Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scanning For Windows Viruses Using Unix?

Posted by Cliff on from the penguins-screening-for-bill-bugs dept.

Webmoth asks: "As a networking consultant providing services to small businesses, I find myself installing an increasing number of Linux/Samba servers. Many of these clients are now getting always-on Internet connections with static IP addresses so that they can have an in-house mail server on that Linux box. I am concerned about the increased possibility of viruses infecting their network because of this. I'm not worried about the Linux box contracting a virus (that typically requires user intervention), but would like some solution, a software package running on Linux, that monitors for Windows viruses as files are accessed on the Samba server. It would be nice if there was a module that interacted with Sendmail to block e-mail viruses, too." Remember, many solutions that work for Linux will work for other Unixen as well. Unix machines typically act as mail servers for most enterprises so it would help prevent e-mail virus outbreaks if scanning can be done at the server level as well as the client level.

"Ideally, this Linux antivirus product would act as a server to provide virus definitions and scan control to Windows clients (much like Symantec's Norton Antivirus Enterprise Solution, formerly Intel's LanDesk, which is a great product but Windows-exclusive), as you can't trust users to maintain their virus software. Symantec had a press release back in April which seemed to indicate Linux support, but a knowledge base article posted the following day reveals that support is provided by scanning a shared Linux filesystem that can be mounted by a Windows box running Norton Antivirus. I'd like to see real Linux support. Anybody know of a practical solution?"

8 of 20 comments (clear)

  1. Policy based filtering of incoming email by Juggler · · Score: 2
    I'm the author of a free software program called "the Anomy sanitizer". Click on my signature to download it or read the readme.

    Anomy allows you to define on a mail gateway (sendmail, qmail or something else - Anomy is mailer independant) what to do to different sorts of attachments. Options include "drop", "save", "scan" (with a third party virus scanner), "mangle" (rename to avoid windows extension risks) and "accept".

    Anomy is more powerful than Amavis or Inflex, in that it allows you to selectively scan/drop/... only certain types of files for viruses (thus saving CPU cycles when people are just swapping .gifs). So you can taylor it pretty carefully to match the needs of your customer. And Anomy should also be faster, since it doesn't need as many forks or use up temporary disk space for each message. Anomy is also aware of non-MIME attachments, so all those uuencoded outlook-style attachments will get scanned. The same goes for nested MIME parts. Some of the other solutions get these things wrong, which means that things are likely to slip through.

    Another feature Anomy has which the others lack, is a method for cleaning up risky HTML - disabling things like styles, javascript, ActiveX - all of which have had email security related problems.

    I wrote Anomy because I wasn't happy with any of the other available free solutions, and I've reached all of my technical goals - so I think it's fair to say that mine is better. It's also been pretty stable for the last few months. Now I just need to write a decent manual... :-)


    --

    --
    Host your own websites, anywhere!
  2. Re:NAI by larien · · Score: 2
    We use it under Solaris here, and it works OK but I've seen it get wedged in some circumstances. It does seem to be reproducable as it always gets wedged under one specific user's home drive, but I haven't had time to hammer it out properly to submit a bug report to McAfee.

    BTW, I've found it works an absolute dream using qmail and qmailscan (both packages available from qmail's home page) and has stopped a lot of viruses being sent via email. Qmailscan also stops attachments with certain extensions; in my case, I set it up to block .VBS and was very glad when it stopped an ILOVEYOU variant :)
    --

  3. Sophos, Trend by hatless · · Score: 2

    For the server-side protection, I'd have a look at Sophos's product.

    As for the automatically-distributed client, you should evaluate (for free) Trend Micro's OfficeScan Corporate Edition to see if it plays nice with Samba. It runs no code on the server. The software and updates get delivered via client pull, initiated by Windows login scripts, and the admin interface can be run from any Windows machine with proper share access to the distributing host.

  4. Possible other option. by Christopher+Thomas · · Score: 2

    While I suspect you're at the mercy of Norton et. al. for waiting for a true Linux virus scanner, there's another option that might help reduce virus damage - automatically maintaining Windows system files.

    I've mainly seen this done via some netbooting variant of NT, but it could be done using Linux as well. Either on startup or at regular intervals, system and other non-data files on Windows machines are compared regularly to protected reference copies of the files. Files that don't match are overwritten. Files that are missing are replaced. Files that shouldn't be there are wiped.

    The down side: Your Windows environment has to be homogeneous (including hardware). Otherwise, your administrative hassles skyrocket, because you have to maintain a separate reference copy for every variant of the installation.

    The plus side: This is the only sure-fire way that I know of to protect a Windows system from corruption, be it induced by a virus or by time. From what I've seen, it works quite well.

    The Problem: You're going to have a lot of fun gaining read/write access to all of the required drives remotely and securely. Read access might be manageable without opening too many holes.

  5. Sophos.. by Qube · · Score: 2

    Surprised no-one else has posted this yet - Sophos offers AV software for Windows, Netware, OS/2, Unix (Solaris, Linux, SCO, Digital, AIX, FreeBSD, HP-UX) and OpenVMS servers, and Windows, OS/2, Mac and DOS clients.

    Our company uses it on Netware servers/Windows clients, and it's been great - although I haven't used any of the other server versions I'd expect them to be at least as good. SAVAdmin and other management tools work well too (provided you've got an NT machine handy to run it) - updates, client upgrades and the like can all be automated.

  6. UNIX and Linux by DaveHowe · · Score: 2
    There are four or five companies that offer Linux support, but few that offer $OTHERUNIX support; One worth looking at is sophos - they offer a range of alternate platforms and were the only ones I could find that supported Digital Unix on Alphaservers.

    I also asked this question a month or so back and got rejected - obviously luck of the draw for which reviewer you get :+)
    --

    --
    -=DaveHowe=-
  7. Install the Outlook Security Patch by BitMan · · Score: 3

    Will solve 99.9% of your problems. Of course it messes up Outlook's automation features, but that was the problem in the first place. It got rid of all our issues.

    BTW, Bynari has an Exchange-server replacement for Linux that will give your Outlook clients most of those features back at the server level. As such, we're thinking about switching from HP OpenMail to Bynari's TradeServer.

    -- Bryan "TheBS" Smith

    --
    -- Bryan "TheBS" Smith
    Independent Author, Consultant and Trainer
  8. NAI by kevin42 · · Score: 3
    McAfee has a linux scanner that uses the same dat files as the windows version. I've been using it for a while and it does a good job. It's even caught a few viruses for me:

    http://www.nai.com/asp_s et/ buy_try/try/products_evals.asp

    If you are looking for an email scanner check this out, it is a great email scanner:

    http://www.amavis.org/