I've always thought that systems in production face a greater threat of
protocol and application exploitation rather than what constitutes the bulk
of malware that requires user interaction. Viruses and malware on end-user
systems require someone to initially run an installer (either wittingly or
u
On 2013-02-17 at 20:44 +, jrmailgate-lo...@yahoo.co.uk wrote:
> If you think I'm wrong and I should be running AV software, I'd
> appreciate that feedback as well, although I'd be really interested in
> understanding why.
I'd hesitate to run A/V automatically on all Unix systems.
All code has
+1 on the OSSEC suggestion.
It's remarkable just how many little niggles OSSEC has helped me catch
that probably would have gone unnoticed in the logs otherwise. It
certainly can take some time to tweak its notifications but it's well
worth it.
Paul
On 02/17/2013 11:12 AM, Ash Palmer wrote
On 02/17/2013 04:15 PM, Mark McCullough wrote:
On 2013 Feb 17, at 15:44 , jrmailgate-lo...@yahoo.co.uk wrote:
Hi.
Would appreciate some views and comments here...
We're being pressured by our "Risk and Compliance" group to install antivirus on our Unix
(Solaris and AIX) and Linux (Red Hat /
On 2013 Feb 17, at 15:44 , jrmailgate-lo...@yahoo.co.uk wrote:
> Hi.
>
> Would appreciate some views and comments here...
>
> We're being pressured by our "Risk and Compliance" group to install antivirus
> on our Unix (Solaris and AIX) and Linux (Red Hat / Centos) servers.
> Historically we'v
On Sun, Feb 17, 2013 at 12:56:30PM PST, Brian Mathis spake thusly:
> It's much easier to just install clamav and schedule a scan a few
> times a week than it is to argue about this. You're better off
This.
Additionally, I run AIDE to do file integrity monitoring (FIM) and SELinux in
enforcing mo
Hello,
The method I deploy is a combination of OSSEC and
rkhunter. OSSEC is a Host Intrusion Detection System which in
some regards could be considered an Anti-Virus utility.
I find that OSSEC is very useful for a variety of reasons.
"OSSEC is an Open Sourc
It's much easier to just install clamav and schedule a scan a few
times a week than it is to argue about this. You're better off
omitting the fact that clamav is not a real-time scanner. Chances are
that the compliance people are just looking to check the box, so make
it easy for them to do that.
Hi.
Would appreciate some views and comments here...
We're being pressured by our "Risk and Compliance" group to install antivirus
on our Unix (Solaris and AIX) and Linux (Red Hat / Centos) servers.
Historically we've not installed AV software on these platforms because there
haven't been viru
