SonicWall and linux client

Yicheng Li plug-discuss@lists.plug.phoenix.az.us
Mon, 10 Jun 2002 11:30:02 -0700 

There are several Linux-based Anti-virus software products out there.  I had
to look for one as part of a departmental security audit with my last
employer.  The rational is:

1) Linux boxes can become infected with Trojans, backdoors, or Root kits
once a malicious attacker is able to gain access to the machine.  This, BTW,
is very possible, since many of the Linux service daemons are still
relatively new and are prone to vulnerabilities like buffer overruns or
malformed packets.  If you do run a Linux machine, I highly recommend
setting up some kind of host-based Firewall program.  Even if you are on a
LAN protected by a Firewall, most of those only scan packets coming from the
outside.  So, if your fellow co-workers on a Winbox is prone to opening
email attachments or perhaps somebody left a PCAnywhere server running,
(surprise!) you are now potentially vulnerable to attacks from his computer
as well.

2) Linux with Samba often serve as file/print/domain servers for Windows
machines.  Even though the Linux box isn't susceptible to the viruses
themselves, it can still be a carrier for the virus, storing them as the
various Windesktops become infected by accessing it's file systems.

I decided to go with Sophos Anti-Virus (www.sophos.com), but that was two
years ago.  It's fairly user friendly and pretty fast (with a virus def file
that you can pull down regularly via a cron job).  I've just done a Google
search on "linux anti-virus" and found a whole bunch of other anti-virus
programs that have popped up since then.  Maybe one of those is better,
maybe not.

Yicheng



Date: Sun, 9 Jun 2002 21:14:12 -0700 (PDT)
From: Matt Alexander <m@netpro.to>
To: <plug-discuss@lists.plug.phoenix.az.us>
Subject: Re: SonicWall and linux client
Reply-To: plug-discuss@lists.plug.phoenix.az.us

Just tell your admin that you're running Linux so you don't have to worry
about all the Windows viruses out there (he/she should be scanning
or blocking email attachments on the mail server anyway).  Give your box a
static IP, have your admin tell the SonicWall to let you through, and
you're set.

Viruses on Linux are possible, but their propogation is slowed by a number
of factors, such as:
1) Less Linux workstations directly connected to the Internet, relative to
Windows boxes.  Expect this to change in the future as more users and
businesses start using Linux.
2) Linux users are usually more technically savvy and less likely to run
strange attachments.  Expect this to change in the future as well.
3) Damage is limited to only the files that the user can change/delete.
~M


On Sun, 9 Jun 2002, Charlie Bullen wrote:

> I have been able to get Opera on Suse 7.3 to present itself to SoncWall as
IE 5, but it still won't let me through. The solution proposed by sonic wall
is to assign a Static ip address to my linux box and exepmt that ip from the
anti virus requirement. This is possible to do, but I may have a hard time
selling this idea to my employer.
>
> Is there any danger and if so how much, to running a linuxbox with no anti
virus protection on a network that is all win98 or XP workstations? Many
Linux servers, but this would be the first linux workstation.
>
> I've never heard of such a thing but is there antivirus software for
linux?
>
> Regards,
>
>
> Charlie
>
>
>