RE: Virus Scanning - toasters

25 Mar 2003

      One other consideration is the issue of new viruses.  Viruses that 
do not yet have a fix posted in an antivirus software's definitions
will not yet detect this new virus.  Whether through email, web browsers,
ftp download, etc, it can find it's way on the NetApp (especially if you
are using the NetApp for home directories).  Now if this new virus 
infects .exe's or other heavily shared files the virus can spread like 
wild-fire.  Once the new virus fix is found and the new definition
is posted and applied then it will be auto-detected just fine but by then
the damage is done.  The NetApp may already have a kagillion infected files.
Although scanning does take a long time depending on how large your
filesystems are I try to scan the NetApp atleast once a month.  It will
stop the spread of brand new viruses but atleast once the definition is
in place atleast you'll find that you were infected and can actually clean-up.
Of course, even if you we're hit and the PC client's have the new def's then
whenever they hit one of the bad files they would sound the alarm too but
I try to be proactive, atleast a bit, so that if files need to be restored
I can get a jump on it before users complain.
Also, another suggestion is to try and dissuade folks from placing 
executables of any nature on the fileserver.  That is, if IT is using the
server to place CD copies of MS-Office or other apps in order to more
easily load software over the net try to not do this.  The .exe files
are too easily infected and then it is easy to spread the virus to other's
unwittingly.  The Klez virus nailed us here until I had a chance to 
reinstall our old, decrepit McAfee virus server.  By the time I fixed the
server and reinstalled client software our NetApp was soaked with viruses
mostly .exe files....
-Ed
-----Original Message-----
From: Mike Sphar [mailto:mike.sphar@Remedy.COM]
Sent: Tuesday, March 25, 2003 1:37 PM
To: toasters@mathworks.com
Subject: RE: Virus Scanning
What situation are you still seeing virus files deposited?  The only
situations I'm aware of would be if a client placed the file there via NFS,
then no scan takes place, or if a virus-infected file is embedded deep in an
archive such as a zip or tar file.
In the first case though, when a windows client attempts to read the file, I
believe the virus scan will still take place, so it should get caught then.
I'm not sure what solution there is to a deeply embedded virus.  Most
systems (server or desktop) simply can't handle the performance hit of doing
deep scans of every zip file.
-- 
Mike Sphar - Sr Systems Administrator - Remedy, a BMC Software Company

 -----Original Message-----
From: 	David Papas [mailto:david.papas@newisys.com] 
Sent:	Tuesday, March 25, 2003 12:13 PM
To:	toasters@mathworks.com
Subject:	RE: Virus Scanning

I asked tis list recently regarding the "most popular software" part of
your question.  Trend seems to have been the winner in that poll,
followed by Symantec.

The reason I was inquiring is that, despite having file system and mail
scanners everywhere else, I found it is still possible to deposit
viruses on the filer.  With a batch of infected files there, it is only
a matter of time until an unprotected client connects and keeps
spreading the love. 

-D.

> -----Original Message-----
> From: Geoff Hardin [mailto:geoff.hardin@dalsemi.com]
> Sent: Tuesday, March 25, 2003 11:45 AM
> To: toasters@mathworks.com
> Subject: Virus Scanning
> 
> 
>     I was wondering what other admins were using for virus scanning. 
> And as an aside, I really want to know whether it is worth 
> the time and 
> money.  Basically, I've been asked to evaluate the virus scanning 
> software out there for the filers, but I'm not really sure it's even 
> necessary.
>     I am a UNIX admin, so I typically don't see the viruses 
> that plague 
> my NT compatriots, but I don't believe we've really had a 
> problem on our 
> filers with CIFS shares.  But maybe I'm just biased, so 
> that's why I'm 
> asking for your input.
> 
> 1.  Which A/V software do you use
>      a) McAfee NetShield for Netapp
>      b) Symantec Antivirus for Netapp
>      c) Trend Micro Server Protect
>      d) other (are there any others?)
> 
> 2.  Is it really necessary?  Please explain your answer.
> 
> 
> Thanks for any and all input.
> 
> Geoff Hardin
> UNIX System Administrator
> geoff.hardin@dalsemi.com
> This space is for rent in order to increase company revenue.
> 
> 