Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Jul 2012 20:01:31 +0700
From:      Erich Dollansky <erichfreebsdlist@ovitrap.com>
To:        Daniel Bye <freebsd-questions@slightlystrange.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: On-access AV scanning
Message-ID:  <20120727200131.268f2d4e@AMD620.ovitrap.com>
In-Reply-To: <20120727123811.GF4834@catflap.slightlystrange.org>
References:  <20120727104308.GA4834@catflap.slightlystrange.org> <alpine.BSF.2.00.1207271249160.20428@wojtek.tensor.gdynia.pl> <20120727110019.GB4834@catflap.slightlystrange.org> <alpine.DEB.2.00.1207270715360.9614@nber9.nber.org> <20120727114729.GC4834@catflap.slightlystrange.org> <20120727191529.01222988@AMD620.ovitrap.com> <20120727123811.GF4834@catflap.slightlystrange.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi,

On Fri, 27 Jul 2012 13:38:11 +0100
Daniel Bye <freebsd-questions@slightlystrange.org> wrote:
> On Fri, Jul 27, 2012 at 07:15:29PM +0700, Erich Dollansky wrote:
> > On Fri, 27 Jul 2012 12:47:29 +0100
> > Daniel Bye <freebsd-questions@slightlystrange.org> wrote:
> > > On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote:
> > > > On Fri, 27 Jul 2012, Daniel Bye wrote:
> > > > >On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar
> > > > >wrote:
> > > > >>>Are there any current options available to support on-access
> > > > >>>antivirus scanning on FreeBSD?
> > 
> > why should it be available when it is not needed?
> 
> Because the IT policy (currently) requires it. I don't agree with that
> policy, but there you are - I don't have the authority to simply
> ignore it.
> 
no, no, I meant why should FreeBSD need them. I am aware of your
problem.
> 
> Yes, I know. But we have petabytes of file systems shared over
> SMB/CIFS, so if a Windows machine inroduces something to the network,
> it strikes me as reasonable that if my (still putative) FreeBSD
> system finds it before another Windows system, I have potentially
> prevented a much wider problem.
> 
Why don't you get a FreeBSD machine which scans the network traffic and
have some fun with the results?
> 
> > The security concepts of FreeBSD are 100% different. They will never
> > match this kind of policy.
> 
> Yes, and I am hoping that that fact is enough to persuade him that the
> current policy (which he inherited, by the way, he didn't have a hand
> it its establishment) is no longer applicable in an increasingly
> mixed environment (Polytropon brought up the obvious matter of
> smartphones and tablets and other devices).
> 
Why don't you have another try? We use very often a FreeBSD machine
with more CPU power as a server and older machines just as thin
clients. These machines can be Windows machines running whatever virus
scanners you want and an X server (cygwin will do). Your applications
run actually on the FreeBSD machine and the Windows machine is only a
terminal.

I think that this could match your policy and also shows how pointless
the policy is.

Erich



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20120727200131.268f2d4e>