Re: [SAGE] virus threat/software on Unix/Linux

[Mick Sheppard <mick@tbcs.co.uk>]

Quoting Mario Obejas <obejas@phylum.esn.us.ray.com>:

> Our community tends to hate this discussion but ....
> 
> Surely I'm not the only support person who's recently been asked about the 
> subject line.  Management is asking why we don't run anti-virus software on
> our 
> Unix boxen. 

I'm currently contracting managing a large document management system. We have 
100s GB of documents entered and access via people running, primarly PCs. We 
scan the content store periodically using Sophos Anti Virus 
(http://www.sophos.com/). We also scan the web application that allows the 
users access to the system. Until recently we used to scan, with auto 
correction, the database files holding the indexing information but I managed 
to persuade management that this wasn't a good thing to do.

As production Unix systems tend to be less numerous than PCs and, hopefully, 
the processes running on them are more secure (you know what processes should 
be running etc), it's easier to combat worms targeted at them. The main danger 
from a Unix system would be transmission to PCs. To stop this the areas to look 
at are:

- Shared file store.
- Email
- Web applications

The ideal is to processes these as the file come in but this isn't always 
possible. If you can't scan as the files come in scan the vulnerable areas 
periodically.


-- 
Mick Sheppard

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/