On 4/24/09 8:05 AM, "NM" wrote:
> On Thu, 23 Apr 2009 18:10:38 -0400, Ross Walker wrote:
>
>> How about running it as the untrusted user 'clamav'?
>
> How's that user going to check anything that's not o+r?
How about selinux? You could make a context that allows clamav read rights
to everythin
On Thu, 23 Apr 2009 18:10:38 -0400, Ross Walker wrote:
> How about running it as the untrusted user 'clamav'?
How's that user going to check anything that's not o+r?
> I know there is a lot of boilerplate regulation out there, I have my
> fair share to deal with myself. Often hidden in the BS th
On Apr 23, 2009, at 3:00 PM, NM wrote:
> On Fri, 23 Jan 2009 11:30:12 -0800, Scott Silva wrote:
>
>> Cron a "clamscan -ir /"
>> It will check the entire filesystem and report infected files. You
>> probably don't want to automatically delete what you find, though.
>>
>> You can also scan for thin
On Thu, 22 Jan 2009 09:32:16 -0600, Matt wrote:
> FYI, clamav also detects linux based viruses. There are linux based
> viruses. Rkhunter is also good to run on a linux server as well.
>
> http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
>
> Of course if you keep your passwords secu
On Thu, 22 Jan 2009 15:55:11 -0500, Adam Tauno Williams wrote:
> Yes, you gain the ability to detect a compromised server.
Absolutely not, you don't gain that ability at all. Again we're talking
*viruses* not all malware. An antivirus will never detect a good rootkit;
modern rootkit employ soph
On Thu, 22 Jan 2009 14:01:26 -0500, Adam Tauno Williams wrote:
> You scan the server for malware.
You run a useless process widening your attack surface.
Hint: "Security is a trade-off" -- Schneier.
Don't trade actual security for cargo cult systems administration.
> There is nothing special
On Fri, 23 Jan 2009 11:30:12 -0800, Scott Silva wrote:
> Cron a "clamscan -ir /"
> It will check the entire filesystem and report infected files. You
> probably don't want to automatically delete what you find, though.
>
> You can also scan for things like ssn's in datafiles laying around.
Congr
On Thu, 22 Jan 2009 15:00:43 -0600, Les Mikesell wrote:
> An occasional clamav scan can't hurt.
You are absolutely, completely wrong.
Clamav has had vulnerabilities that could be used to cause it to execute
arbitrary code in the scanned files. I don't doubt for one second that
proprietary AVs
On Wed, 21 Jan 2009 21:06:38 -0500, Adam Tauno Williams wrote:
> There is no good argument against running malware detection on any
> sever.
Except when the malware it can detect is extremely unlikely to be an
issue, because you are now running yet another process for no good reason
that might
on 1-22-2009 4:33 AM Ralph Angenendt spake the following:
> Anne Wilson wrote:
>> On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
>>> What do you do with clamav on a linux server? Especially: How is it run
>>> by you? What do you think it protects you against on a linux server?
>> 1 - i
On Fri, Jan 23, 2009 at 1:10 PM, David G. Miller wrote:
> Stephen John Smoogen wrote:
>
>> On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller wrote:
>>
>>> > Amos Shapira wrote:
>>> >
>>>
>> Hi All,
>>
>> Yes, I know, it's really really embarrassing to have to ask but I'm
>>
Stephen John Smoogen wrote:
> On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller wrote:
>
>> > Amos Shapira wrote:
>> >
>>
>>> >> Hi All,
>>> >>
>>> >> Yes, I know, it's really really embarrassing to have to ask but I'm
>>> >> being pushed to the wall with PCI DSS Compliance procedure
>>
s-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf
Of
>Morten Torstensen
>Sent: Thursday, January 22, 2009 7:18 PM
>To: CentOS mailing list
>Subject: Re: [CentOS] Antivirus for CentOS? (yuck!)
>
>And just for completeness, Symantec has AV for Linux too... it is better
&g
Adam Tauno Williams wrote:
>
>> Yes, but the scan has to be specific for the kind of problem you want to
>> detect.
>
> The presence of a malware pattern - it is pretty straight forward.
Only for known instances of malware.
>
> This doesn't make sense. No amount of updating will protect you fr
Adam Tauno Williams wrote:
>>
CLAMAV, or any package, isn't THE answer, it is part of an answer. And
PCI/DSS requires a server be scanned on a regular basis. Fighting
against that directive just makes no sense. You should scan an entire
system on some interval regardless of OS.
<<
It's worth
> > There is nothing special about LINUX here. The whole "don't run
> > services as root" business is just so much noise. It isn't about
> > protecting the *server* it is about protecting the *data* which is
> > accesses [hopefully] by services which are *not* root. It is about the
> > data and
Adam Tauno Williams wrote:
>
>> What do you do with clamav on a linux server?
>
> You scan the server for malware.
>
> There is nothing special about LINUX here. The whole "don't run
> services as root" business is just so much noise. It isn't about
> protecting the *server* it is about prot
On Thu, 2009-01-22 at 21:24 +0100, Ralph Angenendt wrote:
> Adam Tauno Williams wrote:
> > > What do you do with clamav on a linux server?
> > You scan the server for malware.
> When? Every day via crontab? That can be much too late. Every hour? That can
> be much too late. Every 10 minutes? Tha
Adam Tauno Williams wrote:
> > What do you do with clamav on a linux server?
>
> You scan the server for malware.
When? Every day via crontab? That can be much too late. Every hour? That can
be much too late. Every 10 minutes? That can be much too late - and your
server is busy scanning the f
On Thu, Jan 22, 2009 at 12:42 PM, David G. Miller wrote:
> Amos Shapira wrote:
>
>> Hi All,
>>
>> Yes, I know, it's really really embarrassing to have to ask but I'm
>> being pushed to the wall with PCI DSS Compliance procedure
>> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify
Amos Shapira wrote:
> Hi All,
>
> Yes, I know, it's really really embarrassing to have to ask but I'm
> being pushed to the wall with PCI DSS Compliance procedure
> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> we don't need to install an anti-virus or find an anti-virus
On Thu, Jan 22, 2009 at 12:01 PM, Adam Tauno Williams
wrote:
>> Adam Tauno Williams wrote:
>> > > 1. Has anyone here gone though such a procedure and got good arguments
>> > > against the need for anti-virus?
>> > There is no good argument against running malware detection on any
>> > sever.
>> >
> Adam Tauno Williams wrote:
> > > 1. Has anyone here gone though such a procedure and got good arguments
> > > against the need for anti-virus?
> > There is no good argument against running malware detection on any
> > sever.
> > > 2. Alternatively - what linux anti-virus (oh, the shame of typing
But again you said it, Symantic is trash
With my history of machine crashes caused by their I can do it better
altitude, Run don't walk from Symantic
John Plemons
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/list
Rainer Traut wrote:
> Am 22.01.2009 02:19, schrieb Amos Shapira:
>
>> 2. Alternatively - what linux anti-virus (oh, the shame of typing this
>> word combination :() do you use which doesn't affect our systems
>> performance too much.
>
> http://www.f-prot.com/products/corporate_users/unix/
> has
Amos Shapira wrote:
> 2. Alternatively - what linux anti-virus (oh, the shame of typing this
> word combination :() do you use which doesn't affect our systems
> performance too much.
I highly recommend Sophos antivirus:
http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0
> None... clamav, amavis, etc... are used for protecting Windows boxes
> behind the Linux boxes. If you aren't running any Windows hosts on the
FYI, clamav also detects linux based viruses. There are linux based
viruses. Rkhunter is also good to run on a linux server as well.
http://en.wikiped
> Yes, I know, it's really really embarrassing to have to ask but I'm
> being pushed to the wall with PCI DSS Compliance procedure
> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> we don't need to install an anti-virus or find an anti-virus to run on
> our CentOS 5 servers.
John Plemons wrote:
> I use AVG, they have a nice and clean Real Time Scanning piece of
> software for Linux
Oh. So maybe dazuko now isn't a resource hog anymore?
Thanks, that is the first time I've heard about a component like that.
Cheers,
Ralph
pgpZ9MNNThjn6.pgp
Description: PGP signature
Matt Shields wrote:
> On Thu, Jan 22, 2009 at 8:15 AM, Ralph Angenendt
>
> > As far as I know there is no AntiVirus solution for Linux which works
> > the same as all the solutions under Windows do. And if you do not have
> > real time scanning on a server/workstation, an anti virus scanner
> > do
I use AVG, they have a nice and clean Real Time Scanning piece of
software for Linux
see http://www.grisoft.com for general info
http://www.avg.com/download-7?prd=avl
to download for the different flavors of Linux
I use it on my Linux boxes as well as all of my Windows Clients and
Servers
On Thu, 2009-01-22 at 14:15 +0100, Ralph Angenendt wrote:
> Anne Wilson wrote:
> > I'm sure there are plenty of people that can give Ralph detailed
> > information
> > about using it efficiently.
>
> Sorry, I do not want to know how to "use clamav efficiently", I am just
> wondering what good c
On Thu, Jan 22, 2009 at 8:15 AM, Ralph Angenendt
> wrote:
> Anne Wilson wrote:
> > I'm sure there are plenty of people that can give Ralph detailed
> information
> > about using it efficiently.
>
> Sorry, I do not want to know how to "use clamav efficiently", I am just
> wondering what good clama
Anne Wilson wrote:
> I'm sure there are plenty of people that can give Ralph detailed information
> about using it efficiently.
Sorry, I do not want to know how to "use clamav efficiently", I am just
wondering what good clamav will do on a server, as there aren't really
any hooks into file writi
On Thursday 22 January 2009 12:46:46 Craig White wrote:
> On Thu, 2009-01-22 at 12:16 +, Anne Wilson wrote:
> > On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
> > > What do you do with clamav on a linux server? Especially: How is it run
> > > by you? What do you think it protects y
On Thu, 2009-01-22 at 12:16 +, Anne Wilson wrote:
> On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
> > What do you do with clamav on a linux server? Especially: How is it run
> > by you? What do you think it protects you against on a linux server?
>
> 1 - it protects you against p
Anne Wilson wrote:
> On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
> > What do you do with clamav on a linux server? Especially: How is it run
> > by you? What do you think it protects you against on a linux server?
>
> 1 - it protects you against passing on any windows viruses to wi
On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
> What do you do with clamav on a linux server? Especially: How is it run
> by you? What do you think it protects you against on a linux server?
1 - it protects you against passing on any windows viruses to windows users
2 - it satisfied
Adam Tauno Williams wrote:
> > 1. Has anyone here gone though such a procedure and got good arguments
> > against the need for anti-virus?
>
> There is no good argument against running malware detection on any
> sever.
>
> > 2. Alternatively - what linux anti-virus (oh, the shame of typing this
>
Am 22.01.2009 02:19, schrieb Amos Shapira:
> 2. Alternatively - what linux anti-virus (oh, the shame of typing this
> word combination :() do you use which doesn't affect our systems
> performance too much.
http://www.f-prot.com/products/corporate_users/unix/
has some Linux AV products.
Rainer
Ian Forde wrote:
>>
That depends upon how you define malware detection. Antivirus software
for Linux typically scans for Windows viruses and malware. On the other
hand, if you're talking about detection in the sense of Tripwire, or a
cron job that runs a 'rpm -V' every night, I completely agre
On Wed, 2009-01-21 at 21:06 -0500, Adam Tauno Williams wrote:
> > Yes, I know, it's really really embarrassing to have to ask but I'm
> > being pushed to the wall with PCI DSS Compliance procedure
> > (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> > we don't need to install
On Thu, Jan 22, 2009 at 12:19:27PM +1100, Amos Shapira wrote:
> Hi All,
>
> Yes, I know, it's really really embarrassing to have to ask but I'm
> being pushed to the wall with PCI DSS Compliance procedure
> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> we don't need to in
> 2. Alternatively - what linux anti-virus (oh, the shame of typing this
> word combination :() do you use which doesn't affect our systems
> performance too much.
>
Sophos AV if you have to get something on.
___
CentOS mailing list
CentOS@centos.org
h
ClamAV is probably your best bet.
That said, the question is, what do you scan? It can be used several
ways, typically scanning files on demand... its not an intrusion
detection system like most MS Windows scanners, where it automatically
scans every file being read or written (while slowing
Amos Shapira wrote:
> 2009/1/22 Ian Forde :
>
>> same network as the Linux hosts, that should take care of the sweet spot
>> of the AV argument. (Though if you're connected to a site via VPN or
>> private link that has Windows boxes, that may be a different story.)
>
> Rightso. You reminded me -
Ian Forde wrote:
>>
Yep - on the wikipedia page you referenced, look in the "Requirements"
section, section 5. It says: "Use and regularly update anti-virus
software on all systems commonly affected by malware"
<<
I doubt Amos's QSA is using Wikipedia as his reference, unfortunately. The
PCI D
> Yes, I know, it's really really embarrassing to have to ask but I'm
> being pushed to the wall with PCI DSS Compliance procedure
> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> we don't need to install an anti-virus or find an anti-virus to run on
> our CentOS 5 servers.
>Whatever I do - it needs to be convincing enough to make the PCI
>compliance guy tick the box.
Eset has a current linux client, though their product *AND* support
suck the biggest one.
https://www.icsalabs.com/icsa/product.php?tid=dfgdf$gdhkkjk-
for more
HTH,
jlc
__
2009/1/22 Ian Forde :
> On Thu, 2009-01-22 at 12:19 +1100, Amos Shapira wrote:
>> Hi All,
>>
>> Yes, I know, it's really really embarrassing to have to ask but I'm
>> being pushed to the wall with PCI DSS Compliance procedure
>> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
On Thu, 2009-01-22 at 12:19 +1100, Amos Shapira wrote:
> Hi All,
>
> Yes, I know, it's really really embarrassing to have to ask but I'm
> being pushed to the wall with PCI DSS Compliance procedure
> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> we don't need to install a
Hi All,
Yes, I know, it's really really embarrassing to have to ask but I'm
being pushed to the wall with PCI DSS Compliance procedure
(http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
we don't need to install an anti-virus or find an anti-virus to run on
our CentOS 5 servers.
Fred Erickson a écrit :
> On Sat, 2007-06-16 at 04:33 +0100, Wayne wrote:
>
>> Hey Guys,
>>
>> We have a central server which runs centos, most of the client
>> machines run on windows.
>> Does anybody know of a solution whereby we can manage antivirus for
>> all the clients from the centos serv
Hey Guys,
Thanks to everybody who responded to my first email..
Been thinking about this a bit more.
Does anybody know if its possible to have all desktops running antivirus
logging alerts and to a central linux server which
could log to mysql?
Would be really handy for reporting.
I can see tha
> > is a Centos 4 box with F-secure(for linux). Have a look at it.. it
> > does centralized management of Anti-virus.
>
> It also looks like F-Prot (f-prot.com) supports updates to client PCs
I was not very happy with the F-* stuff (it's good on the mailserver, it sucks
on the clients, there we
On Sat, 2007-06-16 at 04:33 +0100, Wayne wrote:
> Hey Guys,
>
> We have a central server which runs centos, most of the client
> machines run on windows.
> Does anybody know of a solution whereby we can manage antivirus for
> all the clients from the centos server?
> I know there are management co
On Sun, 2007-06-17 at 01:55 +0800, Michael Calizo wrote:
> I am not promoting this anti-virus. But i have same setup where in all
> our WS are running on Windows but our centralized anti-virus machine
> is a Centos 4 box with F-secure(for linux). Have a look at it.. it
> does centralized management
On Sun, 2007-06-17 at 01:55 +0800, Michael Calizo wrote:
> I am not promoting this anti-virus. But i have same setup where in all
> our WS are running on Windows but our centralized anti-virus machine
> is a Centos 4 box with F-secure(for linux). Have a look at it.. it
> does centralized management
On 6/16/07, Gregory P. Ennis <[EMAIL PROTECTED]> wrote:
On Sat, 2007-06-16 at 04:33 +0100, Wayne wrote:
> Hey Guys,
>
> We have a central server which runs centos, most of the client
> machines run on windows.
> Does anybody know of a solution whereby we can manage antivirus for
> all the client
On Sat, 2007-06-16 at 04:33 +0100, Wayne wrote:
> Hey Guys,
>
> We have a central server which runs centos, most of the client
> machines run on windows.
> Does anybody know of a solution whereby we can manage antivirus for
> all the clients from the centos server?
> I know there are management c
I am not promoting this anti-virus. But i have same setup where in all our
WS are running on Windows but our centralized anti-virus machine is a Centos
4 box with F-secure(for linux). Have a look at it.. it does centralized
management of Anti-virus.
On 6/16/07, jarmo <[EMAIL PROTECTED]> wrote:
Wayne kirjoitti viestissään (lähetysaika lauantai, 16. kesäkuuta 2007 06:33):
> Anybody have any ideas? Or are we just screwed and need to have a windows
> server for this?
>
> Thanks,
> Wayne
Look:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=2688
Jarmo
___
Hey Guys,
We have a central server which runs centos, most of the client machines run
on windows.
Does anybody know of a solution whereby we can manage antivirus for all the
clients from the centos server?
I know there are management consoles for managing antivirus on windows but
we dont want to
63 matches
Mail list logo
