I still want anti virus with Qubes OS. but which one is compatible?
ccch...@gmail.com
i got enough CPU and RAM and SSD,
I want an extra layer of protection in addition to qubes 's protection.
what can I do?
I used to use ubuntu with sophos free anti virus for linux.
What can I install on a qubes OS?
thanks
Chris Laprise
Qubes VMs have little if any _internal_ protection from malware. So it
makes sense to restore normal defenses first...
https://github.com/tasket/Qubes-VM-hardening/
Qubes-VM-hardening goes a bit beyond re-enabling sudo authentication in
that it will also do a minimum level of protection and sanitizing by
default. This protects VMs in ways that could also benefit regular Linux
systems.
Going beyond that, antivirus is an option. One way to run it is from a
dispVM to which you attach various private volumes (one at a time) for
scanning. Another way is to use Qubes-VM-hardening as a way to launch
the AV scanner at normal appVM startup, at the instant before the
private volume is brought online.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
ccch...@gmail.com
have anyone really tried ANY anti virus with qubes OS?
indeed even for ubuntu,
the one that free, keep update, official, is sophos anti virus for linux.
others like comodo etc dunt update.
please, thanks
airele...@tutanota.com
Going beyond that, antivirus is an option. One way to run it is from a dispVM to which you attach various private volumes (one at a time) for scanning.
An implementation of a similar idea across several VMs is:
VM1: any TemplateVM with clamav installed.
VM2: AppVM based on above, which is network-connected so it can download new virus definitions. /var/lib/clamav contains the virus definitions so make it a bind-dir.
VM3: DisposableVM based on the above, which is offline, that does the actual scanning. To scan a VM, use qvm-block to attach a VM's private volume to the disposable VM.[1]
I think the nice properties of this setup are:
* distro-packaged, open source antivirusairele...@tutanota.com
An implementation of a similar idea across several VMs is:
VM1: any TemplateVM with clamav installed.
VM2: AppVM based on above, which is network-connected so it can download new virus definitions. /var/lib/clamav contains the virus definitions so make it a bind-dir.
VM3: DisposableVM based on the above, which is offline, that does the actual scanning. To scan a VM, use qvm-block to attach a VM's private volume to the disposable VM.[1]
The actual updating and scanning can be streamlined using shell scripts run from dom0.I think the nice properties of this setup are:
* distro-packaged, open source antivirus* antivirus lives outside the VM you are scanning* since the antivirus processes a lot of untrusted input, scans are done from a disposable VM3, so if it is compromised in the course of a scan, only that session is compromised* since the antivirus may process a lot of sensitive information, VM3 is also offline, making it harder for compromised antivirus to exfiltrate anything.[1]To make a DisposableVM have different NetVM than its template, you can use for VM3 the static DisposableVM created by `qvm-create --class DisposableVM --template VM2 ...`, it can have the specific NetVM setting of None, different from their template.
Other nice properties:
* by mounting a snapshot of the private volume, you have the option to scan while the target VM is running
* by mounting a snapshot, you can ensure no modification of the target volume, which some people might like from a forensics point of view.
one7...@gmail.com
On Thursday, 4 October 2018 20:30:37 UTC+2, airele...@tutanota.com wrote:
> An implementation of a similar idea across several VMs is:
> [...]
> VM3: DisposableVM based on the above, which is offline, that does the actual
> scanning. To scan a VM, use qvm-block to attach a VM's private volume to
> the disposable VM.[1]
Can you give me a hint how I can mount a private disk of an existing AppVM (APPVM1) to another AppVM (APPVM2)
If I look into /var/lib/qubes/appvms/APPVM1 I see the following files:
pricate-cow.img
private-cow.img.old
private.img
root-cow.img
volatile.img
I have looked at the Qubes documentation...
https://www.qubes-os.org/doc/template-implementation/
... but haven't fully understand what each files is doing.
root.img
-> real template filesystem (from template = read only)
root-cow.img
-> differences between the device as seen by AppVM and the current root.img
(as far as I understand those "differences" only exist when the AppVM is running, as no changes are stored after the AppVm has been shutdown
private.img
-> persistent storage (mounted in /rw) used for /home, /usr/local
volatile.img:
-> temporary storage, which is discarded after an AppVM restart
What are those files for:
1) private-cow.img
2) private-cow.img.old
If I want to scan my AppVMs it should be enough to scan the private.* images, correct? (Assuming that I scan the template separatly).
- Piit
awokd
> What are those files for:
>
> 1) private-cow.img
> 2) private-cow.img.old
last two either- can you rollback changes to an AppVM?
> If I want to scan my AppVMs it should be enough to scan the private.* images, correct? (Assuming that I scan the template separatly).