> Do YOU have antivirus software on your servers?
Generally, not on web servers, no.
> Do you recommend it on web servers?
Generally, no, unless you allow file uploads and those uploaded files could
possibly be executable.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202
I think it is a necessary evil.
People are finding too many neat ways for things to creep across networks.
-Nate
-Original Message-
From: Mark W. Breneman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 12:23 PM
To: CF-Talk
Subject: SOT: Antivirus software on web server
I can
I have a main web server with a seperate mail server, and a 3rd box for smaller
clients thats a combined mail and web server.
ON THAT box and the Mail server I run Norton Antivirus COrporate. I do this
from the main network server where Norton's Console is installed. All of
the boxes have t
]
www.vividmedia.com
608.270.9770
-Original Message-
From: NATHAN C. SMITH [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 4:44 PM
To: CF-Talk
Subject: RE: Antivirus software on web server
I think it is a necessary evil.
People are finding too many neat ways for things to creep across
Mark W. Breneman wrote:
>
> As much as I am opposed to the idea, I am leaning towards installing
> Norton Antivirus Corporate on all of my web servers.
>
> The question was brought up, that how would you ever know if your server
> was infected without some software scanning.
You see it in the
]
www.vividmedia.com
608.270.9770
-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 9:41 AM
To: CF-Talk
Subject: Re: Antivirus software on web server
Mark W. Breneman wrote:
>
> As much as I am opposed to the idea, I am leaning towards inst
Mark W. Breneman wrote:
> True it probably would show in the task or process lists, but if I were
> to write a worm/Trojan, I would make it show up in the task list as
> SVCHOST.exe, the generic name of a DLL process.
1. You know how many of those you have on your server.
2. tlist will show the ap
Health
Distance Education Division
-Original Message-
From: Mark W. Breneman [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 11:45 AM
To: CF-Talk
Subject: RE: Antivirus software on web server
True it probably would show in the task or process lists, but if I were
to write a
To: CF-Talk
Subject: RE: Antivirus software on web server
Mark,
Once get your anti-virus software installed and running on you web
server, would you mind sharing with the list what kind of performance
impact it creates. Are you planning to run scheduled system scans?
Adam Wayne Lehman
Web Systems
oi Jochem!!
tlist?
--
Thursday, October 16, 2003, 11:45:11 AM, you wrote:
JvD> Mark W. Breneman wrote:
>> True it probably would show in the task or process lists, but if I were
>> to write a worm/Trojan, I would make it show up in the task list as
>> SVCHO
ssage-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 10:45 AM
To: CF-Talk
Subject: Re: Antivirus software on web server
Mark W. Breneman wrote:
> True it probably would show in the task or process lists, but if I
were
> to write a worm/Trojan, I would m
On Thursday 16 Oct 2003 16:45 pm, Jochem van Dieten wrote:
> Mark W. Breneman wrote:
> > True it probably would show in the task or process lists, but if I were
> > to write a worm/Trojan, I would make it show up in the task list as
> > SVCHOST.exe, the generic name of a DLL process.
>
> 1. You kno
Minion Critter wrote:
>
> tlist?
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1
Jochem
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
oi Jochem!!
Ha!
ta
--
Thursday, October 16, 2003, 12:08:52 PM, you wrote:
JvD> Minion Critter wrote:
>>
>> tlist?
JvD> http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q250/3/20.ASP&NoWebContent=1
JvD> J
Thomas Chiverton wrote:
> On Thursday 16 Oct 2003 16:45 pm, Jochem van Dieten wrote:
>>Mark W. Breneman wrote:
>>
>>>True it probably would show in the task or process lists, but if I were
>>>to write a worm/Trojan, I would make it show up in the task list as
>>>SVCHOST.exe, the generic name of a D
er 16, 2003 10:50 AM
To: CF-Talk
Subject: RE: Antivirus software on web server
Mark,
Once get your anti-virus software installed and running on you web
server, would you mind sharing with the list what kind of performance
impact it creates. Are you planning to run scheduled system scans?
Adam Wayne L
> The question was brought up, that how would you ever know
> if your server was infected without some software scanning.
> My argument to that was if the server is correctly secured
> that should never be an issue, but, with new exploits being
> discovered each month the chances go up that th
At 11:26 AM 10/16/03 -0500, Mark W. Breneman wrote:
>
>
>It would be nice if there was a web server version of NAV. Or something
>that is ultra light on CPU time and system resources.
I'd use Sophos (www.sophos.com)
T
Tired of your bookmarks/favourites being limited to one computer? Move
them
Developer
-Network Administrator
Vivid Media
[EMAIL PROTECTED]
www.vividmedia.com
608.270.9770
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 11:38 AM
To: CF-Talk
Subject: RE: Antivirus software on web server
> The question was brou
On Thursday 16 Oct 2003 17:17 pm, Jochem van Dieten wrote:
> No account, not even LocalSystem, should have permission to patch
> core OS files.
How would you distribute security updates then ?
--
Tom Chiverton
Advanced ColdFusion Programmer
Tel: +44(0)1749 834997
email: [EMAIL PROTECTED]
BlueF
Thomas Chiverton said:
> On Thursday 16 Oct 2003 17:17 pm, Jochem van Dieten wrote:
>> No account, not even LocalSystem, should have permission to patch
>> core OS files.
>
> How would you distribute security updates then ?
Log in, assign yourself the apropriate rights, update, revoke rights.
Joc
On Friday 17 Oct 2003 12:09 pm, Jochem van Dieten wrote:
> Thomas Chiverton said:
> > On Thursday 16 Oct 2003 17:17 pm, Jochem van Dieten wrote:
> >> No account, not even LocalSystem, should have permission to patch
> >> core OS files.
> > How would you distribute security updates then ?
> Log in,
Thomas Chiverton said:
> On Friday 17 Oct 2003 12:09 pm, Jochem van Dieten wrote:
>> Thomas Chiverton said:
>>> On Thursday 16 Oct 2003 17:17 pm, Jochem van Dieten wrote:
No account, not even LocalSystem, should have permission to
patch core OS files.
>>> How would you distribute security
On Friday 17 Oct 2003 14:32 pm, Jochem van Dieten wrote:
> Administrators are only allowed to do an interactive login. How many
> of those can there be at the same time?
But any programs they run are now running as admin... you only solve some
problems by enforcing this.
--
Tom Chiverton
Advan
Thomas Chiverton said:
> On Friday 17 Oct 2003 14:32 pm, Jochem van Dieten wrote:
>> Administrators are only allowed to do an interactive login. How
>> many of those can there be at the same time?
>
> But any programs they run are now running as admin... you only solve
> some problems by enforcing
On Friday 17 Oct 2003 15:15 pm, Jochem van Dieten wrote:
> Who is running what as admin? If I log in as Admin and I do something
> stupid that gives problems. But how is somebody else going to run
> anything as admin that can replace kernel files?
You don't have to be doing something stupid to tri
> You don't have to be doing something stupid to trigger a
> trojon.
I would classify unnecessary use of Administrator privileges as "something
stupid".
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
[Todays Threads]
[This Message]
[Sub
Thomas Chiverton said:
> On Friday 17 Oct 2003 15:15 pm, Jochem van Dieten wrote:
>> Who is running what as admin? If I log in as Admin and I do
>> something stupid that gives problems. But how is somebody else
>> going to run anything as admin that can replace kernel files?
>
> You don't have to b
On Friday 17 Oct 2003 15:58 pm, Dave Watts wrote:
> > You don't have to be doing something stupid to trigger a
> > trojon.
> I would classify unnecessary use of Administrator privileges as "something
> stupid".
But you don't have be doing something stupid (like unnecessary use of
Administrator pr
On Friday 17 Oct 2003 15:53 pm, Jochem van Dieten wrote:
> > You don't have to be doing something stupid to trigger a trojon.
> What would be a non-stupid way for an admin to trigger a trojan on his
> server?
DNS poisioning when you downloaded the patch file, for instance.
On UNIX boxes, a local a
Thomas Chiverton wrote:
> On Friday 17 Oct 2003 15:53 pm, Jochem van Dieten wrote:
>
>>>You don't have to be doing something stupid to trigger a trojon.
>>
>>What would be a non-stupid way for an admin to trigger a trojan on his
>>server?
>
>
> DNS poisioning when you downloaded the patch file,
On Friday 17 Oct 2003 16:49 pm, Jochem van Dieten wrote:
> > DNS poisioning when you downloaded the patch file, for instance.
> > On UNIX boxes, a local attacker could have altered an alias for a common
> > command to fetch, compile and insert a Nasty kernel module and then
> > waited for you to ru
Thomas Chiverton wrote:
> On Friday 17 Oct 2003 16:49 pm, Jochem van Dieten wrote:
>
>>>DNS poisioning when you downloaded the patch file, for instance.
>>>On UNIX boxes, a local attacker could have altered an alias for a common
>>>command to fetch, compile and insert a Nasty kernel module and the
On Monday 20 Oct 2003 11:24 am, Jochem van Dieten wrote:
> > Doesn't help - where did you get the checksums from ?
> From a different machine of course.
Which you have to trust.
--
Tom Chiverton
Advanced ColdFusion Programmer
Tel: +44(0)1749 834997
email: [EMAIL PROTECTED]
BlueFinger Limited
Thomas Chiverton wrote:
> On Monday 20 Oct 2003 11:24 am, Jochem van Dieten wrote:
>
>>>Doesn't help - where did you get the checksums from ?
>>
>> From a different machine of course.
>
> Which you have to trust.
If there is anyone who is going to trojan an OpenBSD bastion
host, to modify the O
On Monday 20 Oct 2003 12:02 pm, Jochem van Dieten wrote:
> If there is anyone who is going to trojan an OpenBSD bastion
> host, to modify the OpenSSL MD5 checker, so that he can inject
> code into a patch to trojan a webserver, he is welcome to try.
Because it's not like there isn't a precedent fo
36 matches
Mail list logo
