Do I need an anti virus solution for solaris?

[Jeremy Isherwood]

I hear about windows servers needing anti-virus software, but do I need it
for a solaris 8 server running on a sun sparc?

Thanks for your help.

Jeremy

[Anthony Mandic]

Jeremy Isherwood wrote:
>
> I hear about windows servers needing anti-virus software, but do I need it
> for a solaris 8 server running on a sun sparc?

MS only have one product for Solaris. As long as you don't run
it as root, you should be fine. Of course, some would argure that
simply installing it introduces a virus.

-am © 2002

[Rich Teer]

On Sat, 19 Oct 2002, Jeremy Isherwood wrote:

> I hear about windows servers needing anti-virus software, but do I need it
> for a solaris 8 server running on a sun sparc?

Nope (despite what the A-V software vendors will tell you).
That's just one reason why Sun/Solaris generally has a lower
TCO than Windoze.

--
Rich Teer

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net

[Gerald Kelly]

Rich Teer <ri...@rite-group.com> wrote:
>On Sat, 19 Oct 2002, Jeremy Isherwood wrote:
>
>> I hear about windows servers needing anti-virus software, but do I need it
>> for a solaris 8 server running on a sun sparc?
>
>Nope (despite what the A-V software vendors will tell you).
>That's just one reason why Sun/Solaris generally has a lower
>TCO than Windoze.

If Windows clients are using the Sun server as a mail or file server,
it might be a good idea, though. The Sun server itself may not be as
susceptible to an infection but that doesn't mean it can't help spread
the virus to machines that are more vulnerable. Better to catch the
virus on the server.

[Oscar del Rio]

> >> I hear about windows servers needing anti-virus software, but do I need
it
> >> for a solaris 8 server running on a sun sparc?
> >
> >Nope (despite what the A-V software vendors will tell you).
> >That's just one reason why Sun/Solaris generally has a lower
> >TCO than Windoze.
>
> If Windows clients are using the Sun server as a mail or file server,
> it might be a good idea, though. The Sun server itself may not be as
> susceptible to an infection but that doesn't mean it can't help spread
> the virus to machines that are more vulnerable. Better to catch the
> virus on the server.

For a mail server, you don't have to spend $$$ for antivirus software.
A procmail filter to detect executable attachments is enough.
(exe, bat, pif, scr, vbs, etc)
The filter can either junk the attachments or rename them so that
they would not run on the windoze clients.
We implemented the latter on our mail server a couple of years ago
and we have not had worm virus nightmares ever since.

For example, an attachment called filename.exe gets renamed
filename.exe.bin
That will prevent lusers from getting infected by double-clicking
the attachment without thinking, and will stop "autoexecutable" worms.
In the rare occasions where the executable is not a virus, the user
just has to save it without the .bin extension and run it separately.

The procmail filter we use looks for MIME "Content-type" headers
with extensions exe, bat, pif, scr, vbs, etc and calls a sed script
with filters such as

s/\(name=.*\.[eE][xX][eE]\)/\1.bin/

You can also try MIMEdefang:
http://www.roaringpenguin.com/mimedefang/

[Lon Stowell]

In article <H4AG2...@mie.utoronto.ca>,

Oscar del Rio <del...@mie.utoronto.ca> wrote:
>
>For a mail server, you don't have to spend $$$ for antivirus software.
>A procmail filter to detect executable attachments is enough.
>(exe, bat, pif, scr, vbs, etc)
>The filter can either junk the attachments or rename them so that
>they would not run on the windoze clients.

One big problem I see with this is that you can attack windows
clients with media files reasonably effectively.
And doc files are just too easy to even be a challenge.