Security Basics mailing list archives
Re: Running AV via SSH? (Was: Re: Bad Antivirus)
From: "Rob" <synja () synfulvisions com>
Date: Mon, 4 Feb 2013 14:40:22 +0000
One step forward, two back? 1. You lose behavior based heuristics and the ability to scan/affect local memory/processes. 2. This requires sharing files that should not be shared even if it is via SSH. 3. Hella network load. 4. The permissions required for a proper scan/fix are a bad idea for a share of any sort. Too much effort for too little reward. The gateway/IDS idea is good for some things, but can get very expensive in terms of both CPU time/money and throughput limitations. Just my .02 Rob Sent on the Sprint® Now Network from my BlackBerry® -----Original Message----- From: Michael Peppard <mpeppard () impole com> Sender: listbounce () securityfocus com Date: Mon, 04 Feb 2013 09:13:37 To: <security-basics () securityfocus com> Subject: Re: Running AV via SSH? (Was: Re: Bad Antivirus) By running the antivirus program remotely you have the antivirus in a memory space which the virus can't corrupt. You can map the remote drive either through ssh2 as local administrator or using drive mapping as network admin. Most viruses will shut down or lie to an antivirus program running locally. Running the AV remotely isn't perfect and should not be your only defence as it will not stop a virus from infecting a computer in the first place, but it's better for cleaning a known infection and it may catch some viruses on the network that had shut down the local antivirus as part of the infection. Scanning profiles and network drives will point you to an infection that local anitviruses may have missed. It is also a good idea to have antivirus running as an appliance at the edge of networks alongside the firewall. If the antiviruses you have chosen for your network don't update at least daily when needed, you may want to look for a new antivirus. On 02/02/2013 03:21 PM, Alois Mahdal wrote:
Hello, On Wed, 30 Jan 2013 10:50:26 -0500 Michael Peppard <mpeppard () impole com> wrote:To be honest I usually run (or tell someone to) the antivirus on an infected machine through a remote connection such as ssh2, or as Windows network administrator. That takes care of several issues.What does it take care of? Isn't running av.exe via sshd the same? Thanks, aL.
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Running AV via SSH? (Was: Re: Bad Antivirus) Alois Mahdal (Feb 04)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Michael Peppard (Feb 04)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Rob (Feb 04)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) !s3grim (Feb 04)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Alois Mahdal (Feb 09)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Terrence O'Connor (Feb 11)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Michael Peppard (Feb 12)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Tracy Reed (Feb 13)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Michael Peppard (Feb 14)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Tracy Reed (Feb 18)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Michael Peppard (Feb 18)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Jeffrey Walton (Feb 18)
- Re: Running AV via SSH? (Was: Re: Bad Antivirus) Michael Peppard (Feb 04)