Holger Rauch wrote:
Hi, On Fri, 27 Nov 2009, Paul Johnson wrote:Holger Rauch wrote:I'm thinking about using NOD32 on a Debian system for on access virus scanning (i.e. scan a file when it's created or its contents are modified in some way).Why, when it's so much easier to not allow connections from insecure operating systems prone to virus infection to start with?Because disallowing these connections (unfortunately) is not an option since Windows clients are used in my company and they too need to be able to both access and modify files on our file server. What's even more interesting though is: Which is the right Dazuko version to choose? There are several of them around. Kind regards, Holger
Or look at it the other way round....Linux is not vulnerable to windows virus. Note the careful wording ;-) So don't waste valuable server cpu cycles on-access scanning on a Linux server. Instead protect your Linux with things like rkhunter.
Also all your windows PCs already have to run on-access scanners anyway - right.
So a virus should never get near the server anyway at least in theory...In practice virus do often get through simply because the virus profiles available for both server and clients PCs are always one step behind the crooks. Best you can do is have have regular full virus scans on the Windows PCs hard disks to fix once the anti-virus companies catch up.
You could be very sociable and scan the files at quiet times on the server and quarantine...clamav does a nice job at no cost. You can also use it as a quality check on your commercial scanner.
Good luck, Berni