From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 18:47:34 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 97F1E1065757 for ; Fri, 27 Jul 2012 18:47:34 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 56EFE8FC0A for ; Fri, 27 Jul 2012 18:47:34 +0000 (UTC) Received: from r56.edvax.de (port-92-195-22-218.dynamic.qsc.de [92.195.22.218]) by mx01.qsc.de (Postfix) with ESMTP id A46553D2F7; Fri, 27 Jul 2012 20:47:32 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id q6RIlWr4005178; Fri, 27 Jul 2012 20:47:32 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Fri, 27 Jul 2012 20:47:32 +0200 From: Polytropon To: Mark Felder Message-Id: <20120727204732.c143bc3d.freebsd@edvax.de> In-Reply-To: References: <20120727104308.GA4834@catflap.slightlystrange.org> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: On-access AV scanning X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 18:47:34 -0000 On Fri, 27 Jul 2012 13:10:12 -0500, Mark Felder wrote: > Virus scanning should not be your problem. If the Windows users in the > organization have an antivirus solution there is no need for you to have > one. It doesn't matter if you share files over SAMBA -- when they access > the files their virus scanner will check them. His "problem" is that there's a corporate reglementation of what he has to do, which he needs to obey in order to keep his job. Even though this ruleset contains something stupid (or even impossible), it's a requirement. Of course a stupid one, but it does exist. Surely it would be better for the company that has _admitted_ to have had more than one significant infection to do the simplest, most stupid and absolutely basic tasks: 1. educate users, repeat educating users, continue educating users 2. connect "Windows" PCs through a non-"Windows" scanning facility to the Internet; think about who needs Internet and who doesn't 3. limit access to local storage (CD, DVD, USB sticks) and force those to be "inserted" to the network (e. g. as a CIFS share) again through a non-"Windows" scanning facility; again think about who should be allowed to enter "foreign data" to the company network and _how_ it is _required_ to be done 4. consider the whole network, also think about (W)LAN or BT connected smartphones, printers, networking gear 5. learn about viruses, trojans, malware: how they work, how they are used and therefore how to "actively act against them" 6. understand security as a process, not a stupid list that tells you to "have a virus scanner on the system that works on access"; now go to item 1 again Of course, _none_ of those points seems to be on the agenda at the moment. There's still the rule "You must have a virus scanner on your computer that acts as on-access scanner and scans for any viruses." It misses both that FreeBSD is not infectable by "Windows" viruses, and it does not prevent any "non-virus" attacks (such as per smartphone, per printer, per human stupidity and carelessness). So I think Daniel is actually on the best road at the moment. Sure, it won't make _his_ system safer, and it won't make other systems safer, but it will conform to the rules. If he's able to use FAM/Ganim as the "on-access" part, and a virus scanner he finds suitable for the "virus scan" part, that should be sufficient. if(system_has_scanner && scan_on_access) allow_system(); else if(insist_on_system) fire(Daniel); else deny_system(); Obeying can be fun, if it _is_ that easy. :-) Maybe later on, he can convince his superior to switch on his brain for thinking about the corporate guidelines. It's worth it, and it saves money. I'm confident that it is a chance to finally dump the stupid idea of insisting to have a virus scanner on FreeBSD where there are no viruses it could scan for. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...