anyway at least in theory... In practice virus do often get through simply because the virus profiles available for both server and clients PCs are always one step behind the crooks. Best you can do is have have regular full virus scans on the Windows PCs hard disks to fix once the anti-virus companies catch up. You could be very sociable and scan the files at quiet times on the server and quarantine...clamav does a nice job at no cost. You can also use it as a quality check on your commercial scanner. Good luck, Berni -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: On Access Virus Scanner Recommendation
Hi, On Fri, 27 Nov 2009, Paul Johnson wrote: Holger Rauch wrote: I'm thinking about using NOD32 on a Debian system for on access virus scanning (i.e. scan a file when it's created or its contents are modified in some way). Why, when it's so much easier to not allow connections from insecure operating systems prone to virus infection to start with? Because disallowing these connections (unfortunately) is not an option since Windows clients are used in my company and they too need to be able to both access and modify files on our file server. What's even more interesting though is: Which is the right Dazuko version to choose? There are several of them around. Kind regards, Holger signature.asc Description: Digital signature
Re: On Access Virus Scanner Recommendation
Holger Rauch wrote: I'm thinking about using NOD32 on a Debian system for on access virus scanning (i.e. scan a file when it's created or its contents are modified in some way). Why, when it's so much easier to not allow connections from insecure operating systems prone to virus infection to start with? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: On Access Virus Scanner Recommendation
Hi, On Tue, 24 Nov 2009, Tzafrir Cohen wrote: [...] Why is that a problem? Do you have Windows clients accessing the system through NFS? Not necessarily, but I'd like to be on the safe side. Furthermore, there seem to be many Dazuko versions around: - dazuko-source_2.3.3-1_all.deb - dazuko-2.3.4.tar.gz - dazuko-3.0.0-birthday.tar.gz - dazuko-2.3.5-pre1.tar.gz - dazukofs-3.1.1.tar.gz - dazuko-2.3.7.tar.gz So, which is the best one, especially when compiling the module for a 64bit Linux kernel??? Thanks in advance kind regards, Holger signature.asc Description: Digital signature
Re: On Access Virus Scanner Recommendation
On Wed, Nov 25, 2009 at 10:26:12AM +0100, Holger Rauch wrote: Hi, On Tue, 24 Nov 2009, Tzafrir Cohen wrote: [...] Why is that a problem? Do you have Windows clients accessing the system through NFS? Not necessarily, but I'd like to be on the safe side. On what safe side? Can you give an example of a threat you wish to mitigate with such a scan? Are you aware of the overhead? Are you aware of the potential threat that someone might trigger a security hole in either the module or the (omnipotent) scanner by reading a specially-crafted file? -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best ICQ# 16849754 || friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: On Access Virus Scanner Recommendation
Rehi, please see my answers below. On Wed, 25 Nov 2009, Tzafrir Cohen wrote: [...] Why is that a problem? Do you have Windows clients accessing the system through NFS? Not necessarily, but I'd like to be on the safe side. On what safe side? Can you give an example of a threat you wish to mitigate with such a scan? A Windows client using WinSCP to a directory that's both NFS and CIFS exported, perhaps? Furthermore, free NFS v3/v4 clients for Windows can become available and then this threat can become real... Are you aware of the overhead? No, can't judge it, to be honest. Are you aware of the potential threat that someone might trigger a security hole in either the module or the (omnipotent) scanner by reading a specially-crafted file? Yes, but that can always be the problem, regardless of the underlying file system. Greetings, Holger signature.asc Description: Digital signature
Re: On Access Virus Scanner Recommendation
2009/11/24 Holger Rauch holger.ra...@empic.de Hi to everybody, I'm thinking about using NOD32 on a Debian Lenny system for on access virus scanning (i.e. scan a file when it's created and/or its contents are modified in some way). I'm aware that there's the Dazuko module, but allegedly it doesn't seem to support NFSv3 or NFSv4 file systems since NFS uses socket communication to write files not ordinary file system calls and Dazuko can only intercept these. So, my questions are: - Which virus scanner capable of performing on acces scanning would you recommend for a central file server running Debian Lenny offering FTP, OpenAFS, NFSv4 and SSH/SCP access? - Is Dazuko a recommended solution? If so, which version? (I ask this because there are several available by now) - If not, what would be possible and practical alternatives for Dazuko and/or NOD32? Thanks in advance for any hints kind regards, http://www.clamav.net/download/third-party-tools/3rdparty-fs/ Holger -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksLyFIACgkQbiVtWpZdKQJfEACfULTCbdEVKVzOZhRGZarl+bEH 7pAAn2ORw3x4J0fjFgDpT8aPLXqokBDG =eToI -END PGP SIGNATURE- -- Regards, Umarzuki Mochlis http://gameornot.net
Re: On Access Virus Scanner Recommendation
On Tue, Nov 24, 2009 at 12:49:38PM +0100, Holger Rauch wrote: Hi to everybody, I'm thinking about using NOD32 on a Debian Lenny system for on access virus scanning (i.e. scan a file when it's created and/or its contents are modified in some way). I'm aware that there's the Dazuko module, but allegedly it doesn't seem to support NFSv3 or NFSv4 file systems since NFS uses socket communication to write files not ordinary file system calls and Dazuko can only intercept these. Why is that a problem? Do you have Windows clients accessing the system through NFS? -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best ICQ# 16849754 || friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org