Michelle, The first thing I would do for performance is to limit your scans to user home directories unless you're really paranoid. Then you can use one of the intrusion detectors to make sure none of the system files were touched. For me, validating that the system files haven't been tampered with is much more critical. I was hit hard with a root-kit on a SunOS machine back in the 80s and had no choice but to wipe everything clean and reinstall since there was no clear way to determine what was compromised. The only good thing was that my firewall prevented the root kit from getting the command/control connection to do whatever nefarious work that was intended.
I've never had a successful attack since, but I still remember the horror and pain that that caused. If they didn't have a small bug in their installation that caused a peculiar error message that I happened to catch flying by during a boot, I would not have started the investigation that finally uncovered it. I happen to use aide and run it nightly using the reference database stored on a read-only device for added security. The only downside is that after installing, updating, or removing a package you have to take the time to "bless" the changes reported by such a system. On the plus side, it saved me a few times when I accidentally overwrote things (one of those Oh-No! situations). I could easily generate a report of what was changed so I could pull back the original files from backup. Gary On 12/26/2012 11:13 AM, Michelle Knight wrote: > Hi Folks, > > Up until now, I've been using Clam on a linux client to remotely scan my > ZFS volumes overnight every few days; primarily as I don't know anything > about running anti-viru direclty on the OI box. > > However, the number of (especially small ) files has been increasing so > I'm facing installing and configuring an anti-virus scan on the OI box > itself. > > I've done some search engine reading, but it is all at a higher level > and I haven't been able to learn enough to put together a solid > strategy. > > I don't really suffer viruses; thanks to some hard lessons learned in > the past. However I'm human and something could still catch me a blind > side some day, so another gate keeper won't hurt. > > Has anyone got any advice and links to instructions please? > > Many thanks, > > Michelle. > > _______________________________________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss