[OpenIndiana-discuss] Anti-Virus strategy

Jerry Kemp sun.mail.list47 at oryx.cc
Wed Dec 26 19:15:10 UTC 2012


+1 on the ClamAV thing.

In past lives when I cared about virus', I never had any problem getting
a clean compile of ClamAV on Solaris or Solaris based distro's.

I would also 2nd Jim's recommendation of the VSCAN and related items.
It looks like the following is necessary to get the base VSCAN stuff
added to OI.

# pkg install pkg:/service/storage/virus-scan

Also, but obsolete, is the original OpenSolaris VSCAN page.

http://www.opensolaris.org/os/project/vscan

which now redirects here:

http://hub.opensolaris.org/bin/view/Project+vscan/

Jerry



On 12/26/12 11:08 AM, Jim Klimov wrote:

> 
> 
> Well, one thing you could use is ClamAV itself. It cleanly compiles
> under Solaris, I believe OI or SFE even provide it as a package,
> maybe even with SMF integration. I've recently packaged my own build
> for my older Solaris machines (you might need ncurses for clamdtop,
> otherwise no surprises).
> 
> Then you could either use regular scanning via command-line/crontab
> and/or intrusion detection (as Gary detailed), perhaps mixing the
> two to only scan changed files. Though it might make sense to scan
> everything once in a while, just in case new fingerprints are added
> to antivirus database that were not present when you originally
> saved the files with possible unknown viruses.
> 
> However, ClamAV's strengths shine when you use it as a daemon.
> Not only is its command-line client clamdscan much faster than
> usual clamscan - because it doesn't have to load the databases
> every time - but also you can use clamd as a filter for other tasks.
> The bundled clamav-milter can help with your emails, and the extra
> ICAP integration (i.e. c-icap software) allows to stick the filter
> into Squid for web traffic, into Samba for CIFS and into ZFS for
> any file IO (CIFS, NFS, FTP, local, ...).
> 
> * http://www.c0t0d0s0.org/uploads/vscanclamav.pdf
> *
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html#id2652728
> 
> * http://squidclamav.darold.net and
> 
> http://louwrentius.com/blog/2012/08/setting-up-a-squid-proxy-with-clamav-anti-virus-using-c-icap/
> 
> * http://c-icap.sourceforge.net/
> * http://www.clamav.net/lang/en/
> 
> DISCLAIMER: I did not try anything other than email integration
> and command-line test usage, so can't help in detail further than
> this...
> 
> HTH,
> //Jim Klimov
> 
> 
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss



More information about the OpenIndiana-discuss mailing list