Samba server and virus scanning on Linux

Samba server and virus scanning on Linux

Post by Subba R » Fri, 31 May 2002 03:34:14



Hi,

We are planning to switch our file server from Windows to Linux's
Samba server. What our management is concerned is about virus/trojan
on deposited on to the Samba server? Is there any way to detect
viruses/trojans on Samba server? Is there real-time protection to
detect a virus/trojan while a file is being saved from a Win9X/Win2K
box to the Samba server?

Thank you in advance.

Subba Rao

 
 
 

Samba server and virus scanning on Linux

Post by Shaun Marol » Fri, 31 May 2002 04:04:03


There are several commercial AV programs for Linux that also detect Windows
based viruses and clean/remove them as well. I'm current using RAV on my
Linux server and I will probably buy it. It works well and has Hueristic
capability. (which is what you need) Down side with Linux AV systems is that
they take forever to scan your system but you can set most of them to scan
only the directories you want.

--Shaun


> Hi,

> We are planning to switch our file server from Windows to Linux's
> Samba server. What our management is concerned is about virus/trojan
> on deposited on to the Samba server? Is there any way to detect
> viruses/trojans on Samba server? Is there real-time protection to
> detect a virus/trojan while a file is being saved from a Win9X/Win2K
> box to the Samba server?

> Thank you in advance.

> Subba Rao



 
 
 

Samba server and virus scanning on Linux

Post by Detlev Dau » Fri, 31 May 2002 04:20:59


Let me bring a very good german virus scanner for Linux to you. It works
  pretty fine and the database is always very close up to date. Its free
of charge for private use . I use it for about one year and i`m quite
happy with that scanner:

http://www.antivir.de/

dd


> There are several commercial AV programs for Linux that also detect Windows
> based viruses and clean/remove them as well. I'm current using RAV on my
> Linux server and I will probably buy it. It works well and has Hueristic
> capability. (which is what you need) Down side with Linux AV systems is that
> they take forever to scan your system but you can set most of them to scan
> only the directories you want.

> --Shaun



>>Hi,

>>We are planning to switch our file server from Windows to Linux's
>>Samba server. What our management is concerned is about virus/trojan
>>on deposited on to the Samba server? Is there any way to detect
>>viruses/trojans on Samba server? Is there real-time protection to
>>detect a virus/trojan while a file is being saved from a Win9X/Win2K
>>box to the Samba server?

>>Thank you in advance.

>>Subba Rao


 
 
 

Samba server and virus scanning on Linux

Post by Matthias Pfeife » Fri, 31 May 2002 04:26:20



>There are several commercial AV programs for Linux that also detect Windows
>based viruses and clean/remove them as well. I'm current using RAV on my
>Linux server and I will probably buy it. It works well and has Hueristic
>capability. (which is what you need) Down side with Linux AV systems is that
>they take forever to scan your system but you can set most of them to scan
>only the directories you want.

>--Shaun



>>Hi,

>>[...]
>>Thank you in advance.

>>Subba Rao


You could also give www.hbedv.com a try, its a german (comercial) product. The Linux Version of the Program is for free and concerning to their ads the opensource their "engine" next days.

Greetings
Matthias

 
 
 

Samba server and virus scanning on Linux

Post by mw » Fri, 31 May 2002 04:30:37


Have a look at:
        http://www.hbedv.com/download/download.htm

        (antivir for server / Antivir for linux / avlxsrv.tgz)

I'm using their "free for personal use" workstation version for linux and it
does precisely what you're asking for (it also prevents opening a file when
it has a virus).  I understand the server version also looks at compressed
files and other things.

(As you're a company you'll have to pay for it though!)

MW

On Wednesday 29 May 2002 20:34 Subba Rao wrote in group
comp.os.linux.security:

> Hi,

> We are planning to switch our file server from Windows to Linux's
> Samba server. What our management is concerned is about virus/trojan
> on deposited on to the Samba server? Is there any way to detect
> viruses/trojans on Samba server? Is there real-time protection to
> detect a virus/trojan while a file is being saved from a Win9X/Win2K
> box to the Samba server?

> Thank you in advance.

> Subba Rao


 
 
 

Samba server and virus scanning on Linux

Post by Rober » Fri, 31 May 2002 06:46:54


Many thanks:

Robert
********

Quote:> Let me bring a very good german virus scanner for Linux to you. It works
>   pretty fine and the database is always very close up to date. Its free
> of charge for private use . I use it for about one year and i`m quite
> happy with that scanner:

> http://www.antivir.de/

 
 
 

Samba server and virus scanning on Linux

Post by Nico Kadel-Garci » Fri, 31 May 2002 08:10:33



> Hi,

> We are planning to switch our file server from Windows to Linux's
> Samba server. What our management is concerned is about virus/trojan
> on deposited on to the Samba server? Is there any way to detect
> viruses/trojans on Samba server? Is there real-time protection to
> detect a virus/trojan while a file is being saved from a Win9X/Win2K
> box to the Samba server?

> Thank you in advance.

> Subba Rao


Umm. Umm. Kind of/sort of.

Files will not execute automatically on the Samba server the same way they
typically do in a Windows user's environment. They also won't (if configured
reasonably correctly!) have permissions to do damage to the root user's
environment.

A Windows user can still dump a virus, by accident, in a shared directory:
the user should be running a virus checker on their own machine to prevent
this sort of abuse. But detecting the viruses from the Linux side could be
*interesting*. I suspect there are commercial vendors who may have such
products, but most sites rely on the inherent UNIX control of the file
permissions and the user's not sharing dirty needles^H^H^H^H Microsoft Word
documents this way.

 
 
 

Samba server and virus scanning on Linux

Post by Carl Lindgre » Fri, 31 May 2002 15:16:03


My advise is to use a Windows box (like an admin workstation or a server
that doesn't have anything to do at night) and do a nightly network scan of
all shares. This will add another layer of redundancy apart from any desktop
realtime AV solution. I have several clients that have several Linux servers
installed and run nightly scan on each users and group shares on the Linux
servers - Works very well. The problem I have had with real-time scaners is
that I don't get notified of virus events as they happen. So desktop and
server AV programs that dump physical logs are a must - This way you can
extract events from the logs and be notified when they happen. I use logon
and logoff scripts to do this on clients and for the nightly scans of
servers I have a script that creates a report and mails it to me every day.
There are many ways you can configure AV solutions for Linux servers it just
depends on what type of data your users are using. For instance if you have
databases on these servers, running real-time AV would slow the DB's down to
much. Therefore a network scan at night would be a better choice. Make sure
you have the new *.VBS security enhancement to the WSH (WHS 5.6) installed
and bring your clients up to IE 5.5 SP2 with the current security patches.
Another bit of advice is to make sure all shares need authentication to gain
access to the file system this will help to prevent a domino effect if a
worm should gain access though a clients machine. Also I would segment
(seperate) as many parts of the network as posible ( if you can use
different network segments for each workgroup or part, like accounting and
sales, the chances that a worm would spread accross into the other segment
is unlikly - unless the users email docs to each other). A good tight
Security Policy is a good preventive step too and of course a good redundant
backup is essential.

I hope this gives you some ideas,

--
Carl Lindgren
C. R. Lindgren Consulting
Minneapolis, MN

> There are several commercial AV programs for Linux that also detect
Windows
> based viruses and clean/remove them as well. I'm current using RAV on my
> Linux server and I will probably buy it. It works well and has Hueristic
> capability. (which is what you need) Down side with Linux AV systems is
that
> they take forever to scan your system but you can set most of them to scan
> only the directories you want.

> --Shaun



> > Hi,

> > We are planning to switch our file server from Windows to Linux's
> > Samba server. What our management is concerned is about virus/trojan
> > on deposited on to the Samba server? Is there any way to detect
> > viruses/trojans on Samba server? Is there real-time protection to
> > detect a virus/trojan while a file is being saved from a Win9X/Win2K
> > box to the Samba server?

> > Thank you in advance.

> > Subba Rao


 
 
 

Samba server and virus scanning on Linux

Post by Mike Sco » Fri, 31 May 2002 17:28:07


On Wed, 29 May 2002 23:10:33 GMT, "Nico Kadel-Garcia"
...

Quote:>A Windows user can still dump a virus, by accident, in a shared directory:
>the user should be running a virus checker on their own machine to prevent
>this sort of abuse.

There is a potential problem with real-time checking on the windows
box of files served from samba.

I run both AVG and InoculateIT PE.  I usually keep a copy of the eicar
test on a samba server for test purposes.  Attempting to execute the
server's copy of eicar.com on the windows box triggers AVG nicely to
block it.  As far as I can tell, IPE just lets it run -- although it
will block a local copy.

--
Please use the corrected version of the address below for replies.
Replies to the header address will be junked, as will mail from
various domains listed at www.scottsonline.org.uk
regards. Mike Scott Harlow Essex England.(unet -a-t- scottsonline.org.uk)  

 
 
 

1. Linux/Samba On-Access Anti-Virus Scanning

Greetings All,

My department is going to be deploying Linux (Redhat 7.3) and Samba to
replace our Novel file/print servers, we would like to implement an
on-access virus scan on the servers (not on demand, and not client based).
I would appreciate it if the users of this group could recommend any
products that are out there, and their reasons behind their choices.  I
realize that this is asking you to do my initial research, but I'm starting
to come under the gun here.

TIA,

Trevor Rickards
Technical Analyst
Saskatchewan Environment

2. I need an emacs manual

3. Modem server pointers requested

4. Virus scanning mail server for BSD or Linux

5. USB - Zio Smart Media Reader

6. Going from WinNT to Linux - Mail server virus scanning

7. Apache - how to encrypt data before send?

8. virus scanning software for file servers?

9. Netscape Proxy Server & Virus scan

10. Tools of scanning Linux Viruses

11. Is there any Virus scan for linux

12. Anybody knows if there is any good virus scanning tools in Linux with sendmail?