virus scanning software on hpux

p7 · ‎02-16-2005

hi

is it usual practice to run a mcfee-like product on an hpux11i system. we are having a an issue where security people are claiming
that we should be running this on our systems.
i have personally never run these on any unix systems that i have admined. if u have any input pls let me know.

thx in advance

Stephen Keane · ‎02-16-2005

I think your security people should be sent on a UNIX course.

Gordon Morrison · ‎02-16-2005

If there are any viruses that affect HP-UX, then
1) I've never heard of it
2) It's doubtful that it could do much harm, as the first question Unix asks when asked to do anything is "Who the **** are you?" (As opposed to Windoze, which just says "OK".

It's possible someone may have written such a virus back in the 80's as a proof of concept, but if so it never got out of the lab.

Get your security people to read the attachment. It compares windows to Linux, but HP-UX is at least as secure as Linux.

What does this button do?

Pete Randall · ‎02-16-2005

The usual advice is that there are no such things as virii for unix. There are, however, a limited number of scanning packages - see this thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=34986

Pete

Pete

Gordon Morrison · ‎02-16-2005

Hey Patti!
If you want to have some fun with your security people, tell them to get a quote from Mcaffee! ;o)

What does this button do?

Pete Randall · ‎02-16-2005

Here's another relevant thread:

Pete

Pete

Florian Heigl (new acc) · ‎02-16-2005

(If there are no issues with virii on unix, then what's the harm of using a virus scanner)

Also, if the server makes files available to PeeeCeees by any means, he is also the correct point of scanning (before or after making backup is a point to argue on)

Virus scanning tools that should work:
Clam-AV (Opensource)
F-Prot
Sophos Antivir

I would chose either Sophos or Fprot by availability.

Also, You could try to find sense in what Your security people asked You for.
Then You would probably turn to HP HIDS (host intrusion detection system) and a tool for daily checking of baseline security like hp-ux bastille (diff the reports) and a real rootkit-detection as rkhunter.
Also, You would have a daily run of the hp security patch assesment in crontab and report back to them on possible security issues.

Let's just try to work together, hmm?

yesterday I stood at the edge. Today I'm one step ahead.

Helen French · ‎02-16-2005

I wouldn't spend time on looking for AV products for Unix operating systems. But if you have a data server which stores Windows generated files, you may look some products than scans these files and check for viruses. You can also clean these files before it enter the server or scan it from a Windows system shared through network.

Life is a promise, fulfill it!

p7 · ‎02-16-2005

thx alot,

now comes the hard part, convincing them

David DeWitt_2 · ‎02-16-2005

The systems I recently took over seemed to have some sort of outdated virus scanner on them. It gave a cron output something like this:

/bin/nice -15 /usr/local/uvscan/uvscan --config /usr/local/uvscan/uvscan.conf --file /usr/local/uvscan/uvscan.file

I'd never heard of a unix virus scanner, but it looks like it does exist.

Of course as others have pointed out if you have a share it should probably be scanned and you could probably use bastile or at least ipfilter regardless of the share situation.

-dave

Florian Heigl (new acc) · ‎02-16-2005

I come to the idea that most of the people with these opinions never saw thousands of samba directories filled with crap by windows trojans and wouldn't even care if their sendmail was used 'only' to relay spam using buffer overflows.

I come to hope that noone of these runs any internet attached systems.

yesterday I stood at the edge. Today I'm one step ahead.

Stephen Keane · ‎02-16-2005

No samba/NFS, not internet attached, fully patched to date, no sendmail. Guess I'm just not a fan of attaching polluting Windoze boxes to my nice virus free HP servers, but point taken.

Florian Heigl (new acc) · ‎02-16-2005

Stephen - thanks, and yes, seems You have everything in shape. But we can't tell everyone looking at this thread for information also has. :(

yesterday I stood at the edge. Today I'm one step ahead.

TwoProc · ‎02-16-2005

Computer Associates has "eTrust Inoculate IT".
It covers HPUX, Linux, and of course Windoze.
I've not evaluated it - but I saw it on their site recently.

We are the people our parents warned us about --Jimmy Buffett

Sheriff Andy · ‎02-16-2005

Here is a link to mcafee's line scanner. I know for sure that DOD utilizes it.

http://www.networkassociates.com/us/products/mcafee/antivirus/desktop/vs_commandline.htm

Chris Vail · ‎02-16-2005

Its not "usual practice" to run a virus scanner on ANY Unix system, regardless of flavor of Unix. This does not necessarily mean that it is a bad practice. A lot of this has to do with the threat evaluation.

By default, Unix is not very secure. But it is easily tightened up "tighter than a tick". You can make Unix systems so secure they're almost useless.

If your security people insist on a virus scanner for your unix system--make 'em pay for it. Standard Unix security practices make it difficult for anything like a virus to penetrate and affect a Unix system. A far, FAR greater threat is a disgruntled employee installing trojans and back doors. A virus scanner won't protect against these.

A good reference is "Practical Unix and Internet Security". I would tell you the author and publication data, but my boss has borrowed the book and I haven't seen it for a couple of weeks. This is the book used in the HP Security course. My version is old but its been updated recently. I recommend it.

Here we have a homebrew security script that looks for programs that are SUID or appear unexpectedly in /usr/sbin or have any of dozens of suspicious characteristics. This runs every night at 11PM, and we get the results in our inboxes. It doesn't look for viruses, but does examine several possible security issues.

If you're good at scripting, are knowledgeable about security issues, you might be able to write such a thing yourself. Otherwise, just follow good security practices, and all will be much better.

Chris

Biswajit Tripathy · ‎02-16-2005

Pasquale,
You probably have answer to your question by now
from the replies to your posts. One additional thing.

HP has been working on what it calls "Virus
Throttling" technology for sometimes. This is
technology that will be used to scan and slowdown
the rate at which virus and worms spread in the
network.As far as I know, there is no product out
yet in the market.

See some details of about this here:
http://www.nwfusion.com/news/2005/0211rsa-hew.html

An HP Lab tech report is at:
http://www.hpl.hp.com/techreports/2003/HPL-2003-69.html

- Biswajit

:-)

Gordon Morrison · ‎02-16-2005

Thanks to Chris Vail for succinctly saying what I think the rest of us have been trying to say all along:

"Standard Unix security practices make it difficult for anything like a virus to penetrate and affect a Unix system. A far, FAR greater threat is a disgruntled employee installing trojans and back doors. A virus scanner won't protect against these."

While there is nothing in Standard Unix Security Practices to stop someone storing virus-infected files on a Samba share, those files will not affect the Unix host in any way (apart from using up disk space). Only the windows boxes can be affected by them. Your anti-virus software should be running on your windows boxes. Any that have access to the Samba share can detect those infected files and deal with them appropriately.

IMHO, running anti-virus software on Unix machines makes about as much sense as giving quinine to mosquitoes so they don't catch malaria. Mosquitoes don't catch malaria, even though they can carry it. People catch malaria. That's why we have gin & tonic! ;o)

What does this button do?

john kingsley · ‎02-17-2005

My company requires us to run McAfee virus scan on our HP-UX servers because they are part of a mixed windows/unix environment. This means that we have users copying data over samba/ftp/nfs/mail between these systems. Therefore, even though the Unix servers are not vulnerable to the virus attacks, the unix filesystems can still harbor these viruses which can be copied back and infect the windows machines. In such an environment, it is not a bad idea to run the these types of virus scanners. If you do choose to run these scanners, you want to setup them up so they do not automatically clean the infected file. Have it notify you instead.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

virus scanning software on hpux

virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux

Re: virus scanning software on hpux