Hi,
As you all know that lot of works are attacking networks.
Do we need to use some kind of Antivirus for Solaris Machines as well or not.
It is genarally said that Unix servers are secure enough.
Please advise.
We are running SAP / ORACLE / SOLARIS 8
Regards
Step out of the Micro$oft world...
UNIX servers provide more of a real computing platform than MS ever will. Due to things like mulit-user and shells, viruses on UNIX don't happen anywhere near the MS amount. Besides, if a UNIX server did get a virus; it will probably never spread.
> Step out of the Micro$oft world...
>
> UNIX servers provide more of a real computing platform
> than MS ever will. Due to things like mulit-user and
> shells, viruses on UNIX don't happen anywhere near the
> MS amount. Besides, if a UNIX server did get a virus;
> it will probably never spread.
I guess you weren't around for the great Internet Worm of 1988. Why on earth should a virus targeted at UNIX servers not spread?
UNIX systems may be more resistant in general to viruses, but a major reason why we see so few of them is that there are far more Windows systems to target.
To answer the original question without the dick fencing:
Your basic Unix platform is not susceptible to viruses.
First, a virus that is written to affect Windows (more likely than not through Outlook) would never directly affect any Unix platform because the system calls it makes are completely different than any Unix program would; they are just written for a completely different paltform, from the shell up, and attach to programs that area alien to Unix. They may be some indirect effects, but they would be in the form of the annoying e-mails you'd get in your e-mail box.
As far as the worm of 1988, that was almost 15 years ago, so why it is even brought up, I don't know. Thinks have change abit since then, haven't they?
> Your basic Unix platform is not susceptible to
> viruses.
That statement is simply not true. One OS will be more or less susceptible to viruses than another depending on the quality of its design and implementation. It could very well be that UNIX-like systems are less susceptible, but the main reason they don't get affected much is that there are fewer of them so they don't get targeted as often.
> First, a virus that is written to affect Windows
> (more likely than not through Outlook) would never
> directly affect any Unix platform because the system
> calls it makes are completely different than any Unix
> program would; they are just written for a completely
> different paltform, from the shell up, and attach to
> programs that area alien to Unix. They may be some
> indirect effects, but they would be in the form of
> the annoying e-mails you'd get in your e-mail box.
Clearly, a virus written to target Windows is very unlikely to affect a Solaris system - just as one written to target Solaris is very unlikely to affect a Windows system.
> As far as the worm of 1988, that was almost 15 years
> ago, so why it is even brought up, I don't know.
> Thinks have change abit since then, haven't they?
No, not in any fundamental way that is relevant to viruses. The buffer-overflow bug in sendmail that enabled the 1988 UNIX worm has been fixed, in the same way that the bug in Windows that enabled the most recent rash of Windows attacks has been fixed. That doesn't mean that other virus-enabling bugs don't exist in either OS, or that new bugs won't be introduced in new versions of software.
I'll restate my answer...
In my professional opinion (reflecting 10 years of UNIX admin.) there's a high probability that you will never experience a problem with a virus on a UNIX server. It is true that different vendor versions of UNIX (including UNIX like) OS's are not consistent, with respect to security and buffer overflow issues, which may present a problem. However, as mentioned, what affects a Micro$oft OS will probably not affect a UNIX OS and vice-versa.
With all of the valid points stated in this chain of emails, I have never had a virus issue on any of the Sun's (and other) UNIX systems that I have administered.
Harden and sercure (lock the rack if possible) your server properly, close all unnessary ports not in use, stop unused daemons, apply all known security patches, run secured shell with TCP wrapper whenever possible, put your sever at least behind a firewall and monitor your system logs deligently, limit the number of users who can directly log on to the server, change your root id name and give a password even you find it hard to remember. Perhaps this will help a little in your effort to tackle your problem.
I agree with cmk168. The fewer services available the better. It's best practice to disable or remove ANY extra services on your system anyway. These are just more things to patch and maintain anyway.
With some extra work while you're setting up the server, you can make your system near impossible to hack into.
All very interesting. The implementation of virus protection software can be an expensive move, and it can at times be difficult to persuade the finance managers of the need for such a defence. Ultimately I believe it comes down to organisational suitability and the nature of your system. It is commonly believed that the Solaris environment is more resilient to attack then an MS system however will this be a good enough defence when you are standing before you supervisors explaining why the system is down. I'd recommend that each person contemplating the virus issue ponder the following points:
1. It is possible for a virus to attack a Solaris system, it just takes the right one, and whilst these are relatively rare, can you afford the risk?
2. Are you connected to the Internet, is there a strong firewall, what is the risk of a user transferring a virus through electronic media from external sources, eg. Floppy disk. How good is your user education program?
3. Is your system mission critical? How will your organisation cope with extended down-time vs. operating losses (of a financial nature)?
4. If you have indeed contracted a virus, what portion of your backup media is effected, what data will you lose, what will you be able to restore, will you restore the virus?
5. Most importantly - What is the cost of implementing virus protection vs. potential loss on system attack?
Basically it's up to you to discuss this matter with your hierarchy. Should you choose not to implement protection then you need to make them aware of the potential consequences. Anti-virus software can be very expensive and if you're only running a small network with basic word processing tools etc installed then you may be best accepting the risk and saving the organisation $$$$'s per annum. If your running a system that provides the electronic information backbone to a major corporation who relies on their system in order to conduct business then you may have a little more thinking to do.
It's like anything, I don't think that I'll have a car accident today but I wouldn't dare drive without insurance. Food for thought. For those of you who are running anti-virus software I'd be interested to hear what you are using.
Although there has already been a lot of interesting comment on this I'd like to add one thing.
The basic MS anti-virus strategy is to let viruses onto the machines, identify them, and then wipe them out. Thus when a Wintel user talks about anti-virus software he or she usually means some kind of disk or file scanning tool that finds and removes viruses.
The unix approach is completely different. We don't usually (except in forensic investigations) scan for viruses already on a machine; instead, we close doors to keep them out. Thus "virus scanning" typically has no role in Unix but normal security practices - like log reviews, patch updates, and port management, do.
There are Solaris virus scanners. These come in two forms: useful ones that scan mail being forwarded to MS clients and sucker ploys sold to people who want to do MS style disk scans in Unix.
interesting comments, but we have a business need related to some new government (US and california) regs on customer privacy that mandate that we put some type of antivirus detection/cleanup on several solaris systems, as the servers will be receiving files (typical MS Office docs, .doc, .xls, and several others) from (sending) clients that could harbor a virus, and be passed through to (receiving) clients, and use the solaris system basically as a file repository, and as a host while these files are populated into various database / BLOBs. The intent is that UNIX "kill" the viruses as they pass through the file system, even though they obviously can't harm Solaris (sparc, not intel). I've seen many "scanners" but very few real-time processes available, although Kaspersky Antivirus offers a DAEMON that seems to offer some "realtime" protection. We have a site license for NAI's AVD suite, mostly for our Wintel population, obviously, but VirusScan Command Line for Solaris seems pretty good, and can be CRONed to run at regular intervals, giving us "near real time" scanning. mk
There is no such thing called an antivirus solution for solaris.
There is no need for an antivirus solution for solaris, or unix.
Some may classify intrusion detection and checking for root kits antivirus tasks, however, they are completely different than any antivirus software on the market.
This has been a long discussion. If someone has the need for an antivirus solution for solaris then that certain someone may have a solaris server serving windows files to client systems. In that case it may be in that persons best intrest to scan those *windows* files for viruses.
Keep in mind that if you use solaris to view word or excel documents you do not need to worry about vb macro viruses infecting you sun box. The code will not run on star office.
If your worried about getting an antivirus solution for your solaris server then you should probably be more worried about the current software that your running and forget about antivirus software.
Most people worried about AV software don't realize that they are running a vulnerable version of some software package. If anything can come close to a "virus" on unix its the fact that most problems are brought on by lack of keeping systems up to date with the latest security / bug fixes.
Turn off telnet and rsh services on servers connected to the net and deffinetly remove the test user accounts from your system before putting it into production.
.02
David D
..because sendmail arbitrarily executes code it receives in e-mail form?
.. I've had this argument many times.. in all my years in the business I have never ever seen a "unix virus"...I checked the link and it seems this is a virus scanner that works at the mail server level to scan for viruses going through it, but not a "unix anti-virus" in the sense that you install it in a workstation and it would scan your e-mail...
Actually, ClamAV is a bit more than just a Sendmail scanner.
Yes, strictly speaking it is of little practical use to a UNIX only environment, due to the lack of UNIX virii.
_However_, for a mixed environment ClamAV looks very interesting! Not just because you can plug it into your mail server, but also for some other reasons.
I immediately thought of a UNIX box running as a Samba server. You could use ClamAV on said system to scan all of the files used by your Windows users, without getting in their way. Naturally there are numerous other ways to use this tool...
Looks pretty interesting to me :)
i know that the solaris can't be affected by the Viruse but in my network i use solaris as a mail transfer agent , I need antiviruse to scan the mails before to reach mobile handsets , other wise the viruses can affect the handsets , Please advice what is antiviruse that can run on my solaris MTA
