topic Re: virus scan in Operating System - HP-UX

virus scan

EAB — Mon, 28 Mar 2005 08:14:33 GMT

hi,
i know that this question is asked before ,
but i need to confirm for our audit ,
they insist to use virus scan for our HP-UX server ,
this server is using only as host for database which is accessed by windows application server
and the ftp is restricted and allow only for this application server
so i need to confirm to them there is no risk from this issue ,
and if there any white paper related to this subject,

Thanks
Manal

Re: virus scan

harry d brown jr — Mon, 28 Mar 2005 08:27:43 GMT

if your auditors are that stupid then they should be escorted to the door.

just do a search on this site for "virus" for tons of opinions and documentation

live free or die
harry d brown jr

Re: virus scan

HGN — Mon, 28 Mar 2005 08:34:06 GMT

Hi

There is no virus check required for unix. I think they should be aware of this.

Rgds

HGN

Re: virus scan

EAB — Mon, 28 Mar 2005 08:48:08 GMT

thanks a lot for all of you

Regards,
Manal

Re: virus scan

Chris Vail — Mon, 28 Mar 2005 11:43:32 GMT

I'm going to be not quite so vehement as some of the others who have suggested that your auditors are total loons for having suggested a virus scan for HPUX. However, this is very tempting.

Most versions of unix are very resistant to virus style attacks. Purchasing a virus scanner may be a good idea IF your primary mail server is Unix, and not something that runs on the OS's made famous by that company headquartered in Redmond, Washington. One of the design advantages of this is that any virus detected is unlikely to attack the server itself.

Normal, ordinary systems administration practices make it very difficult for a virus to attack--but these are not completely unheard of. If all defaults are accepted, most versions of unix are very unsecure. But it is easy, cheap and fast to make them more secure. If you're not familiar with Unix security practices, I recommend _Practical Unix and Internet Security_ by Garfinkle and Spafford.

In Unix, the primary security threats are back doors, trojans, buffer overflow attacks and unpatched operating systems. No virus scanner can detect these.

The best Unix security is a trained administrator and trained users, along with a pro-active program of scanning and audits. It doesn't take a lot of software, time or effort to secure Unix, but it does require an "attitude of security" amongst the administrators, the users, and especially management. Audits are good. Audit yourself, audit everyone else, and encourage others to audit you. You'll have a safe and happy computer environment for a long time if you do.

Chris

Re: virus scan

Alex Lavrov. — Mon, 28 Mar 2005 11:54:51 GMT

The only reason to scan unix server, I think when it's Samba server, so it has shared directories to many windows system and they can be infected through them.

We have McAfee antivirus running on HPUX server with Samba exports.

Regards,
alex

Re: virus scan

Bill Hassell — Mon, 28 Mar 2005 16:00:22 GMT

As mentioned, viruses have never been reported on HP-UX. Like most of the commercial versions of Unix, HP-UX runs on totally proprietary hardware with very little documentation about the boot record areas and nothing whatsoever compatible with an Intel processor. Viruses are almost always written in assembler or compiled to produce Intel x86 instructions which are just random data on a PA-RISC computer. In fact, the boot record area and the details needed to infect this area are different among various models of HP 9000, way too much work for even the experienced hacker.

So the only vulnerability associated with HP-UX is as an email server for a bunch of PCs. The emails have no effect on the HP-UX box so the vulnerability (as always) is in the PC client reading the mail. Tell the auditors to run virus scans on the PC clients.

The other source of viruses is found in disk sharing, and as with email, the PC is both the creator and target for the viruses. Like any filesystem, the virus scan must also look at the shared disk(s). HP-UX does nothing with infected files from PCs. You can try to run them but since they have the instructions and executable format, the file is 100% rejected. So unless you are sharing disk space with PCs, this is non-issue.

And since there is no virus scan program for HP-UX, it will be pretty hard to perform this task. The closest you could come to auditing HP-UX is to run the security_patch_check program (which should be done for all secure servers).

Re: virus scan

Alex Lavrov. — Mon, 28 Mar 2005 16:05:56 GMT

Hello Bill,

there are virus scanners for HPUX. Of course they look for PC viruses, but they are HPUX executables and run on the server.

For example:
http://trialware.techrepublic.com/abstract.aspx?scid=2004&docid=77773

Regards,
Alex

Re: virus scan

Hank Eggers — Tue, 29 Mar 2005 10:13:35 GMT

Bill,

We use the McAfee unix command line version on our linux pop3 email server. (Should work fine for HPUX) We check every 1/2 hour for .dat file updates from McAfee using cron.

As others have stated we don't use it to scan the unix filesystem per say..just incoming and outgoing email. But the McAfee version works good for us for this purpose. Hope this helps.

Re: virus scan

EAB — Tue, 29 Mar 2005 10:17:59 GMT

hi all,
thanks for your feed back ,
so the conclusion is ,
if we don't use HP-UX server as email server or using any S/W like SAMBA to connect to windows server then we didn't need virus scan for our case

pls. confirm

Regards,
Manal

Re: virus scan

Alex Lavrov. — Tue, 29 Mar 2005 10:21:12 GMT

Yes.