On 2020-11-25 17:10, Brogan Beard wrote: > In the enterprise context, there are often extensive security compliance > rules, which include but are not limited to anti-virus software > requirements. There are, of course, exceptions to these rules but generally > policies drive the technology in use or allow it to be used. I am not aware > of any anti-virus software that supports openbsd or any bsd for that matter > (not saying it needs it ;) ). > > How does OpenBSD handle the compliance aspects of security in regards to > A/V? Is there an, "it's already under the hood," response based on modern > security standards? > > I would like to use OpenBSD in future projects, beyond just personal > interest. And with that, I am sure these types of questions will arise. > > Thanks in advance for thoughtful comments!
Something to consider: run the AV against your boxes -- elsewhere! I have a similar situation at $DAYJOB. Not OpenBSD, but an OS that similarly has little malware written for it (and an environment with lots of softer targets than the OS anyway). For LOTS of reasons, we didn't want to put AV on the "important" systems, but we needed to hit that checkbox that says, "AV scans!" Our compliance people work with me pretty well, and what we came up was to run the AV against our BACKUPS of those boxes. We rsync the data from the systems to a central backup, and we run the AV on that box against the data. Increased the backup by a few GB/box and grabbed the binaries, too, and ta-da, we got a pretty good AV scan taking place with /zero/ additional impact on the systems. Yes, perhaps not as "real time" as a system which hooks into the OS and watches every disk read and write, but I don't think you even want that on a Unix-like OS (even if it was possible on many Unix- like OSs). Nick.
