Date: Fri, 27 Jul 2012 14:20:54 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: On-access AV scanning Message-ID: <501295B6.1080807@infracaninophile.co.uk> In-Reply-To: <20120727191529.01222988@AMD620.ovitrap.com> References: <20120727104308.GA4834@catflap.slightlystrange.org> <alpine.BSF.2.00.1207271249160.20428@wojtek.tensor.gdynia.pl> <20120727110019.GB4834@catflap.slightlystrange.org> <alpine.DEB.2.00.1207270715360.9614@nber9.nber.org> <20120727114729.GC4834@catflap.slightlystrange.org> <20120727191529.01222988@AMD620.ovitrap.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigFEF158F1430544BE80FB982A
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 27/07/2012 13:15, Erich Dollansky wrote:
> You will not find them. The scanners running on FreeBSD are looking for=
> Windows pests.
> Does it scan for FreeBSD viruses? I would wonder.
AV Scanners are looking for the signature of any known malware. The
important word there is 'known' -- it's malware that has come to the
attention of the AV software manufacturers and that they have published
a "fingerprint" of. They don't generally work heuristically; ie. so
that they could detect and stop a 0-day malware automatically.
Now, as the vast majority of known malware affects Windows -- there are
3 or 4 known worms that used to affect Linux and I think one that would
also have affected FreeBSD (but those all relied on old and vulnerable
versions of Apache to spread and they are from many years ago in any
case) plus a recent virus or two that attacks MacOS X -- then any AV
scanner is, pretty much by definition, going to be looking for Windows
malware.
In the light of that, the OP's workplace AV policy is clearly
nonsensical when applied to a FreeBSD desktop. Scanning shared
filesystems at regular intervals and scanning incoming mail or web
content is generally sufficient to keep a FreeBSD box clean and also
protect a whole network-full of Windows clients that access it as a
server from most avenues of infection.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
--------------enigFEF158F1430544BE80FB982A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlASlbYACgkQ8Mjk52CukIz6RgCeN13tKQyA3ljdQYRrsDVHN+0l
iZcAniNPMTC+FuB4aNzj2uaxCI7owFRA
=uSF7
-----END PGP SIGNATURE-----
--------------enigFEF158F1430544BE80FB982A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?501295B6.1080807>