On-access AV scanning
freebsd at edvax.de
Fri Jul 27 18:47:34 UTC 2012
On Fri, 27 Jul 2012 13:10:12 -0500, Mark Felder wrote:
> Virus scanning should not be your problem. If the Windows users in the
> organization have an antivirus solution there is no need for you to have
> one. It doesn't matter if you share files over SAMBA -- when they access
> the files their virus scanner will check them.
His "problem" is that there's a corporate reglementation
of what he has to do, which he needs to obey in order to
keep his job. Even though this ruleset contains something
stupid (or even impossible), it's a requirement. Of course
a stupid one, but it does exist.
Surely it would be better for the company that has _admitted_
to have had more than one significant infection to do the
simplest, most stupid and absolutely basic tasks:
1. educate users, repeat educating users, continue
2. connect "Windows" PCs through a non-"Windows" scanning
facility to the Internet; think about who needs Internet
and who doesn't
3. limit access to local storage (CD, DVD, USB sticks) and
force those to be "inserted" to the network (e. g. as
a CIFS share) again through a non-"Windows" scanning
facility; again think about who should be allowed to
enter "foreign data" to the company network and _how_
it is _required_ to be done
4. consider the whole network, also think about (W)LAN or
BT connected smartphones, printers, networking gear
5. learn about viruses, trojans, malware: how they work,
how they are used and therefore how to "actively act
6. understand security as a process, not a stupid list that
tells you to "have a virus scanner on the system that
works on access"; now go to item 1 again
Of course, _none_ of those points seems to be on the agenda
at the moment. There's still the rule "You must have a
virus scanner on your computer that acts as on-access scanner
and scans for any viruses." It misses both that FreeBSD is
not infectable by "Windows" viruses, and it does not prevent
any "non-virus" attacks (such as per smartphone, per printer,
per human stupidity and carelessness).
So I think Daniel is actually on the best road at the moment.
Sure, it won't make _his_ system safer, and it won't make
other systems safer, but it will conform to the rules. If
he's able to use FAM/Ganim as the "on-access" part, and
a virus scanner he finds suitable for the "virus scan" part,
that should be sufficient.
if(system_has_scanner && scan_on_access)
Obeying can be fun, if it _is_ that easy. :-)
Maybe later on, he can convince his superior to switch
on his brain for thinking about the corporate guidelines.
It's worth it, and it saves money. I'm confident that it
is a chance to finally dump the stupid idea of insisting
to have a virus scanner on FreeBSD where there are no
viruses it could scan for.
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions