My advise is to use a Windows box (like an admin workstation or a server
that doesn't have anything to do at night) and do a nightly network scan of
all shares. This will add another layer of redundancy apart from any desktop
realtime AV solution. I have several clients that have several Linux servers
installed and run nightly scan on each users and group shares on the Linux
servers - Works very well. The problem I have had with real-time scaners is
that I don't get notified of virus events as they happen. So desktop and
server AV programs that dump physical logs are a must - This way you can
extract events from the logs and be notified when they happen. I use logon
and logoff scripts to do this on clients and for the nightly scans of
servers I have a script that creates a report and mails it to me every day.
There are many ways you can configure AV solutions for Linux servers it just
depends on what type of data your users are using. For instance if you have
databases on these servers, running real-time AV would slow the DB's down to
much. Therefore a network scan at night would be a better choice. Make sure
you have the new *.VBS security enhancement to the WSH (WHS 5.6) installed
and bring your clients up to IE 5.5 SP2 with the current security patches.
Another bit of advice is to make sure all shares need authentication to gain
access to the file system this will help to prevent a domino effect if a
worm should gain access though a clients machine. Also I would segment
(seperate) as many parts of the network as posible ( if you can use
different network segments for each workgroup or part, like accounting and
sales, the chances that a worm would spread accross into the other segment
is unlikly - unless the users email docs to each other). A good tight
Security Policy is a good preventive step too and of course a good redundant
backup is essential.
I hope this gives you some ideas,
C. R. Lindgren Consulting
> There are several commercial AV programs for Linux that also detect
> based viruses and clean/remove them as well. I'm current using RAV on my
> Linux server and I will probably buy it. It works well and has Hueristic
> capability. (which is what you need) Down side with Linux AV systems is
> they take forever to scan your system but you can set most of them to scan
> only the directories you want.
> > Hi,
> > We are planning to switch our file server from Windows to Linux's
> > Samba server. What our management is concerned is about virus/trojan
> > on deposited on to the Samba server? Is there any way to detect
> > viruses/trojans on Samba server? Is there real-time protection to
> > detect a virus/trojan while a file is being saved from a Win9X/Win2K
> > box to the Samba server?
> > Thank you in advance.
> > Subba Rao