Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need antivirus protection on Unix network

Status
Not open for further replies.
upplepop

upplepop

IS-IT--Management
Jun 1, 2002
173
US
I have a Unix-based server which networks 8 offices in my city which are connected via the Internet (SDSL) through a VPN. There are approx. 45-50 client terminals with Windows 98. All of the stations have Internet access which makes the system vulerable to viruses. Here are my questions:

1) Can you guys recommend a good antivirus program?
2) Should it be installed on the clients or server?
 
Sort by date Sort by votes
Not going to push a particular brand, you should do the research yourself. If you use file servers, they require antivirus, and the desktops should use it as well. After all, if users weren't downloading viruses, what else would they do for fun?
 
Upvote 0 Downvote
What antivirus program would be best for the server (unix) and which good for all the clients. I'm looking for recommendations based on usage. Can anyone help?
 
Upvote 0 Downvote
You don't mention the type of Unix you are using (AIX, Sun, HP, Freebsd, Linux, etc.), however, clamav is a freeware anti-virus scanner available for a number of Unix platforms.
 
Upvote 0 Downvote
Are there ANY antivirus enterprise management programs that can be run on a UNIX machine. I have found several (Trend Micro, Sophos, Symantec, McAfee) that use a Windows or Novell server but none for UNIX. I don't want the added expense of purchasing and licensing Windows 2000.
 
Upvote 0 Downvote
Hi,

Have a read of following regarding viruses for UNIX ,
There are many "trojans" for UNIX, and are very easy to make. I.E. A script that calls /sbin/rm -f /* executed by root will delete the files under / (exception would be /sbin and /sbin/rm and the shell because they are in use). While some people consider trojans a virus, they are not.

Virii have certain characteristics which would define them as virii. First, a virus is usually memory resident. This means that the virus sits in memory and looks for keys to attack files. Usually the dos extension to the file name. I.E. .exe files and .com files. Also virii must be at least a nuisance. like writing "eat my shorts" into a text file would cause an unwanted change to the file. A program that sat in memory and wrote our ficticous message to files would be a virus. A virus must also spread itself in one way or another.

Because the virus usually needs a trigger (like the dos extension) UNIX virii are much more difficult to create. Since /usr/bin/rm is an executable not denoted by rm.exe, the virus would not be able to tell by name what is an executable to infect and spread, and what is not. /etc/hosts would look the same to a virus as /etc/ping. A virus would have to be huge to sit in memory and be able to stat all files, run magic, check bits, etc... to know how to spread.

Next, in UNIX the kernel is memory resident. When the system boots the kernel, it is read only. The kernel sits in memory until system shutdown. If a virus was to infect the kernel, it would not be effective until the system was rebooted with the bad kernel. In Win/XXXX the kernel sits on a disk, and is constantly accessed. A 100MB kernel just does not fit into most PC's memory :). If the kernel is corrupted, the corruptions are instantly read in, and accepted. Microsoft was supposed to fix this in Win NT 4.0, then in 2000, but I guess they will just let saps keep buying their products and spending tons of cash on anti-virus software and think that is has to be that way.....How easily some of us are fooled :)

The next problem with running a virus in UNIX is that the virus can only run at the access level of the user who executes the program. I.E. If johndoe executes the program, the program can only affect "johndoe"'s processes and files. Anything owned by "root", and "bettysue" would be unaffected. The virus could only do wide spread system damage if the super user "root" executed the virus. This severely limits the ability of a virus in UNIX. Windows NT and 2000 also have multi leveled access for processes, but Microsoft's implementation is very easy to bypass.

In SunOS and Linux, the virus scanning software that is available is NOT for UNIX and Linux protection, but Microsoft Windows protection. The software is made to scan data shared to and from Windows boxes.

The best defense in UNIX to the Virus threat is common sense, built in UNIX functionality, and basic security measures.

 
Upvote 0 Downvote
other places of interest :

<- unix av (of varying sorts)

< corporate firewall and vpn software plus content filtering etc etc (useful to stop downloads of file types (exe com bat etc etc), internet access restriction and blocklists all in one
also block things like IRC and MSN messenger. blah blah too much to list(minor rave, trust me, its worth looking at).

clamav anothe option.

if all terminals have internet access I would definately use a client side AV scanner AS WELL as a server scanner.

Point to note :
Outlook is the single biggest email client target for virus writes, if possible use something else ;
<- highy unlikely to be affected by a virus (saved me hours and hours :))

There are others about, I have only listed the ones I am familiar with and use daily.

Another thing to note would be email scanning at the mailbox, (ISP mailbox) -







______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
 
Upvote 0 Downvote
Well, I haven't found exactly what I needed. Nobody has a UNIX antivirus enterprise management package. But if anyone else is interested in this subject, I'll tell a good alternative I found:

McAfeeASAP is an antivirus ASP (Application Service Provider) that can do virus scanning from the Internet. It updates itself automatically and does not require a server (Microsoft or otherwise). I can use this on my clients and use another virus program (several are mentioned above) for my UNIX server. However, it will cost $3000 for a 2-year license... a bit more than other antivirus programs. For those interested, more info at:
I think I may end up using Norton or VirusScan and installing it on all 50 clients. They have decent auto-update features, unfortunatly no centralized management.
 
Upvote 0 Downvote
I tried Sophos, but their Enterprise Manager is only available on Windows platforms. I contacted them and they said their UNIX customers write a script which automates the updates and offered to prepare some instructions. Anyone have any idea how this script would work? Would it run from the UNIX server or the Win98 clients?
 
Upvote 0 Downvote
Hi,
Can you tell us what Virus is out there which will affect a UNIX server?

I think the reason you are having a problem finding A virus scan program for UNIX is there aren't a lot of viruses out there which attack UNIX systems and therefore there isn't a reason to spend a lot of money in designing software you can't make your money back on. Much like how drug research is funded.

As stated above.....

Most UNIX issues are from TROJAN HORSES which are not really a VIRUS. someone leaves a script which says

rm -fr /

and some unsuspecting sysadmin runs it while logged on as Root.

Proper procedures can help minimize the chance a trojan is executed.

----

 
Upvote 0 Downvote
I know what you mean about there being no viruses for UNIX, so the antivirus for UNIX isn't that big of deal for me. What I want is an Enterprise Antivirus Management package that runs on UNIX so I can protect the Windows Clients and manage it on the UNIX server.
 
Upvote 0 Downvote
Hi upple,

you wrote, &quot;Are there ANY antivirus enterprise management programs that can be run on a UNIX machine. I have found several (Trend Micro, Sophos, Symantec, McAfee) that use a Windows or Novell server but none for UNIX&quot;.

The company I work for use Sophos on all their servers. We have a 'runsweep' script which runs once a day and sweeps all of the servers file systems for viruses. We get monthly virus signature updates as well as emergency ones when new viruses threaten. It is simple to maintain.
 
Upvote 0 Downvote
Hi,
But The user wants the administartion utility to run on the UNIX platform not the Windows BOX. Where the SCANS occur are irrlevent since they will probably only need to be run on the Windows machines.

Where does the Sophos Administration GUI run which sets up all the Scans and Downloads the updates. Does it run on UNIX or on one of the Windows Workstations?

----
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ziggy6
  • Locked
  • Question
Help using awk or some kind of Tool in Unix to Read a file, cut fields and write to a file
Replies
2
Views
394
mikrom
mikrom
singaaravelup
  • Locked
  • Question
Need help on UNIX
Replies
0
Views
311
singaaravelup
singaaravelup
ziggy6
  • Locked
  • Question
Trying to Install Openssl 1.1.1. on SCO 5.0.7
Replies
0
Views
342
ziggy6
ziggy6
mduddytel
  • Locked
  • Question
Unix Root inbox - how to clear
Replies
0
Views
312
mduddytel
mduddytel
mduddytel
  • Locked
  • Question
SCO Unix Smart-host problem (?)
Replies
0
Views
286
mduddytel
mduddytel

Part and Inventory Search

Sponsor

Back
Top