[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 19/07/11 11:08, simon@xxxxxxxxxxxxxxxxxxx wrote: > > My main objection is against AV that gets in the way and slows things > down. If ClamAV is nice and lightweight then I'll go with that. Granted, > this is much easier than arguing. Sounds like you have the scope of specifying the policy as far as GNU/Linux is concerned because you are the one using it currently. You can use the opportunity to specify a policy, to educate, and to promote GNU/Linux and free software. Please do so responsibly, stating the low risk, explaining that you use software only from a limited number of trusted source, and the steps you've recommended and taken to mitigate the risk further (since this is what they want to hear). I think there are two main choices in the Free Software world for complying with such a policy. Clam-AV as an antivirus tool, or system fingerprinting software (tripwire, bsign, systraq). There are also some more active tools like "Nessus" for vulnerability scanning (which might be useful in your environment but be careful that you have permission to use tools like Nessus), and other Intrusion detection software, but they go beyond simply ensuring your own box is well maintained. It is also a good opportunity to ensure you are using less sophisticated but good practices, such as ensuring log files are checked for anomalies (I use logcheck to help separate the wheat from the chaff), ensuring machines are fully patched, check what services you are exposing ($netstat -anp). I see no reason not to install Clam-AV and one of the other tools, once upon a time I'd have been able to tell you which is best, or if CLAM-AV makes the others redundant these days, but I'll have to differ to the wisdom of this crowd. Simon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq