On Thu, 2009-01-22 at 21:24 +0100, Ralph Angenendt wrote:> Adam Tauno Williams wrote:> > > What do you do with clamav on a linux server? > > You scan the server for malware. > When? Every day via crontab? That can be much too late. Every hour? That can> be much too late. Every 10 minutes? That can be much too late - and your > server is busy scanning the file system.
Verses never??? That's just silly; your making perfect an obstacle ofthe good. If it finds something then you KNOW you have a problem andthe time frame in which it occurred: you can then access and respondand [potentially] notify. Verses what? No knowledge? The alternativeis to host the malware indefinitely in blissful ignorance - or untilsomeone else detects and reports your server.
CLAMAV, or any package, isn't THE answer, it is part of an answer. AndPCI/DSS requires a server be scanned on a regular basis. Fightingagainst that directive just makes no sense. You should scan an entiresystem on some interval regardless of OS.
> > The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots> > of malware is served from LINUX servers. Scanning a server for> > signatures is just another way to proof (not prove) that a server has> > not been compromised and that data accessed by the server is secure.> > Which is what things like PCI/DSS is about - protecting the *data*. > I never said "LINUX doesn't suffer from malware". But clamav itself is not> able to scan in real time. Looks like dazuko has gotten a bit better, I don't> know about clamuko. But by "just installing clamav, you gain nothing > protection wise.
Yes, you gain the ability to detect a compromised server.
_______________________________________________CentOS mailing listCentOS@xxxxxxxxxxxxxx://lists.centos.org/mailman/listinfo/centos
