On-access AV scanning

Daniel Bye freebsd-questions at slightlystrange.org
Fri Jul 27 12:38:25 UTC 2012 

On Fri, Jul 27, 2012 at 07:15:29PM +0700, Erich Dollansky wrote:
> Hi,
> 
> On Fri, 27 Jul 2012 12:47:29 +0100
> Daniel Bye <freebsd-questions at slightlystrange.org> wrote:
> 
> > On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote:
> > > 
> > > 
> > > On Fri, 27 Jul 2012, Daniel Bye wrote:
> > > 
> > > >On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote:
> > > >>>Are there any current options available to support on-access
> > > >>>antivirus scanning on FreeBSD?
> 
> why should it be available when it is not needed?

Because the IT policy (currently) requires it. I don't agree with that
policy, but there you are - I don't have the authority to simply ignore it.


> > > >>>
> > > >>FreeBSD doesn't need this as there are no viruses on that system.
> 
> Ok, this is a bad reasoning.
> > > >
> > Thanks, Daniel. I have looked at Kaspersky, and various others, but
> > the main sticking point, as I see it, is that there is no on-access
> > scanning capability in any of the AV packages available for FreeBSD.
> 
> You will not find them. The scanners running on FreeBSD are looking for
> Windows pests.

Yes, I know. But we have petabytes of file systems shared over SMB/CIFS, so
if a Windows machine inroduces something to the network, it strikes me as
reasonable that if my (still putative) FreeBSD system finds it before
another Windows system, I have potentially prevented a much wider problem.


> 
> > It's not essential to build my case, but it would certainly
> > strengthen it.  I use ClamAV on my home mail server, and it works
> > well.  I have also tested it out on a desktop machine to run
> > on-demand scans, and it works just fine, and doesn't impose so much
> > of a load as to be a nuisance.
> > 
> Does it scan for FreeBSD viruses? I would wonder.

I wouldn't waste your time wondering, if I were you. Of course they *all*
look for malware that infests Windows machines. But, that nontwithstanding,
I have to adhere to the policy, whether I like it or not.

> 
> > We have had a couple of virus outbreaks recently, so this is quite a
> > high profile concern around here at the moment. The CIO is from a
> > technical background, so I might well be able to convince him of
> > FreeBSD's strengths as a very secure system, but I will still need to
> > accede to the IT policy, sadly - no way around it.
> 
> You will have to give it a miss then.
> 
> The security concepts of FreeBSD are 100% different. They will never
> match this kind of policy.

Yes, and I am hoping that that fact is enough to persuade him that the
current policy (which he inherited, by the way, he didn't have a hand it its
establishment) is no longer applicable in an increasingly mixed environment
(Polytropon brought up the obvious matter of smartphones and tablets and
other devices).

Thanks for your thoughts.

Dan

-- 
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20120727/a13795c1/attachment.pgp

More information about the freebsd-questions mailing list