Highlighted
Absent Member.
Absent Member.
1357 views

AV for OES2 LX...

Well, I'm getting a little frustrated trying to find useful and up to date information about AV products for OES2LX in terms of what they support, how they work, how they update and how they cope with kernel updates....

Issues seem to be whether they cope with
a) nss (as in a volume mounted and shared using ncp) - kernel vfs..?
b) nss via afp/cifs - nss zAPI's and zlss kernel...?
(obviously any other linux fs (ext3, reiser, etc.))
c) 'scan on write' (capability and overhead - esp. large nss volumes)
d) Dynamic Storage Technology...
e) kernel patching... are they using 'Kernel Module Packages' or another mechanism that can cope with patching
f) management - solo or fit into enterprise

I'd be interested to know how far people have delved into these things and what they've found out... what the vendors say and what actually happens

There are a few 'it just works' posts, but does it really?!? Or is it because you haven't heard a peep from it?! i.e. does it detect a virus added to a cifs shared nss volume?
There are a few 'kernel support is out of date', 'it broke..' type posts, but mostly I'm seeing people asking for advice and not getting much...!
I have poked at people in Novell and will feed back what I can, but I am interested in the views from the trenches, so please share!

Many thanks

David
Labels (2)
0 Likes
8 Replies
Highlighted
Absent Member.
Absent Member.

Re: AV for OES2 LX...

djbrightman wrote:
> Well, I'm getting a little frustrated trying to find useful and up to
> date information about AV products for OES2LX in terms of what they
> support, how they work, how they update and how they cope with kernel
> updates....
>
> Issues seem to be whether they cope with
> a) nss (as in a volume mounted and shared using ncp) - kernel vfs..?
> b) nss via afp/cifs - nss zAPI's and zlss kernel...?
> (obviously any other linux fs (ext3, reiser, etc.))
> c) 'scan on write' (capability and overhead - esp. large nss volumes)
> d) Dynamic Storage Technology...
> e) kernel patching... are they using 'Kernel Module Packages' or
> another mechanism that can cope with patching
> f) management - solo or fit into enterprise
>
> I'd be interested to know how far people have delved into these things
> and what they've found out... what the vendors say and what actually
> happens
>
> There are a few 'it just works' posts, but does it really?!? Or is it
> because you haven't heard a peep from it?! i.e. does it detect a virus
> added to a cifs shared nss volume?
> There are a few 'kernel support is out of date', 'it broke..' type
> posts, but mostly I'm seeing people asking for advice and not getting
> much...!
> I have poked at people in Novell and will feed back what I can, but I
> am interested in the views from the trenches, so please share!
>
> Many thanks
>
> David
>
>



I don't think this is a "hot topic" for Linux.

Maybe it should be!

Linux has more issues with "worms" -- and if you are not running client
email on the server -- then ....

If you are running Groupwise, that's another issue. The you should be
looking in the Groupwise forums.

But your are right -- not a lot of info. I have looked too.




--
Will R
PMC Consulting
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AV for OES2 LX...

WillR wrote:

>
>I don't think this is a "hot topic" for Linux.


We are talking about using Linux based file servers here and not Linux
workstations. So an antivirus solution may be needed not to protect the
system itself, but rather to protect against clients saving virus infected
files on the server.

--
Marcel Cox
http://support.novell.com/forums
------------------------------------------------------------------------
Marcel Cox's Profile: http://forums.novell.com/member.php?userid=8
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AV for OES2 LX...

I am using McAfee LinuxShield currently on SLESP1 OES2.

Aside from some initial install issues which were ironed out, and it periodically starting before NSS on a system reboot and hanging the system... it really does "just work". I can't speak to specific protocols, etc, however it does seem to scan everything that gets written to the server.

I am happy with it overall.

-Nick Kelnhofer Professional Network Administrator CNA, MCSA, A+, Net+, Security+
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AV for OES2 LX...

Marcel Cox wrote:
> WillR wrote:
>
>>
>> I don't think this is a "hot topic" for Linux.

>
> We are talking about using Linux based file servers here and not Linux
> workstations. So an antivirus solution may be needed not to protect the
> system itself, but rather to protect against clients saving virus
> infected files on the server.
>


I know -- and I stand by my comment.

I think that is why it doesn't get a lot of attention. Maybe it should...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AV for OES2 LX...

As ever, Marcel has it right!
One of the primary functions of the OES 'extensions' to SLE is the rich set of file serving capabiities. One of the primary benefits of serving files is the abaility to share these files!
What is required from an AV point of view is to protect these shared files - to prevent (probably) the most common proliferation mechanism they utilise.... sharing!

Add to all this the OES2 CIFS funtion (as well as native SLE SAMBA) these are services for sharing files between the most targeted paltform...Windows!

So, as WillR has stated 'Maybe it should...' -I think it DEFINITEY should!
How we get this 'escaleted' and considered important, I don't know...

Talking to 'old Linux heads' (sysadmins) about the influx of ex-Netware administrators becoming 'new' sysadmins it maybe symptomatic of the overall issue of dealing with a 'mainstream' and relatively 'open' operating system, as opposed to the proprietary, tight and 'secure' os of Netware.There are security considerations that are required under SLE that just weren't considerations under Netware...
I think the whole area needs more attention

Oh well, I am trying to raise my concerns with Novell products management, and will have to have a good look at McAfee LinuxShield. I shall try and share what details as and when time permits!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AV for OES2 LX...

Norman has a product called Virus Control for Linux.
It also has an internet update mechanism called NIU.

The virusscanner can only scan on demand, so no real time scan option.
The internet update mechanism can only fetch updates for the Linux application, although you can select other platforms.

They are working on a newer version, but this has low priority in development.

Kind regards, Arjan
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AV for OES2 LX...

I will probably get my hand slapped for saying this, but McAfee has the widest support and options for OES 2 Linux. You just have to make sure to disable On Access scanning to the /_admin volume. Symnatec has a great offering as well, but they don't support Xen guests.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: AV for OES2 LX...

Thanks for that. I am back on site with the customer now and we are testing McAfee Linux Shield. Thankfully (?!?) there has been a kernel update recently, so I can monitor it's progress through that as well! I'm wondering how they do it? I thought maybe the 'weak-updates' scheme, though the modules are in their own sub directory (nai), so I guess they have some other mechanism...?
Good point on the _admin volume, I guess that could cause unneccesary utilisation.
If I find anything interesting I shall report back..!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.