Security Basics
Bad Antivirus Jan 29 2013 03:30PM
sec melis gmail com (3 replies)
Re: Bad Antivirus Jan 30 2013 03:50PM
Michael Peppard (mpeppard impole com) (2 replies)
Running AV via SSH? (Was: Re: Bad Antivirus) Feb 02 2013 08:21PM
Alois Mahdal (alois mahdal 1-ndmail zxcvb cz) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 02:13PM
Michael Peppard (mpeppard impole com) (3 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 09 2013 12:41AM
Alois Mahdal (alois mahdal 1-ndmail zxcvb cz) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 09 2013 10:07PM
Terrence O'Connor (terrence oconnor gmail com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 11 2013 08:08PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 13 2013 04:31PM
Tracy Reed (treed ultraviolet org) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 14 2013 02:26PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 16 2013 11:59PM
Tracy Reed (treed ultraviolet org) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 18 2013 08:59PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 18 2013 10:06PM
Jeffrey Walton (noloader gmail com)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 05:38PM
!s3grim (persephane gmx eu)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 02:40PM
Rob (synja synfulvisions com)
One step forward, two back?

1. You lose behavior based heuristics and the ability to scan/affect local memory/processes.

2. This requires sharing files that should not be shared even if it is via SSH.

3. Hella network load.

4. The permissions required for a proper scan/fix are a bad idea for a share of any sort.

Too much effort for too little reward. The gateway/IDS idea is good for some things, but can get very expensive in terms of both CPU time/money and throughput limitations.

Just my .02

Rob

Sent on the Sprint® Now Network from my BlackBerry®

-----Original Message-----

From: Michael Peppard <mpeppard (at) impole (dot) com [email concealed]>

Sender: listbounce (at) securityfocus (dot) com [email concealed]

Date: Mon, 04 Feb 2013 09:13:37

To: <security-basics (at) securityfocus (dot) com [email concealed]>

Subject: Re: Running AV via SSH? (Was: Re: Bad Antivirus)

By running the antivirus program remotely you have the antivirus in a

memory space which the virus can't corrupt. You can map the remote

drive either through ssh2 as local administrator or using drive mapping

as network admin. Most viruses will shut down or lie to an antivirus

program running locally. Running the AV remotely isn't perfect and

should not be your only defence as it will not stop a virus from

infecting a computer in the first place, but it's better for cleaning a

known infection and it may catch some viruses on the network that had

shut down the local antivirus as part of the infection. Scanning

profiles and network drives will point you to an infection that local

anitviruses may have missed.

It is also a good idea to have antivirus running as an appliance at the

edge of networks alongside the firewall. If the antiviruses you have

chosen for your network don't update at least daily when needed, you may

want to look for a new antivirus.

On 02/02/2013 03:21 PM, Alois Mahdal wrote:

> Hello,

>

> On Wed, 30 Jan 2013 10:50:26 -0500

> Michael Peppard <mpeppard (at) impole (dot) com [email concealed]> wrote:

>

>> To be honest I usually run (or tell someone to) the antivirus on an

>> infected machine through a remote connection such as ssh2, or as

>> Windows network administrator. That takes care of several issues.

> What does it take care of? Isn't running av.exe via sshd the same?

>

> Thanks,

> aL.

>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate

In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1

------------------------------------------------------------------------

[ reply ]
Re: Bad Antivirus Feb 01 2013 12:09PM
sec milis (sec melis gmail com)
Re: Bad Antivirus Jan 30 2013 07:27AM
Andre Silaghi (andre silaghi googlemail com)
Re: Bad Antivirus Jan 30 2013 06:08AM
iamherevivek gmail com (2 replies)
Re: Bad Antivirus Jan 30 2013 07:24AM
Adam Pal (carpathin wolf gmx net)
Re: Bad Antivirus Jan 30 2013 07:10AM
Melissa Augustine (missy augustine gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus