Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
1862 views

Looking for virus scanner for OES NSS volumes

Which virus scanner vendors support scanning NSS volumes on OES servers?

The OES partners page is ambiguous
Open Enterprise Server | Partners

It lists five vendors that "work seamlessly" with OES. But on further inspection most of the vendors don't appear to support or aren't committed to OES11 (I'm guessing they mean SLES11). Does it matter that they don't support OES11 (SLES11) if they support OES2? I would assume that support of OES2 implies that they scan NSS, is that the case?

Best regards,

Andy
Labels (2)
0 Likes
15 Replies
Absent Member.
Absent Member.

Andy,

IMO the file system doesn't play a big role as long as the OS running the virus scanner can access the file system.
So while the virus scanner may not be "nss aware", it will work when it runs on SLES.

Uwe



--
Novell Knowledge Partner (NKP)
Please don't send me support related e-mail unless I ask you to do so.
0 Likes
Absent Member.
Absent Member.

Hi Uwe,

Thanks, that makes sense. Do you happen to know whether all five of the vendors listed now support SLES11?

Cheers,

Andy
0 Likes
Absent Member.
Absent Member.

* andyh2o wrote, On 04/23/2013 01:36 PM:
> Do you happen to know whether all five of
> the vendors listed now support SLES11?


No idea, you'll have to check with the vendors' websites.

Uwe

--
Novell Knowledge Partner (NKP)
Please don't send me support related e-mail unless I ask you to do so.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

buckesfeld;2259661 wrote:
Andy,

IMO the file system doesn't play a big role as long as the OS running the virus scanner can access the file system.
So while the virus scanner may not be "nss aware", it will work when it runs on SLES.

Uwe



--
Novell Knowledge Partner (NKP)
Please don't send me support related e-mail unless I ask you to do so.


Just be aware that there are caveats with non-NSS aware AV scanners.
Some things don't work with compression (not a native Linux thingy) with NSS, etc.
That's why it's usually important to make sure you have one that officially supports NSS.

It MAY work with native linux OS things, but can have unintended consquences if it's not NSS aware, IMO.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Hi,

On 23.04.2013 18:16, kjhurni wrote:
> It MAY work with native linux OS things, but can have unintended
> consquences if it's not NSS aware, IMO.


Also, on-access scanners really don't universally work on NSS, as NSS,
depending on how the files get accessed (CIFS, NCP, AFP, you name it),
the "normal" linux file APIs may not notice the access. So really, yes,
AV scanners must be NSS aware to be completely useful on OES.

OTOH, I really can't remember when I've last seen a virus attempting to
infect a file server. I have many customers that have totally stopped
deploying AV scanners on file servers, but only on the perimeter and on
desktops.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

mrosen;2259796 wrote:
Hi,

On 23.04.2013 18:16, kjhurni wrote:
> It MAY work with native linux OS things, but can have unintended
> consquences if it's not NSS aware, IMO.


Also, on-access scanners really don't universally work on NSS, as NSS,
depending on how the files get accessed (CIFS, NCP, AFP, you name it),
the "normal" linux file APIs may not notice the access. So really, yes,
AV scanners must be NSS aware to be completely useful on OES.

OTOH, I really can't remember when I've last seen a virus attempting to
infect a file server. I have many customers that have totally stopped
deploying AV scanners on file servers, but only on the perimeter and on
desktops.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
Untitled Document


What if you consider one of your users to be a virus?

LOL!

Good point about the file protocol being used for access!
0 Likes
Absent Member.
Absent Member.

buckesfeld;2259731 wrote:
* andyh2o wrote, On 04/23/2013 01:36 PM:
> Do you happen to know whether all five of
> the vendors listed now support SLES11?


No idea, you'll have to check with the vendors' websites.

Uwe

--
Novell Knowledge Partner (NKP)
Please don't send me support related e-mail unless I ask you to do so.


I bailed out of looking at their websites and came here as they lacked clarity on the subject! I can ask them direct questions though, we have accounts with a couple of them.

Cheers,

Andy
0 Likes
Absent Member.
Absent Member.

We use multi-protocols here but are phasing out AFP - I know that AFP wouldn't be touched by on-write virus scanning on the server. NCP will also be going as we get our user population on to Win7 as we are not installing the Novell Client on that.

Our current setup on NW6.5SP8 is to scan on writes only, we would expect to do no more than that in an OES environment. We gave up on full scans quite a few years back as due to data growth they were never finishing and caused more invasive utilisation than benefit, and subsequently having all our storage on NAS/SAN this potentially has an impact on other users of shared storage. Scanning on desktops is also configured.

We don't envisage a file server becoming infected, it's outbreaks among users and propagation of them that we want to adress.

We have mixed types of storage presented to users - home dirs and shared areas. We are considering stopping our scanning of user home directories on the basis that any unpleasant deposits there tend to only affect that user - whether we do this for both students and staff is a question we haven't answered. However on our shared areas there is the problem that others could touch virus infected files - we do not have control over all our desktops, we have a mix of managed and unmanaged, and there are potentially desktops with out of date virus scanners or even no virus scanning at all (when a new machine is registered on the network it has to have virus scanning and auto updates enabled, however after registration anything could happen). Even with the two pronged approach we know viruses still get through, but there's a balance to be met about providing a usable service and not getting bogged down in dealing with virus outbreaks.

It would be very useful if the Novell community could give an indication of which vendors products work for them - existing user experience is invaluable, whereas a vendor can promise the moon on a stick and deliver something completely less palatable!

Thanks for your input,

Cheers,

Andy
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

andyh2o;2259939 wrote:
We use multi-protocols here but are phasing out AFP - I know that AFP wouldn't be touched by on-write virus scanning on the server. NCP will also be going as we get our user population on to Win7 as we are not installing the Novell Client on that.

Our current setup on NW6.5SP8 is to scan on writes only, we would expect to do no more than that in an OES environment. We gave up on full scans quite a few years back as due to data growth they were never finishing and caused more invasive utilisation than benefit, and subsequently having all our storage on NAS/SAN this potentially has an impact on other users of shared storage. Scanning on desktops is also configured.

We don't envisage a file server becoming infected, it's outbreaks among users and propagation of them that we want to adress.

We have mixed types of storage presented to users - home dirs and shared areas. We are considering stopping our scanning of user home directories on the basis that any unpleasant deposits there tend to only affect that user - whether we do this for both students and staff is a question we haven't answered. However on our shared areas there is the problem that others could touch virus infected files - we do not have control over all our desktops, we have a mix of managed and unmanaged, and there are potentially desktops with out of date virus scanners or even no virus scanning at all (when a new machine is registered on the network it has to have virus scanning and auto updates enabled, however after registration anything could happen). Even with the two pronged approach we know viruses still get through, but there's a balance to be met about providing a usable service and not getting bogged down in dealing with virus outbreaks.

It would be very useful if the Novell community could give an indication of which vendors products work for them - existing user experience is invaluable, whereas a vendor can promise the moon on a stick and deliver something completely less palatable!

Thanks for your input,

Cheers,

Andy


I'm not sure about other vendors, but McAfee says that in order to fully protect the viruses from spreading, you need AV on the server and the workstation, OR you have to enable "scan network files" option on the workstation, which can seriously affect performance (it depends upon your environment). They explain the reasoning for this in their best practices guide. Something about some software like Office only opening the file partially into memory so that you cannot depend upon JUST the workstation scan on reads/writes (excluding network files) to fully scan for viruses.

I THINK McAfee supports OES11 now:

McAfee VirusScan Enterprise for Linux | McAfee Products
0 Likes
Absent Member.
Absent Member.

We certainly wouldn't want to enable "scan network files" from workstations, that would be a huge mistake in our environment - we have ~6000 staff and ~ 30000 students - and our storage would be very unhappy!

Thanks for the suggestion.

Andy
0 Likes
Vice Admiral
Vice Admiral

We use an Eset for Linux on our file server.
Because this server is also running Groupwise.
All other servers have no anti virus.

Yes is has access to the NSS volumes, however we do not use any compression.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.