Re: Running AV via SSH? (Was: Re: Bad Antivirus)

[!s3grim <persephane () gmx eu>]

Thus having said you've made an assumption about the sshd and the kernel as well: Neither of of them will be corrupted 
by an virus. Can you nowadays be sure about that? If you ask me, there's no difference between scanning for files local 
(online) and scanning remotely, but the time and bandwidth consumption and the amount you want to spend for some 
licenses. 

Keep in mind, if your files got infected there's nothing you can trust on that system. Set it up from the scratch or 
from known 'good' backups, having the latter quite difficult to be determined. 




Am 04.02.2013 um 15:13 schrieb Michael Peppard <mpeppard () impole com>:

> By running the antivirus program remotely you have the antivirus in a memory space which the virus can't corrupt.  
> You can map the remote drive either through ssh2 as local administrator or using drive mapping as network admin.  
> Most viruses will shut down or lie to an antivirus program running locally. Running the AV remotely isn't perfect and 
> should not be your only defence as it will not stop a virus from infecting a computer in the first place, but it's 
> better for cleaning a known infection and it may catch some viruses on the network that had shut down the local 
> antivirus as part of the infection. Scanning profiles and network drives will point you to an infection that local 
> anitviruses may have missed.
>
> It is also a good idea to have antivirus running as an appliance at the edge of networks alongside the firewall. If 
> the antiviruses you have chosen for your network don't update at least daily when needed, you may want to look for a 
> new antivirus.
>
> On 02/02/2013 03:21 PM, Alois Mahdal wrote:
> > Hello,
> >
> > On Wed, 30 Jan 2013 10:50:26 -0500
> > Michael Peppard <mpeppard () impole com> wrote:
> >
> > > To be honest I usually run (or tell someone to) the antivirus on an
> > > infected machine through a remote connection such as ssh2, or as
> > > Windows network administrator. That takes care of several issues.
> > What does it take care of?  Isn't running av.exe via sshd the same?
> >
> > Thanks,
> > aL.
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------