Operating System - HP-UX
1748181 Members
4070 Online
108759 Solutions
New Discussion юеВ

antiviral On unix system?

 
SOLVED
Go to solution
farhi
Advisor

antiviral On unix system?

I have a cluster with two Rp5470 servers, and my customer asks me to integrate an antiviral solution there, and I don't know how to convince him that it???s useless in such environment. I will like to know if I am right and if it is yes, could someone give me elements (documents???) to convince him. I would be you very thankful. It???s very urgent.
Hold to forgiveness; command what is right; but turn away from the ignorant.
8 REPLIES 8
Sridhar Bhaskarla
Honored Contributor

Re: antiviral On unix system?

Hi,

There is nothing called virus on the UNIX systems. But there are programs called "trojen horses" that could damage the OS. So, it is essential that you keep your system secure. You have to tighten the system in all possible ways. The following document can help you in securing the system.

http://people.hp.se/stevesk/bastion11.html

Regular auditing for logins, su attempts is very necessary. root's password must be kept secret and strict password policies are to be implemented.

Following is a simple example what will happen if the system is not secured. Say .profile of root is with world-wide permissions. So an ordinary user can modify the profile and keep the following entry

PATH=/somewhere:$PATH

Then he will keep a small script called ll in /somewhere that reads

#!/usr/bin/ksh
echo "myuser hostname" >> /.rhosts
/usr/bin/ll $1

Next time when root logs in and executes ll, there will be no difference for root. However, the user will get added to the .rhosts file of root and could do anything on the system.

-Sri


You may be disappointed if you fail, but you are doomed if you don't try
Sridhar Bhaskarla
Honored Contributor

Re: antiviral On unix system?

Hi (Again),

Though Unix systems won't get infected by viruses,they can be carriers of virus. For ex., if your unix server is a mail server and is accessed by PC clients, there is a possibility of virus being introduced into the mailboxes through PCs. They may not affect UNIX but can spread to other PCs depending on how they are accessed.

So, there are anti-viral softwares available depending on the software you use.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
farhi
Advisor

Re: antiviral On unix system?

Thank you Sri, but I really need document to show my customer to convince him that is no virus in Unix environment.
Regards
Hold to forgiveness; command what is right; but turn away from the ignorant.
Sridhar Bhaskarla
Honored Contributor

Re: antiviral On unix system?

Hi,

Try this documentation as provided by HP.


[broken link removed on <4/5/2017> by Mod]

If it doesn't work, then go to itrc.hp.com, click on search knowledge database, change the criteria to "select by Doc.ID", enter KBRC00008034 and then click search.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
harry d brown jr
Honored Contributor

Re: antiviral On unix system?


Start here [broken link removed on <4/4/2017> by Mod]

live free or die
harry

Live Free or Die
Steven E. Protter
Exalted Contributor

Re: antiviral On unix system?

There actually is source code available for a Unix virus checker. Its designed for Linux but if you are a hard worker, you might get it to compile and run on HP-UX.

It is pretty useless however, since mostly you'll just zap mail attachments on their way to PC's that should be protected anyway.

Bastille would be helpful, it hardens security.

https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6849AA&date=

Here is a link to an anti virus thread.

[broken link removed on <4/4/2017> by Mod]

There are links to a pulic domain gnu type virus checking software for Linux.

P

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
farhi
Advisor

Re: antiviral On unix system?

Hi,
doc.ID KBRC00008034 gives no result.
Hold to forgiveness; command what is right; but turn away from the ignorant.
Robert-Jan Goossens
Honored Contributor
Solution

Re: antiviral On unix system?

Hi,

Can HP-UX be attacked by a virus?

date: 9/20/01
document description: Can HP-UX be attacked by a virus?
document id: KBRC00008034

You may provide feedback on this document

Can HP-UX be attacked by a virus?
DocId: KBRC00008034 Updated: 9/24/01 4:36:00 AM
PROBLEM
Can HP-UX be attacked by a virus? Is there anti-virus HP-UX software?
RESOLUTION

"Trojans" for UNIX, can exist and would very easy to script. For example: a
script that calls /sbin/rm -f /* executed by root will delete the files under /
(exception would be /sbin and /sbin/rm and the shell because they are in use).
While some people consider trojans a virus, they are not.

A virus has certain characteristics which would define them as a virus. First,
a virus is usually memory resident. This means that the virus sits in memory
and looks for keys to attack files. Usually the dos extension to the file
name, for example .exe files and .com files. Next, a virus must be at least a
nuisance, like writing "hacked by chinese" in the case of CodeRed. It also
causes an unwanted change to an attacked file. A program that sat in memory and
wrote ficticous message to files would be a virus. A virus must also spread
itself in one way or another.

Because the virus usually needs a trigger (like the .bat, .exe or some other
executable) a UNIX virus is much more difficult to create. Since /usr/bin/rm is
an executable not denoted by rm.exe, the virus would not be able to tell by
name what is an executable to infect and spread, and what is not. /etc/hosts
would look the same to a virus as /etc/ping. A virus would have to be huge to
sit in memory and be able to stat all files, run magic, check bits, etc...
to know how to spread.

Next, in UNIX the kernel is memory resident. When the system boots the kernel,
it is read only. The kernel sits in memory until system shutdown. If a virus
was to infect the kernel, it would not be effective until the system was
rebooted with the bad kernel. In Win/XXXX the kernel sits on a disk, and is
constantly accessed.

The next problem with running a virus in UNIX is that the virus can only run at
the access level of the user who executes the program. For example: if johndoe
executes the program, the program can only affect johndoe's processes and
files. Anything owned by root, and bettysue would be unaffected. The virus
could only do wide spread system damage if the super-user root executed the
virus. This severely limits the ability of a virus in UNIX. Windows NT and
2000 also have multi-leveled access for processes, but the implementation is
very easy to bypass.

In SunOS and Linux, the virus scanning software that is available is NOT for
UNIX/Linux protection, but Microsoft Windows protection. The software is made
to scan data shared to and from Windows boxes.

The best defense in UNIX to the Virus threat is common sense, built in UNIX
functionality, and basic security measures.

Based on this information, viruses do not pose a threat to a Unix system, where
as anyone with root access does. Limit or do not give out root access.

ALT KEYWORDS
unix, hpux, virus, virii, anti-viral
You may provide feedback here

To help us improve our content, please provide feedback and any additional comments below. If you have a problem or a question that needs immediate attention, please submit a call or contact your HP Response Center instead.
Robert-Jan.