HPE Community
Operating System - HP-UX
1755726 Members
2464 Online
108837 Solutions
New Discussion юеВ

Virus checking on unix

 
SOLVED
Go to solution
Peter Gillis
Super Advisor

тАО11-16-2004 11:45 AM

тАО11-16-2004 11:45 AM

Virus checking on unix

Hi
RP2450 and RP2470 machines - running ux11.0 and ux 11.11 v1

Anyone suggest where Imight get an official stand from hp on the necessity or not for running virus scans on HP unix machines. If there is a way, please suggest a location where I might get info on how to scan for and protect the machines.

Thanks
maria
0 Kudos
Reply
13 REPLIES 13
Steven E. Protter
Exalted Contributor

тАО11-16-2004 11:57 AM

тАО11-16-2004 11:57 AM

Solution

Re: Virus checking on unix

Official stand on Unix.

Almost all viruses are designed to corrupt Windows machines. Far more targets, much greater havoc.

Anti virus software is of little utility on HP-UX. It would not necessarily detect a script written to use up all the cpu by spawning unlimited copies of itself.

Sendmail gleefully transmits viruss meant for Windows machines to Windows users with no ill effect on the HP-UX or Linux server they pass through.

On that point, I would say if you opened up selected directories to CIFS/samba and used a symmantec product, you could scan an HP-UX system for virus.

The way our organization protects Unix is thus. All unix email is relayed via a smtp relay server. Also a symanntec product. All viruses too or from are eliminated at that stage.

Summary: No real business need for anti-virus software on Unix. There are open source solutions you can compile if in spite of this logic you wish to proceed.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven E. Protter
Exalted Contributor

тАО11-16-2004 12:00 PM

тАО11-16-2004 12:00 PM

Re: Virus checking on unix

That first line came out bad.

Should read: Unix's official stand as repeated by me.

Sorry.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Michael Tully
Honored Contributor

тАО11-16-2004 12:33 PM

тАО11-16-2004 12:33 PM

Re: Virus checking on unix

Hi Maria,

You'd be better off looking at products like HIDS that actually monitor certain functions of your system. The way unix systems are attacked are in a variety of ways, one being where system files or passwords might be compromised. Once the files have been infultrated, they can launch a further attack on your system by gaining control and then attempting to do further damage. Have a look at the offerings, you'll see they do a number of things. We are evaluating it now (HIDS) and once you work out what to monitor it gets easier.

There is no official stand, however HP will say to protect your system(s) by deploying tools like HIDS, Bastille etc. Many are free. Here are some links.

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

Regards
Michael
Anyone for a Mutiny ?
Reply
Ivajlo Yanakiev
Respected Contributor

тАО11-16-2004 07:20 PM

тАО11-16-2004 07:20 PM

Re: Virus checking on unix

Hi there,

First time when I find virus on my linux server I can't believe but it was.
YES there are virus for Unix.


Reply
Peter Gillis
Super Advisor

тАО11-17-2004 08:00 AM

тАО11-17-2004 08:00 AM

Re: Virus checking on unix

Ivajlo,
How did the virus present itself?
Maria
0 Kudos
Reply
John Kittel
Trusted Contributor

тАО11-17-2004 09:46 AM

тАО11-17-2004 09:46 AM

Re: Virus checking on unix

We use samba on HP-UX to offer file/disk shares to Windows PCs. We run sophos on the HP-UX system to scan for Windows viruses on the share directories. Has never found one yet.

Sample output from the sophos cron job:

Sweeping /u01 filesystem

SWEEP virus detection utility
Version 3.80, April 2004 [HP-UX/HP-PA]
Includes detection for 89009 viruses, trojans and worms
Copyright (c) 1989,2004 Sophos Plc, www.sophos.com

System time 23:10:03, System date 16 November 2004
Command line qualifiers are: -nsc -nb --no-reset-atime --no-follow-symlinks

Quick Sweeping


23039 files swept in 4 minutes and 16 seconds.
No viruses were discovered.
End of Sweep.
Reply
Peter Gillis
Super Advisor

тАО11-17-2004 09:53 AM

тАО11-17-2004 09:53 AM

Re: Virus checking on unix

Thanks for the info. this is all rather new to me..dealing with scanning and vireus detection . I was wondering, viruses only get on a system if sent or pass through the mail system on your server??
Maria
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО11-17-2004 11:02 AM

тАО11-17-2004 11:02 AM

Re: Virus checking on unix

Sorry - I haven't encountered a situation on my HP systems so far where I run some tool and it shows me a 'bug' saying that a file/memory got virus.

The most common threats (I don't call them viruses) are trojan horses on the system. You get a consultant (or a disgruntled employee) that worked on your system as root, leaves couple of suid-root programs in some unnoticiable places that simply spawn a shell , add couple of user logins. Anytime he/she could get into the box as long as it has network connectivity, use those suid programs to gain root access. Or that person could replace your /usr/bin/ls with a small script of their choice. They could also connect to some of the open ports like sendmail etc., run some malicious code to overflow the buffers and make the OS to give out shell. Viruses like Blaster worm simply sit on windoz boxes in the environment and do a continous polling of ports like RPCD and make them to crash. Or someone can put a sniffer on the wire connecting to your machine and watch the cleartext traffic containing secure information.

You will need to strenghthen the security on the systems by

1. Closing all the ports/services that are not necessary.
2. Encrypt the communication as much as possible using ssh, hardware encryption etc.,
3. Pay atmost attention to security patches. Subscribe to HP's bulletin and act on the security patches as soon as you can. People first try 'widely known' attacks first.
4. Have some tools like eSM, Cops, Satan, Bastille etc., t o report and fix the issues.
5. Minimize the number of users that have access to the system. No sharing of root passwords.
6. Implement strict account measures like password aging, expiry etc.,

HP can only be a carrier of viruses. So, you can store PC files containing viruses and distribute them to other systems. If you are running applications such as Samba, mail etc., that get/put files on PC, then you may want to run virus scans for those files as indicated in the previous threads.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Steven E. Protter
Exalted Contributor

тАО11-17-2004 11:09 AM

тАО11-17-2004 11:09 AM

Re: Virus checking on unix

I have just started reading a new Book called HP-UX Security by Chris Wong.

She states contrary to what I said that Viruses do exist for HP-UX.

So. I was wrong.

Big enough to admit it.

Still the premise that most viruses are aimed at Windows boxes, a more target rich environment is true.

If I pick up any tips as I read the book, I'll let you know. Book is probably worth having.

http://www.amazon.com/exec/obidos/tg/detail/-/0130330620/qid=1100736575/sr=1-1/ref=sr_1_1/102-7832521-3745723?v=glance&s=books

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.