Security Basics
Bad Antivirus Jan 29 2013 03:30PM
sec melis gmail com (3 replies)
Re: Bad Antivirus Jan 30 2013 03:50PM
Michael Peppard (mpeppard impole com) (2 replies)
Running AV via SSH? (Was: Re: Bad Antivirus) Feb 02 2013 08:21PM
Alois Mahdal (alois mahdal 1-ndmail zxcvb cz) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 02:13PM
Michael Peppard (mpeppard impole com) (3 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 09 2013 12:41AM
Alois Mahdal (alois mahdal 1-ndmail zxcvb cz) (1 replies)
On Mon, 04 Feb 2013 09:13:37 -0500
Michael Peppard <mpeppard (at) impole (dot) com [email concealed]> wrote:

> [...] You can map the remote drive either through ssh2 as local
> administrator or using drive mapping as network admin. Most
> viruses will shut down or lie to an antivirus program running
> locally.

I actually thought that you mean logging in to the box via ssh, and
then running an AV *there* under sshd, just like you would run anything
else. In case of normal Joe's workstation, that would of course hardly
help with more than the distance you need to walk.

Now I see that what you suggest is just sharing the files via network
(e.g. SSH/SFTP) and scanning them remotely. But as others have pointed
out, if that was to work, you would probably need to share like "root
access to /", which seems like a very crazy idea.

What I'd suggest is:

* if you can access the machine physically

1. grab a couple of bootable AV CDs from different vendors

2. with each of them, reboot and scan and research

3. decide what to do.

* otherwise restoring from backup is probably the only option

In many cases this might be safer or even easier solution
(congrats if you *do* have easily restorable backups), but you need
to be sure that the *backup* is not infected as well.

So probably combination of both methods could be in place.

> It is also a good idea to have antivirus running as an appliance at
> the edge of networks alongside the firewall. If the antiviruses you
> have chosen for your network don't update at least daily when needed,
> you may want to look for a new antivirus.

Definitely scanning files on regular paths to/aroud your net (file
servers, e-mail servers) is a good idea. It does not, however protect
you 100%:

* flash drives

* HTTP: e.g. if you needed to check virus.exe being downloaded,you
would need to get the *whole* file. But in reality the stream can
come in many pieces, and can be even interrupted in the middle and
restored days later. Can't imagine tracking infection via HTTP
this way

* encrypted streams, encrypted ZIPs

Sometimes you can, however, forbid these things strictly, (e.g. throw
away all attachments, seal off USB connectors...) without hindering the
business. Not sure about HTTP though...

Thanks,
aL.

--
Alois Mahdal

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 09 2013 10:07PM
Terrence O'Connor (terrence oconnor gmail com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 11 2013 08:08PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 13 2013 04:31PM
Tracy Reed (treed ultraviolet org) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 14 2013 02:26PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 16 2013 11:59PM
Tracy Reed (treed ultraviolet org) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 18 2013 08:59PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 18 2013 10:06PM
Jeffrey Walton (noloader gmail com)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 05:38PM
!s3grim (persephane gmx eu)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 02:40PM
Rob (synja synfulvisions com)
Re: Bad Antivirus Feb 01 2013 12:09PM
sec milis (sec melis gmail com)
Re: Bad Antivirus Jan 30 2013 07:27AM
Andre Silaghi (andre silaghi googlemail com)
Re: Bad Antivirus Jan 30 2013 06:08AM
iamherevivek gmail com (2 replies)
Re: Bad Antivirus Jan 30 2013 07:24AM
Adam Pal (carpathin wolf gmx net)
Re: Bad Antivirus Jan 30 2013 07:10AM
Melissa Augustine (missy augustine gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus