On Thu, Jun 25, 2009 at 9:05 AM, Alex Hewitt<[email protected]> wrote: >> > > Kenny, if you have a mandate to install anti-virus/anti-malware does that > mean that whoever mandated this wants to scan all files on the servers for > PC infections? Although these things typically have no effect on Linux > systems they might be a problem for Windows boxes that are reading/writing > files on the servers. If that is the case, ClamAV would be a good > solution...
Alex, The mandate actually isn't that intelligent. It was a broad statement of "You have to have anti-virus and anti-malware software on all of your servers", and when we wrote a compensating control that stated "This is not needed on Linux servers", someone Googled Linux +virus and found "rootkit". Thus, the mandate for "Anti-rootkit software" (and yes, that is what the audit sheet calls it...... ) None of the Windows servers or workstations in the company have any access to the servers that are in question. The servers are extremely isolated in their own firewalled island, with no sharing allowed :-) Windows systems can read/write to anything on that network. I could probably install ClamAV on every box and call it a day, and they would be perfectly happy. However, I would like to go beyond the letter of the mandate and do something that is at least useful. If I can compile a list of known rootkits and their properties, I can write Tripwire recipes and add that to our tool chain. Thanks, Kenny _______________________________________________ gnhlug-discuss mailing list [email protected] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
