[Leaplist] Enterprise AV for Linux
tony_l_turner at yahoo.com
tony_l_turner at yahoo.com
Thu Dec 11 12:16:25 EST 2008
We do use ClamAV for stream scanning now and ondemand scanning on critical infrastructure components, as well as another AV scanning at the proxies and mail gateways but I'm looking for a resident scanner solution.
I use noscript myself but know that unless we build a corporate whitelist to deploy with these clients we will meet major resistance from the users. We tend to like solutions that are as transparent as possible. We tried to replace IE with Firefox a couple years ago but even with the user agent switcher there were a handful of IIS apps that squawked when we tried, not to mention the challenges in removing IE.
------Original Message------
From: Bryan J Smith
To: tony_l_turner at yahoo.com
To: This is the Leap Main List
Sent: Dec 11, 2008 12:07 PM
Subject: Re: [Leaplist] Enterprise AV for Linux
On Thu, 2008-12-11 at 14:45 +0000, tony_l_turner at yahoo.com wrote:
> Our enterprise (18,000 users or so) AV solution where I work does not
> support Linux and we are looking for a product that we can use to
> manage our growing number of Linux machines. We have no plans to go to
> Vista and are entertaining the idea of moving from XP to Ubuntu in
> another year or two and migrating our file and print and some web app
> servers to RHEL or Centos and are in early testing phase now for
> application connectivity issues. Can anyone recommend a good Linux AV
> suitable for enterprise deployment? I've looked at Big Fix and Panda
> and both seem to be decent products but wanted to query the group to
> see if perhaps I'm overlooking a better solution.
If you're dealing with 18,000 nodes, then SLAs and other things become
important. At the same time, also know that resident scanners won't
prevent your users from being stupid. You're also probably as well
served (i.e., do this in addition to an AV solution) by locking down
Firefox, installing NoScript, teaching them how to browse responsibly,
add exceptions, etc....
> Ideally I'd like to have a central dashboard for all AV but I don't
> see us divorcing ourselves from our current product anytime soon.
Going Firefox across-the-board (Linux and Windows) helps tremendously.
Despite popular rhetoric, you can apply both default and mandatory
profiles to Firefox under both Linux and Windows. In fact, most
organization I've seen skip the IEAK (IE Administration Kit) and apply
their own profiles, so no difference with Firefox there.
-- Bryan
P.S. Manual scans (e.g., every night at 3am) and stream scans (mail,
etc...) are still served well by the Open Source ClamAV, in addition to
a resident scanner. I mention ClamAV because the project is just so
darn good at tracking every new signature, better than the majority of
commercial offerings (even on Windows for Windows). The shortcoming
with ClamAV is the lack of a resident scanner / kernel module. There is
only an userspace daemon that is an API for other daemons to plug into
(it's not a resident scanner).
--
Bryan J Smith Professional, Technical Annoyance
Mugshot Homepage: http://mugshot.org/person?who=58wDcGKx6NcZAb
---------------------------------------------------------------
Fission Power: An Inconvenient Solution
Sent from my Verizon Wireless BlackBerry
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list