Anti-Viral Software for Unix?

dameon asks: "I have been looking at using samba to serve NT Files in my office. Currently we use NT servers and pay a premium for HP NetServers. I recently arranged the purchase of a small cluster and a 1.5TB NAS device for some CFD calculations we are doing. My NT Server is scheduled to be replaced this year, and I don't want to spend any more money than I have to. So, I wanted to use the existing VA NAS device to do the serving. I ran into one problem: the lack of commercial Anti-viral software for Linux. My company (large to say the least) uses Norton Antivirus exclusively. They will not accept anything else. I cannot guarantee that the client PC's all have updated Virus Definition files, so I need to have the server protected. My question is this: What will it take to get commercial Anti-Viral packages to list Linux as a supported platform? I am surprised this hasn't been a bigger issue to date. Or perhaps I am missing something." Anti-virus scanners aren't anything new to Open Source software, is this the reason why players like Symantec haven't tried to break into it? If not, what would Unix users need to do to convince Symantec and other commercial entities that there really is a market for native virus scanners?

duh.

[Anonymous Coward]

just use a NT client connected to the samba NT server and periodically schedule scans with norton from there. norton has a antivirus scheduling system..just scan it every 10 minutes or so. use a cheap low end nt machine like a 200MHz pii with 64 mb ram that you find in a garbage dump.

Norton only?

[Anonymous Coward]

My company (large to say the least) uses Norton Antivirus exclusively. They will not accept anything else.

You might be able to argue that is it better to use a different antivirus solution on the server. Different products have different strengths, and one will be quicker than the other to catch a new virus. By using Norton on your desktop systems and McAfee on your server, you'll catch more problems sooner. After all, if an infected file is on your server, your desktop protection has already failed -- that file on the server came from a desktop system, right? Bonus points for having a server that can't be infected by a Windows virus.

Rules are made to be improved.

Re:What we do...

[larien]

McAfee is a dream to administer for updates; at my old work, I grabbed the updates nightly from NAI's web site onto the local FTP server (NB: don't try to use 'mirror' for this, as the MS FTP server doesn't work in way mirror expects). Then, all the clients would check overnight for updates and automatically install them. Also, the system had a 'window' it would try to do the updates in, so they didn't all go to the FTP server at the same time!

After spending a couple of days on getting the installer working (it also comes with an installer creator which will automatically put all the install options in), I never had to touch the clients and they were always kept up to date. Not bad for over 250 workstations!
--

A klunky solution?

[PD]

Run you Samba box. Run VMWare on top of the Samba box. Run Windows NT inside VMWare. Run a virus scanner inside Windows NT.

oops, I guess if you did that you could just run NT on the server!

Try Sophos AntiVirus

[The_mandrake]

I highly recomend that you check out Sophos AntiVirus. (www.sophos.com [sophos.com])

their software runs on tons of platforms and is truly awesome. plus their licensing agreement allows all your employees to use it on their home machines free of charge. Their administration client is great, their support is awesome, and the product does what it is supposed too.

Apart from Windows, mac, os/2, and openVMS, and even integrated Lotus Notes/Domino Scanning, Their Unix version works on the following platforms:

• Solaris/SPARC
• Solaris/Intel
• Linux/Intel
• Linux/Alpha
• SCO OpenServer/Intel
• SCO UnixWare/Intel
• Digital Unix/Alpha (Compaq Tru64 Unix/Alpha)
• AIX/PowerPC
• FreeBSD/Intel
• HP-UX/HP-PA

We work closely with a lot of government agancies and private corporations, and we are always calling them and letting them know that they have infected documents or mail servers or whatever... they never seem to know until we tell them, and we have never had a problem.

I am not an agent of or affiliated with Sophos in any way, I am just a satisfied sys-admin.

An old sig
a bit drops in

Sophos

[Qube]

Sophos is both:

- good
- runs on linux (and plenty of other platforms)

http://www.sophos.com/

uvscan by McAfee

[calvid]

McAfee's virus scanner for unix is called uvscan. I can't remember the URL where I found it, but Google might be able to sniff it out for you.

Unix Antivirus

[Mc Fly]

Well, we have been using Kaspersky anti-virus for Unix with no problems. It has an add-on for sendmail, postfix and qmail.
Also, there is an NT version "Webinspector"...
It works really good!

Thats why we sell them here in Argentina...
Contact me for details...

Amavis

[sc0rpi0n]

McAffee is available for Linux.

If your samba server is also your mail server I can advise you to install Amavis (A Mail Virus Scanner: www.amavis.org [amavis.org]) on it. Amavis is not a virusscanner itself, but invokes a configurable commandline scanner to scan all your email and attachments, even if they are compressed! You'll also find a list of available Linux virus scanners on the Amavis site and scripts to auto update your virus defs.

Re:duh.

[Webmoth]

Not quite. What is needed is a real-time scanner on the *nix server which scans files as they are read, created, or modified. Scanning the entire filesystem every 30 minutes or so (10 minutes is unrealistic) is going to put a tremendous load on the network & the system, and there's the potential for a virus to propagate throughout the network in the period between scans.

A *nix virus scanner should scan for known viruses on ALL major OS'es, not just the native OS, since the *nix server will be providing file storage services to a variety of OS'es... Win*, Mac, *nix, Amiga, TRS-80, Commodore64, whatever.

Symantec's Norton Antivirus Enterprise Edition is a fabulous product which provides centralized management of antivirus software (using a client/server scheme) on the network. I'd love to see a *nix antivirus client for it, even if the antivirus server has to be on an NT box.

Another nice feature would be an SMTP server that scans incoming files for viruses in an OS-independent manner.

("viruses"; "viri"; whatever!)

Mcafee VirusScan for Unix

[thefatz]

At our small samba install of about 30 users, we use Mcafee Virusscan. [mcafeeb2b.com] I just run a cron script daily that updates the dat file and scans the system. It works really well.

Commercial Linux Anti-Virus

[subsolar2]

DataFellows offers F-Secure 4.10 for linux in workstation and server flavors. We user F-Secure for Windows here and it works fine, we have the linux version also but have not tried it out on either of our linux servers to see how it works.

see: http://www.datafellows.com/products/anti-virus/wor kstations/

- subsolar

Good Article At SecurityPortal

[Jordan Block]

check out This Article [securityportal.com] Should be just what you're looking for.

prievew, damnit.

[Jordan Block]

proper url [securityportal.com]

F-Secure

[kinnunen]

I know at least F-Secure makes a Linux-version of their anti-virus software, and if I'm not completely mistaken, they have for years.
http://www.f-secure.com/products/anti-virus/ [f-secure.com]

It really is surprising that not everyone port their AV-software, as the most important part of package is the scanning engine (plus defs) which should be 100% computation (=portable). A Linux version shouldn't need a memory resident part or anything else highly OS-specific, just a simple command line-program that scans a file.

--

Another AV: AVP

[shibboleth]

I haven't used it, but i saw a rcommendation on one website for this commercial antivirus software:

AVP for Linux Workstation is $49.95 The server edition is $560.00
AVP Web-Site: http://www.avp.ch/
Virus Info: http://www.virusdatabase.com/
Bern, Switzerland Email: info@avp.ch
Phone: +41 (0)31 348-1333
Fax: +41 (0)31 348-1335

After Steve Ballmer's interview...

[slaytanic killer]

... the anti-viral software for Linux would be Windows.

What we do...

[wizzy403]

While not an open-source solution, here's what we do where I work. We use Norton Anti-Virus Corporate Edition (The corp-ed is important). This lets us build a NAV server which will go out and grab the updates auto-magically on a schedule (we do it once a day early in the morning). It will then push the updates out to all running clients! And if a client is not online, as soon as it is turned on, it contacts the NAV server and queries if there is a new signature update.

This package is a dream to administer. Once a quarter, Symmantec sends me a CD pack with any updates to the scanning program, and I install this on the server. Because I run Win2K on all the desktops, I can remote-install the software on all the workstations in the building without having to go over and do the usual "Let me know when I can schedule 30 minutes to install this software." crap across a few hundred machines. Plus I never have to worry that someone didn't bother to keep up with the virus updates. I can also schedule scans of any computer whenever I want, and get notified if problems crop up.

As pointed out by someone else, if you're uber-paranoid, just map a network drive to the samba shares and schedule a scan from your NAV server. You can use any system running either NT or 2K for your NAV server. You don't have to dedicate the machine, and the box can even be running the "workstation" flavor of Windows and still be a NAV "server".

Now if you could do all this under Linux that would be super-cool, but until then, I think this will be your best bet. The Server license is a bit more than the usual copy of NAV, but the client licenses are dirt cheap ($10 apiece if I remember correctly) so if you have more than 25 workstations to adminsiter, you're going to be saving TONS of money and time.

Commercial Anti-virus for Unix

[arglesnaf]

McAfee has a version of netshield that run under UNIX