I'm thinking about using NOD32 on a Debian system for on access virus
scanning (i.e. scan a file when it's created or its contents are
modified in some way).
I'm aware that there's the Dazuko module, but allegedly it doesn't
seem to support NFSv3 or NFSv4 file systems since NFS uses socket
communication to write files not "ordinary" file system calls and
Dazuko can only handle these.
So, my questions are:
- Which virus scanner would you recommend for a central file server
running Debian Lenny offering FTP, OpenAFS, NFSv4 and SSH/SCP access?
- Is Dazuko a recommended solution? If so, which version? (I ask this
because there are several available by now)
- If not, what would be possible and practical alternatives for Dazuko
and/or NOD32?
Thanks in advance for any hints & kind regards,
Holger
> I'm thinking about using NOD32 on a Debian system for on access virus
> scanning (i.e. scan a file when it's created or its contents are
> modified in some way).
Why, when it's so much easier to not allow connections from insecure
operating systems prone to virus infection to start with?
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
On Fri, 27 Nov 2009, Paul Johnson wrote:
> Holger Rauch wrote:
>
> > I'm thinking about using NOD32 on a Debian system for on access virus
> > scanning (i.e. scan a file when it's created or its contents are
> > modified in some way).
>
> Why, when it's so much easier to not allow connections from insecure
> operating systems prone to virus infection to start with?
Because disallowing these connections (unfortunately) is not an option
since Windows clients are used in my company and they too need to be
able to both access and modify files on our file server.
What's even more interesting though is: Which is the right Dazuko
version to choose? There are several of them around.
Kind regards,
Holger
Or look at it the other way round....
Linux is not vulnerable to windows virus. Note the careful wording ;-)
So don't waste valuable server cpu cycles on-access scanning on a Linux
server. Instead protect your Linux with things like rkhunter.
Also all your windows PCs already have to run on-access scanners anyway
- right.
So a virus should never get near the server anyway at least in theory...
In practice virus do often get through simply because the virus profiles
available for both server and clients PCs are always one step behind the
crooks. Best you can do is have have regular full virus scans on the
Windows PCs hard disks to fix once the anti-virus companies catch up.
You could be very sociable and scan the files at quiet times on the
server and quarantine...clamav does a nice job at no cost. You can also
use it as a quality check on your commercial scanner.
Good luck,
Berni
On Mon, 30 Nov 2009, Berni Elbourn wrote:
>
> Or look at it the other way round....
>
> Linux is not vulnerable to windows virus. Note the careful wording
> ;-) So don't waste valuable server cpu cycles on-access scanning on
> a Linux server.
The problem is that I can't rely on all client PCs having up-to-date
virus scanner software, so this measure would be some kind of safety
net.
>Instead protect your Linux with things like
> rkhunter.
Thanks for that hint. I will take it into account.
>
> Also all your windows PCs already have to run on-access scanners
> anyway - right.
Yes, but one can never rely that all local virus scanner databases are
up-to-date. Some people might disable automatic updates...
(You can always have some kind of policy, but that's just a piece of
paper).
> So a virus should never get near the server anyway at least in theory...
Right, but theory is more often than not contradicted by practice... ;-)
> In practice virus do often get through simply because the virus
> profiles available for both server and clients PCs are always one
> step behind the crooks.
Yes, exactly, that's what I'm worried about and that's the reason why
I want to add some kind of "safety net" to the central file server
since I don't want it to turn into some kind of central "virus
distributor".
> Best you can do is have have regular full
> virus scans on the Windows PCs hard disks to fix once the anti-virus
> companies catch up.
Yes, I'm aware of that.
>
> You could be very sociable and scan the files at quiet times on the
> server and quarantine...clamav does a nice job at no cost. You can
> also use it as a quality check on your commercial scanner.
Yes, I know about clamav. Nevertheless, I'm still interested in
getting NOD32 to run on that server and that requires Dazuko. Since
there are quite a few Dazuko versions floating around on the net,
which one is recommended for Debian Lenny amd64?
Thanks & kind regards,
Holger