On 4/24/09 8:05 AM, NM n...@altiva.fr wrote:
On Thu, 23 Apr 2009 18:10:38 -0400, Ross Walker wrote:
How about running it as the untrusted user 'clamav'?
How's that user going to check anything that's not o+r?
How about selinux? You could make a context that allows clamav read rights
to
On Wed, 21 Jan 2009 21:06:38 -0500, Adam Tauno Williams wrote:
There is no good argument against running malware detection on any
sever.
Except when the malware it can detect is extremely unlikely to be an
issue, because you are now running yet another process for no good reason
that might
On Thu, 22 Jan 2009 15:00:43 -0600, Les Mikesell wrote:
An occasional clamav scan can't hurt.
You are absolutely, completely wrong.
Clamav has had vulnerabilities that could be used to cause it to execute
arbitrary code in the scanned files. I don't doubt for one second that
proprietary AVs
On Fri, 23 Jan 2009 11:30:12 -0800, Scott Silva wrote:
Cron a clamscan -ir /
It will check the entire filesystem and report infected files. You
probably don't want to automatically delete what you find, though.
You can also scan for things like ssn's in datafiles laying around.
On Thu, 22 Jan 2009 14:01:26 -0500, Adam Tauno Williams wrote:
You scan the server for malware.
You run a useless process widening your attack surface.
Hint: Security is a trade-off -- Schneier.
Don't trade actual security for cargo cult systems administration.
There is nothing special
On Thu, 22 Jan 2009 15:55:11 -0500, Adam Tauno Williams wrote:
Yes, you gain the ability to detect a compromised server.
Absolutely not, you don't gain that ability at all. Again we're talking
*viruses* not all malware. An antivirus will never detect a good rootkit;
modern rootkit employ
On Thu, 22 Jan 2009 09:32:16 -0600, Matt wrote:
FYI, clamav also detects linux based viruses. There are linux based
viruses. Rkhunter is also good to run on a linux server as well.
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
Of course if you keep your passwords secure
On Apr 23, 2009, at 3:00 PM, NM n...@altiva.fr wrote:
On Fri, 23 Jan 2009 11:30:12 -0800, Scott Silva wrote:
Cron a clamscan -ir /
It will check the entire filesystem and report infected files. You
probably don't want to automatically delete what you find, though.
You can also scan for
Stephen John Smoogen smo...@gmail.com wrote:
On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller d...@davenjudy.org wrote:
Amos Shapira amos.shap...@gmail.com wrote:
Hi All,
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI
On Fri, Jan 23, 2009 at 1:10 PM, David G. Miller d...@davenjudy.org wrote:
Stephen John Smoogen smo...@gmail.com wrote:
On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller d...@davenjudy.org wrote:
Amos Shapira amos.shap...@gmail.com wrote:
Hi All,
Yes, I know, it's really really
on 1-22-2009 4:33 AM Ralph Angenendt spake the following:
Anne Wilson wrote:
On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
What do you do with clamav on a linux server? Especially: How is it run
by you? What do you think it protects you against on a linux server?
1 - it protects
Am 22.01.2009 02:19, schrieb Amos Shapira:
2. Alternatively - what linux anti-virus (oh, the shame of typing this
word combination :() do you use which doesn't affect our systems
performance too much.
http://www.f-prot.com/products/corporate_users/unix/
has some Linux AV products.
Rainer
Adam Tauno Williams wrote:
1. Has anyone here gone though such a procedure and got good arguments
against the need for anti-virus?
There is no good argument against running malware detection on any
sever.
2. Alternatively - what linux anti-virus (oh, the shame of typing this
word
On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
What do you do with clamav on a linux server? Especially: How is it run
by you? What do you think it protects you against on a linux server?
1 - it protects you against passing on any windows viruses to windows users
2 - it satisfied
Anne Wilson wrote:
On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
What do you do with clamav on a linux server? Especially: How is it run
by you? What do you think it protects you against on a linux server?
1 - it protects you against passing on any windows viruses to windows
On Thu, 2009-01-22 at 12:16 +, Anne Wilson wrote:
On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
What do you do with clamav on a linux server? Especially: How is it run
by you? What do you think it protects you against on a linux server?
1 - it protects you against passing
On Thursday 22 January 2009 12:46:46 Craig White wrote:
On Thu, 2009-01-22 at 12:16 +, Anne Wilson wrote:
On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
What do you do with clamav on a linux server? Especially: How is it run
by you? What do you think it protects you
Anne Wilson wrote:
I'm sure there are plenty of people that can give Ralph detailed information
about using it efficiently.
Sorry, I do not want to know how to use clamav efficiently, I am just
wondering what good clamav will do on a server, as there aren't really
any hooks into file writing
On Thu, Jan 22, 2009 at 8:15 AM, Ralph Angenendt
ra+cen...@br-online.dera%2bcen...@br-online.de
wrote:
Anne Wilson wrote:
I'm sure there are plenty of people that can give Ralph detailed
information
about using it efficiently.
Sorry, I do not want to know how to use clamav efficiently, I
On Thu, 2009-01-22 at 14:15 +0100, Ralph Angenendt wrote:
Anne Wilson wrote:
I'm sure there are plenty of people that can give Ralph detailed
information
about using it efficiently.
Sorry, I do not want to know how to use clamav efficiently, I am just
wondering what good clamav will
I use AVG, they have a nice and clean Real Time Scanning piece of
software for Linux
see http://www.grisoft.com for general info
http://www.avg.com/download-7?prd=avl
to download for the different flavors of Linux
I use it on my Linux boxes as well as all of my Windows Clients and
Matt Shields wrote:
On Thu, Jan 22, 2009 at 8:15 AM, Ralph Angenendt
ra+cen...@br-online.dera%2bcen...@br-online.de
As far as I know there is no AntiVirus solution for Linux which works
the same as all the solutions under Windows do. And if you do not have
real time scanning on a
John Plemons wrote:
I use AVG, they have a nice and clean Real Time Scanning piece of
software for Linux
Oh. So maybe dazuko now isn't a resource hog anymore?
Thanks, that is the first time I've heard about a component like that.
Cheers,
Ralph
pgpZ9MNNThjn6.pgp
Description: PGP signature
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
we don't need to install an anti-virus or find an anti-virus to run on
our CentOS 5 servers.
None... clamav, amavis, etc... are used for protecting Windows boxes
behind the Linux boxes. If you aren't running any Windows hosts on the
FYI, clamav also detects linux based viruses. There are linux based
viruses. Rkhunter is also good to run on a linux server as well.
Amos Shapira wrote:
2. Alternatively - what linux anti-virus (oh, the shame of typing this
word combination :() do you use which doesn't affect our systems
performance too much.
I highly recommend Sophos antivirus:
Rainer Traut wrote:
Am 22.01.2009 02:19, schrieb Amos Shapira:
2. Alternatively - what linux anti-virus (oh, the shame of typing this
word combination :() do you use which doesn't affect our systems
performance too much.
http://www.f-prot.com/products/corporate_users/unix/
has some Linux
But again you said it, Symantic is trash
With my history of machine crashes caused by their I can do it better
altitude, Run don't walk from Symantic
John Plemons
___
CentOS mailing list
CentOS@centos.org
Adam Tauno Williams wrote:
1. Has anyone here gone though such a procedure and got good arguments
against the need for anti-virus?
There is no good argument against running malware detection on any
sever.
2. Alternatively - what linux anti-virus (oh, the shame of typing this
word
On Thu, Jan 22, 2009 at 12:01 PM, Adam Tauno Williams
awill...@whitemice.org wrote:
Adam Tauno Williams wrote:
1. Has anyone here gone though such a procedure and got good arguments
against the need for anti-virus?
There is no good argument against running malware detection on any
Amos Shapira amos.shap...@gmail.com wrote:
Hi All,
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
we don't need to install an anti-virus or
On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller d...@davenjudy.org wrote:
Amos Shapira amos.shap...@gmail.com wrote:
Hi All,
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
Adam Tauno Williams wrote:
What do you do with clamav on a linux server?
You scan the server for malware.
When? Every day via crontab? That can be much too late. Every hour? That can
be much too late. Every 10 minutes? That can be much too late - and your
server is busy scanning the file
On Thu, 2009-01-22 at 21:24 +0100, Ralph Angenendt wrote:
Adam Tauno Williams wrote:
What do you do with clamav on a linux server?
You scan the server for malware.
When? Every day via crontab? That can be much too late. Every hour? That can
be much too late. Every 10 minutes? That can
Adam Tauno Williams wrote:
What do you do with clamav on a linux server?
You scan the server for malware.
There is nothing special about LINUX here. The whole don't run
services as root business is just so much noise. It isn't about
protecting the *server* it is about protecting the
There is nothing special about LINUX here. The whole don't run
services as root business is just so much noise. It isn't about
protecting the *server* it is about protecting the *data* which is
accesses [hopefully] by services which are *not* root. It is about the
data and the clients
Adam Tauno Williams awill...@whitemice.org wrote:
CLAMAV, or any package, isn't THE answer, it is part of an answer. And
PCI/DSS requires a server be scanned on a regular basis. Fighting
against that directive just makes no sense. You should scan an entire
system on some interval regardless
Adam Tauno Williams wrote:
Yes, but the scan has to be specific for the kind of problem you want to
detect.
The presence of a malware pattern - it is pretty straight forward.
Only for known instances of malware.
This doesn't make sense. No amount of updating will protect you from a
...@centos.org [mailto:centos-boun...@centos.org] On Behalf
Of
Morten Torstensen
Sent: Thursday, January 22, 2009 7:18 PM
To: CentOS mailing list
Subject: Re: [CentOS] Antivirus for CentOS? (yuck!)
And just for completeness, Symantec has AV for Linux too... it is better
there than on the Windows platform
Hi All,
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
we don't need to install an anti-virus or find an anti-virus to run on
our CentOS 5 servers.
On Thu, 2009-01-22 at 12:19 +1100, Amos Shapira wrote:
Hi All,
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
we don't need to install an
2009/1/22 Ian Forde i...@duckland.org:
On Thu, 2009-01-22 at 12:19 +1100, Amos Shapira wrote:
Hi All,
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either
Whatever I do - it needs to be convincing enough to make the PCI
compliance guy tick the box.
Eset has a current linux client, though their product *AND* support
suck the biggest one.
https://www.icsalabs.com/icsa/product.php?tid=dfgdf$gdhkkjk-
for more
HTH,
jlc
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
we don't need to install an anti-virus or find an anti-virus to run on
our CentOS 5 servers.
Ian Forde i...@duckland.org wrote:
Yep - on the wikipedia page you referenced, look in the Requirements
section, section 5. It says: Use and regularly update anti-virus
software on all systems commonly affected by malware
I doubt Amos's QSA is using Wikipedia as his reference, unfortunately.
Amos Shapira wrote:
2009/1/22 Ian Forde i...@duckland.org:
same network as the Linux hosts, that should take care of the sweet spot
of the AV argument. (Though if you're connected to a site via VPN or
private link that has Windows boxes, that may be a different story.)
Rightso. You
ClamAV is probably your best bet.
That said, the question is, what do you scan? It can be used several
ways, typically scanning files on demand... its not an intrusion
detection system like most MS Windows scanners, where it automatically
scans every file being read or written (while
2. Alternatively - what linux anti-virus (oh, the shame of typing this
word combination :() do you use which doesn't affect our systems
performance too much.
Sophos AV if you have to get something on.
___
CentOS mailing list
CentOS@centos.org
On Thu, Jan 22, 2009 at 12:19:27PM +1100, Amos Shapira wrote:
Hi All,
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
we don't need to install
On Wed, 2009-01-21 at 21:06 -0500, Adam Tauno Williams wrote:
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
we don't need to install an
Ian Forde i...@duckland.org wrote:
That depends upon how you define malware detection. Antivirus software
for Linux typically scans for Windows viruses and malware. On the other
hand, if you're talking about detection in the sense of Tripwire, or a
cron job that runs a 'rpm -V' every night, I
51 matches
Mail list logo
