Date: Fri, 27 Jul 2012 20:01:31 +0700 From: Erich Dollansky <erichfreebsdlist@ovitrap.com> To: Daniel Bye <freebsd-questions@slightlystrange.org> Cc: freebsd-questions@freebsd.org Subject: Re: On-access AV scanning Message-ID: <20120727200131.268f2d4e@AMD620.ovitrap.com> In-Reply-To: <20120727123811.GF4834@catflap.slightlystrange.org> References: <20120727104308.GA4834@catflap.slightlystrange.org> <alpine.BSF.2.00.1207271249160.20428@wojtek.tensor.gdynia.pl> <20120727110019.GB4834@catflap.slightlystrange.org> <alpine.DEB.2.00.1207270715360.9614@nber9.nber.org> <20120727114729.GC4834@catflap.slightlystrange.org> <20120727191529.01222988@AMD620.ovitrap.com> <20120727123811.GF4834@catflap.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Fri, 27 Jul 2012 13:38:11 +0100 Daniel Bye <freebsd-questions@slightlystrange.org> wrote: > On Fri, Jul 27, 2012 at 07:15:29PM +0700, Erich Dollansky wrote: > > On Fri, 27 Jul 2012 12:47:29 +0100 > > Daniel Bye <freebsd-questions@slightlystrange.org> wrote: > > > On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote: > > > > On Fri, 27 Jul 2012, Daniel Bye wrote: > > > > >On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar > > > > >wrote: > > > > >>>Are there any current options available to support on-access > > > > >>>antivirus scanning on FreeBSD? > > > > why should it be available when it is not needed? > > Because the IT policy (currently) requires it. I don't agree with that > policy, but there you are - I don't have the authority to simply > ignore it. > no, no, I meant why should FreeBSD need them. I am aware of your problem. > > Yes, I know. But we have petabytes of file systems shared over > SMB/CIFS, so if a Windows machine inroduces something to the network, > it strikes me as reasonable that if my (still putative) FreeBSD > system finds it before another Windows system, I have potentially > prevented a much wider problem. > Why don't you get a FreeBSD machine which scans the network traffic and have some fun with the results? > > > The security concepts of FreeBSD are 100% different. They will never > > match this kind of policy. > > Yes, and I am hoping that that fact is enough to persuade him that the > current policy (which he inherited, by the way, he didn't have a hand > it its establishment) is no longer applicable in an increasingly > mixed environment (Polytropon brought up the obvious matter of > smartphones and tablets and other devices). > Why don't you have another try? We use very often a FreeBSD machine with more CPU power as a server and older machines just as thin clients. These machines can be Windows machines running whatever virus scanners you want and an X server (cygwin will do). Your applications run actually on the FreeBSD machine and the Windows machine is only a terminal. I think that this could match your policy and also shows how pointless the policy is. Erich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120727200131.268f2d4e>