From owner-freebsd-security Wed May 20 18:51:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA17677 for freebsd-security-outgoing; Wed, 20 May 1998 18:51:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from goliath.camtech.net.au (goliath.camtech.net.au [203.5.73.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA17551 for ; Wed, 20 May 1998 18:50:21 -0700 (PDT) (envelope-from newton@camtech.com.au) Received: from sebastion.sa.camtech.com.au (sebastion.sa.camtech.com.au [203.28.3.2]) by goliath.camtech.net.au (8.8.5/8.8.2) with ESMTP id LAA05083; Thu, 21 May 1998 11:16:47 +0930 (CST) Received: (from smtp@localhost) by sebastion.sa.camtech.com.au (8.8.5/8.8.7) id LAA02391; Thu, 21 May 1998 11:19:44 +0930 (CST) Received: from slingshot(192.168.1.2) by sebastion via smap (V2.0) id xma002389; Thu, 21 May 98 11:19:32 +0930 Received: from frenzy.ct (newton@frenzy.ct [192.168.4.65]) by slingshot.camtech.com.au (8.6.12/8.6.12) with ESMTP id LAA11667; Thu, 21 May 1998 11:17:07 +0930 From: Mark Newton Received: (from newton@localhost) by frenzy.ct (8.8.8/8.8.8) id LAA25157; Thu, 21 May 1998 11:19:29 +0930 (CST) Message-Id: <199805210149.LAA25157@frenzy.ct> Subject: Re: Virus on FreeBSD In-Reply-To: <199805210018.RAA04596@passer.osg.gov.bc.ca> from Cy Schubert - ITSD Open Systems Group at "May 20, 98 05:18:37 pm" To: cschuber@uumail.gov.bc.ca Date: Thu, 21 May 1998 11:19:29 +0930 (CST) Cc: egravel@elr346.ateng.az.honeywell.com, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Cy Schubert - ITSD Open Systems Group wrote: > Stunt Pope wrote: > > Thanks for all the info. Now for a second question. Since there is an > > antivirus made by McAfee for Linux, Solaris, HP-UX, AIX (and one or two > > more Unix OS's) is there anything similar made for FreeBSD? What can > > one download/purchase to prevent: > > > > 1- Arrival/infection of the system from any virus that would target > > FreeBSD? > > 2- Presence of virii for any other OS in any file on the system? In addition to Cy's comments about the Linux "virus", I'd also point out that TTBOMK McAfee's virus scanners for Unix don't search for Unix viruses; They search for Wintel and Mac viruses enclosed within email attachments on Unix mail servers. As such they fit category 2 above. Category 1 is so far off the radar that it isn't worth considering -- IF one shows a little bit of discipline with the use of one's hash prompt (i.e.: don't go running foreign binaries as root unless you trust 'em). Since most people seem to show that required discipline, I'd guess that the law of diminishing returns makes it unworthwhile to actually write Unix viruses in the first place. LKMs open vast new vistas of potential for viruses, btw. I attended a series of seminars given my Kirk some number of years ago, where he said the decision to avoid expending development time on LKMs for 4.4BSD was partly motivated by the security concerns raised by the ability to move executable code from user-space (i.e.: the filesystem) into the kernel. Mitnick's SunOS "tap" streams module is but one example :-) - mark --- Mark Newton Email: newton@communica.com.au Systems Engineer and Senior Trainer Phone: +61-8-8303-3300 Communica Systems, a member of the Fax: +61-8-8303-4403 CAMTECH group of companies WWW: http://www.communica.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message