[OpenIndiana-discuss] Anti-Virus strategy
Richard L. Hamilton
rlhamil at smart.net
Wed Dec 26 22:43:11 UTC 2012
http://www.c0t0d0s0.org/uploads/vscanclamav.pdf
And a very quick look at the Solaris 11 docs leaves me with the impression that Vscan hasn't changed much since OpenSolaris. So it might take a bit more doc reading and fiddling than the above, but probably not too much.
Haven't tried it myself, so there's probably not much point in asking me detailed questions.
On Dec 26, 2012, at 2:15 PM, Jerry Kemp wrote:
> +1 on the ClamAV thing.
>
> In past lives when I cared about virus', I never had any problem getting
> a clean compile of ClamAV on Solaris or Solaris based distro's.
>
> I would also 2nd Jim's recommendation of the VSCAN and related items.
> It looks like the following is necessary to get the base VSCAN stuff
> added to OI.
>
> # pkg install pkg:/service/storage/virus-scan
>
> Also, but obsolete, is the original OpenSolaris VSCAN page.
>
> http://www.opensolaris.org/os/project/vscan
>
> which now redirects here:
>
> http://hub.opensolaris.org/bin/view/Project+vscan/
>
> Jerry
>
>
>
> On 12/26/12 11:08 AM, Jim Klimov wrote:
>
>>
>>
>> Well, one thing you could use is ClamAV itself. It cleanly compiles
>> under Solaris, I believe OI or SFE even provide it as a package,
>> maybe even with SMF integration. I've recently packaged my own build
>> for my older Solaris machines (you might need ncurses for clamdtop,
>> otherwise no surprises).
>>
>> Then you could either use regular scanning via command-line/crontab
>> and/or intrusion detection (as Gary detailed), perhaps mixing the
>> two to only scan changed files. Though it might make sense to scan
>> everything once in a while, just in case new fingerprints are added
>> to antivirus database that were not present when you originally
>> saved the files with possible unknown viruses.
>>
>> However, ClamAV's strengths shine when you use it as a daemon.
>> Not only is its command-line client clamdscan much faster than
>> usual clamscan - because it doesn't have to load the databases
>> every time - but also you can use clamd as a filter for other tasks.
>> The bundled clamav-milter can help with your emails, and the extra
>> ICAP integration (i.e. c-icap software) allows to stick the filter
>> into Squid for web traffic, into Samba for CIFS and into ZFS for
>> any file IO (CIFS, NFS, FTP, local, ...).
>>
>> * http://www.c0t0d0s0.org/uploads/vscanclamav.pdf
>> *
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html#id2652728
>>
>> * http://squidclamav.darold.net and
>>
>> http://louwrentius.com/blog/2012/08/setting-up-a-squid-proxy-with-clamav-anti-virus-using-c-icap/
>>
>> * http://c-icap.sourceforge.net/
>> * http://www.clamav.net/lang/en/
>>
>> DISCLAIMER: I did not try anything other than email integration
>> and command-line test usage, so can't help in detail further than
>> this...
>>
>> HTH,
>> //Jim Klimov
>>
>>
>> _______________________________________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
--
eMail: mailto:rlhamil at smart.net
Home page: http://www.smart.net/~rlhamil/
Facebook, MySpace,
AIM, Yahoo, etc: ask
More information about the OpenIndiana-discuss
mailing list