From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 11:23:45 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99AEB1065676 for ; Fri, 27 Jul 2012 11:23:45 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 578FB8FC0C for ; Fri, 27 Jul 2012 11:23:45 +0000 (UTC) Received: from r56.edvax.de (port-92-195-22-218.dynamic.qsc.de [92.195.22.218]) by mx01.qsc.de (Postfix) with ESMTP id 894893CEE7; Fri, 27 Jul 2012 13:23:37 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id q6RBNac6003450; Fri, 27 Jul 2012 13:23:37 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Fri, 27 Jul 2012 13:23:36 +0200 From: Polytropon To: Daniel Bye Message-Id: <20120727132336.9d2289e8.freebsd@edvax.de> In-Reply-To: <20120727110019.GB4834@catflap.slightlystrange.org> References: <20120727104308.GA4834@catflap.slightlystrange.org> <20120727110019.GB4834@catflap.slightlystrange.org> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: On-access AV scanning X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 11:23:45 -0000 On Fri, 27 Jul 2012 12:00:19 +0100, Daniel Bye wrote: > All desktops/workstations (that is, all of them, every single one), > must have AV software running on them. There will be no exceptions, on pain > of dismissal. Why is the AV software running on FreeBSD not sufficient in the opinion of your superior (or by the guidelines of the corporate directives)? And those who bring a smartphone to work (private or company use), how do they run AV software on those _IT devices_? :-) Oh, and how is AV software brought to the company network printers, the LAN gear and WLAN APs and everything else that can be infected, exploited, ruined or damaged? Or do they simply not count as "desktop/workstation" as you mentioned? In that case: Happy attack vectors. :-) Excuse my sarcasm, but there's a little truth in it, when seen from an IT security point of view. Really, I _do_ understand your problem (or better the problems others created for you). Try to get more specific statements to what kind of AV software with which "action attributes" is required and try to construct a solution that will be sufficient in the _view_ of the responsible superiors. The less they do actually understand, the easier it should be. FreeBSD does _have_ AV software, but not _for_ FreeBSD per se (as it cannot be infected by viruses, trojans and malware that are designed explicitely for "Windows" platforms), but it can very well detect them. This all still does not help against human stupidity. Feel free to show this article and make use of its arguments: Robert McMillan: Is Antivirus Software a Waste of Money? http://www.wired.com/wiredenterprise/2012/03/antivirus/ A _responsible_ and well-educated IT representative should form his own intelligent opinions, instead of trying to blindly corporate guidelines which are possibly _impossible_ to instantiate. My idea for a solution: You can use a file access monitor (FAM) to detect when a new file enters the system, and then immediately have it scanned by a virus scanner you have already installed from ports. Next issue: "You need a virus scanner that inspects network packets!" :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...