On 02/17/2013 04:15 PM, Mark McCullough wrote:
On 2013 Feb 17, at 15:44 , [email protected] wrote:
Hi.
Would appreciate some views and comments here...
We're being pressured by our "Risk and Compliance" group to install antivirus on our Unix
(Solaris and AIX) and Linux (Red Hat / Centos) servers. Historically we've not installed AV
software on these platforms because there haven't been viruses to worry about. I'm not sure that
has changed, but we need a better argument than "There are no Unix/Linux viruses"
apparently.
So, I'd be interested in hearing if:
a) you run AV software on your Unix/Linux servers
No
b) if not, have you had to argue it away?
Briefly only.
c) if so, is this due to any external compliance issue
Both internal and external.
The simple response was "There is no antivirus software that exists to scan against
viruses that attack Unix based systems." Each one of the Linux based AV tools scans
against Windows malware signatures only. A few choice quotes from the vendors pointing
out that they protected against Windows malware, and we put the burden back on the
compliance team and pointed out that if we did this, we were still not compliant with
what they were claiming we needed compliance with (malware protection for Unix based
malware).
Except that's not true. ClamAV has a number of signatures for Linux
related viruses in its database which it protects against, and has for a
number of years.
If you want to see a full list, install clamav somewhere and run the
following command:
sigtool --list-sigs | grep -i linux | sort
The summary:
~$ sigtool --list-sigs | grep -ci linux
170
Those creating the clamav antivirus databases are as interested in
viruses and malware that might infect the Linux platform as they are any
other platform.
If you want to at least make some half effort at protecting against
malware on Linux or even just ticking off that check box it's really not
much of a hassle to just install it and forget about it :). You can
certainly make some fair arguments about attack vectors. Generally I
install it on mail servers and places where we allow uploads or fetch
content from remote sources as that covers the most probable attack vectors.
Paul
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
