From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 13:20:59 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 72C371065672 for ; Fri, 27 Jul 2012 13:20:59 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id D84198FC1A for ; Fri, 27 Jul 2012 13:20:58 +0000 (UTC) Received: from seedling.local (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id q6RDKsSH054944 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Fri, 27 Jul 2012 14:20:54 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: OpenDKIM Filter v2.5.2 smtp.infracaninophile.co.uk q6RDKsSH054944 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1343395254; bh=2XLQ12adrERRIqbSSkOeOty6mfzIh+J8mmZ8YNO9Z08=; h=Date:From:To:Subject:References:In-Reply-To:Cc:Content-Type: Message-ID:Mime-Version; b=fqrNiX4aR+bbTzmoZJYGUD4Kaof/yJS9UC3WKQDAvy1mMhfZB4vme8Am3vWxXZz0M IIdwqggi+QKhmN07CzZakjQ/uw43U/UqX58zIxJYOUi6z76Q9yjPnIIaahu+HpUVmx yb74k3se/c3pAkB/5n63KdiTEeYlDxFx1mjqeIs8= X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host seedling.black-earth.co.uk [81.187.76.163] claimed to be seedling.local Message-ID: <501295B6.1080807@infracaninophile.co.uk> Date: Fri, 27 Jul 2012 14:20:54 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20120727104308.GA4834@catflap.slightlystrange.org> <20120727110019.GB4834@catflap.slightlystrange.org> <20120727114729.GC4834@catflap.slightlystrange.org> <20120727191529.01222988@AMD620.ovitrap.com> In-Reply-To: <20120727191529.01222988@AMD620.ovitrap.com> X-Enigmail-Version: 1.4.3 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigFEF158F1430544BE80FB982A" X-Virus-Scanned: clamav-milter 0.97.5 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_ADSP_ALL,DKIM_SIGNED,T_DKIM_INVALID autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Subject: Re: On-access AV scanning X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 13:20:59 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigFEF158F1430544BE80FB982A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 27/07/2012 13:15, Erich Dollansky wrote: > You will not find them. The scanners running on FreeBSD are looking for= > Windows pests. > Does it scan for FreeBSD viruses? I would wonder. AV Scanners are looking for the signature of any known malware. The important word there is 'known' -- it's malware that has come to the attention of the AV software manufacturers and that they have published a "fingerprint" of. They don't generally work heuristically; ie. so that they could detect and stop a 0-day malware automatically. Now, as the vast majority of known malware affects Windows -- there are 3 or 4 known worms that used to affect Linux and I think one that would also have affected FreeBSD (but those all relied on old and vulnerable versions of Apache to spread and they are from many years ago in any case) plus a recent virus or two that attacks MacOS X -- then any AV scanner is, pretty much by definition, going to be looking for Windows malware. In the light of that, the OP's workplace AV policy is clearly nonsensical when applied to a FreeBSD desktop. Scanning shared filesystems at regular intervals and scanning incoming mail or web content is generally sufficient to keep a FreeBSD box clean and also protect a whole network-full of Windows clients that access it as a server from most avenues of infection. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enigFEF158F1430544BE80FB982A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlASlbYACgkQ8Mjk52CukIz6RgCeN13tKQyA3ljdQYRrsDVHN+0l iZcAniNPMTC+FuB4aNzj2uaxCI7owFRA =uSF7 -----END PGP SIGNATURE----- --------------enigFEF158F1430544BE80FB982A--