From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 11:47:33 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9886C1065672 for ; Fri, 27 Jul 2012 11:47:33 +0000 (UTC) (envelope-from dan@slightlystrange.org) Received: from lhscloud01.localhostservices.net (lhscloud01.localhostservices.net [83.222.226.222]) by mx1.freebsd.org (Postfix) with ESMTP id 3D1E68FC14 for ; Fri, 27 Jul 2012 11:47:33 +0000 (UTC) Received: from client-82-26-202-194.pete.adsl.virginmedia.com ([82.26.202.194] helo=catflap.slightlystrange.org) by lhscloud01.localhostservices.net with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80 (FreeBSD)) (envelope-from ) id 1Suj11-000JNQ-DT for freebsd-questions@freebsd.org; Fri, 27 Jul 2012 12:47:31 +0100 Received: from dan by catflap.slightlystrange.org with local (Exim 4.80 (FreeBSD)) (envelope-from ) id 1Suj0z-0000v2-Ow for freebsd-questions@freebsd.org; Fri, 27 Jul 2012 12:47:29 +0100 Date: Fri, 27 Jul 2012 12:47:29 +0100 From: Daniel Bye To: freebsd-questions@freebsd.org Message-ID: <20120727114729.GC4834@catflap.slightlystrange.org> References: <20120727104308.GA4834@catflap.slightlystrange.org> <20120727110019.GB4834@catflap.slightlystrange.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2/5bycvrmDh4d1IB" Content-Disposition: inline In-Reply-To: X-PGP-Fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Sender: Daniel Bye Subject: Re: On-access AV scanning X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Bye List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 11:47:33 -0000 --2/5bycvrmDh4d1IB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote: >=20 >=20 > On Fri, 27 Jul 2012, Daniel Bye wrote: >=20 > >On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: > >>>Are there any current options available to support on-access antivirus > >>>scanning on FreeBSD? > >>> > >>FreeBSD doesn't need this as there are no viruses on that system. > > > >Well, thanks. > > > >> > >>>And yes, I know that neither FreeBSD nor Solaris are renowned for their > >>>sickly vulnerability to viruses, but we operate in a mixed environment= , with > >>>a lot of Windows machines and ZFS file systems exported by SMB/CIFS, s= o we > >>>need the AV to ensure any viruses are stopped before they infect a > >>>susceptible machine. It seems a small price to pay to finally get a d= ecent > >>>workstation! > >>No idea - YOU will not spread wiruses, and viruses from other > >>winstations will not affect you. > >> > >>so just install antivirus software on winstations. > >> > >>Or finally educate users as it is really simple to avoid viruses > >>even with windows > > > >I refer you to the part where I specifically talk about our corporate IT > >policy. All desktops/workstations (that is, all of them, every single on= e), > >must have AV software running on them. There will be no exceptions, on p= ain >=20 > Well, there is AV software for FreeBSD - we use Kaspersky on our > FreeBSD based mailserver, but the viruses it looks for are Windows > viruses. I don't know if that will satisfy your IT policy. Maybe you > should be looking at Cygwin? Or, can FreeBSD run under HyperV? Thanks, Daniel. I have looked at Kaspersky, and various others, but the main sticking point, as I see it, is that there is no on-access scanning capability in any of the AV packages available for FreeBSD. It's not essential to build my case, but it would certainly strengthen it. I use ClamAV on my home mail server, and it works well. I have also tested it out on a desktop machine to run on-demand scans, and it works just fine, and doesn't impose so much of a load as to be a nuisance. We have had a couple of virus outbreaks recently, so this is quite a high profile concern around here at the moment. The CIO is from a technical background, so I might well be able to convince him of FreeBSD's strengths as a very secure system, but I will still need to accede to the IT policy, sadly - no way around it. Dan --=20 Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --2/5bycvrmDh4d1IB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlASf9EACgkQixf5fBYiFmoWAACfSKFXaGR9uZuylcUNRv4fwZKK u9oAnjbEr5syxNn5TaXP2ikAPZuUYH/R =lsnv -----END PGP SIGNATURE----- --2/5bycvrmDh4d1IB--