Free Antivirus For Solaris
Hi All, Anybody know about Anti-virus for Solaris 10 which can scan entire filesystems also. I have searched through.
Download Avira Free Antivirus and get the best free virus protection with detection rates of 99.99 with Avira Protection Cloud.
Anti-Virus on Solaris. Ray Peck asked Apr 5, Where to Download Free Anti-Virus Software Viruses cannot run in Solaris so there is no need for antivirus.
Recently, the US DoD introduced an updated version of their Security Technical Implementation Guide Checklist aka STIG for Unix platforms. They added a requirement for Anti-Virus software to be installed and rated it as a Category I highest requirement. Within the DoD, you must follow this checklist in order to get Authority to Connect to the network. It is EXTREMELY difficult to get a waiver to ignore a Category I finding.
To quote the most recent March 2007 checklist:
GEN006640 – Virus Protection Software
Check for the existence of the Mcafee command line scan tool to be executed weekly in the cron file. The Mcafee command line scanner is available for most Unix/Linux operating systems. Additional tools specific for each operating system are also available and will have to be manually reviewed if they are installed. In addition, the defintions file should not be older than 14 days.
I have been researching the offerings of major and minor AV vendors. Please feel free to make corrections or additions to this list via the Comments feature of blogs.sun.com
TrendMicroNo host-based anti-virus software for Solaris either platform
SymantecNo host-based anti-virus software for Solaris either platform
McAfeeCommand Line anti-virus for Solaris 10 Sparc and plans for X64 platformF-ProtHas anti-virus for Solaris on Sparc and X64 platforms. F-Prot is based in Iceland. I m not sure if the DoD can use their software.CAWeb site claims support for Sun Solaris 8 and greater. Unclear on Sparc/X64 platforms.Central CommandReports supporting Sun Solaris 9 or SunOS 5.9 on Sparc onlyAvastReports having anti-virus scanner for Solaris 8-10 on Sparc and X64 platforms. Based in Prague,
Czech Republic.
Clam AV Open source project. Now owned by SourceFire.
Has binary build for Solaris on Sparc and X64 platforms at blastwave.orgCyberSoftVFind has support for Solaris 2.5.1, 2.6, 7, 8, 9 and 10 on Sparc and X64. Based in
Conshohocken, PA.
I have also perused their virus databases in an attempt to prove with data what I know in my heart, ie. there are really no damaging Solaris viruses.McAfeeTwo malware findings. Each rated as low threat. One requires that telnet port be open which most enterprises closeSymantec11 Total findings, most of which are vulnerabilities rather than viruses. These vulnerabilities can all be dealt with via existing Solaris patches.
Trend Micro
13 finding, most of which were vulnerabilities and DoS warnings some of which were over 7 years old.F-ProtLists only 2 Unix viruses that affect Apache on BSD and Linux platforms dated from 2002.
A similar search of the McAfee malware database for Windows XP returned 5300 results.
Apparently this requirement is derived from the NISPOM as evidenced by this email from a customer:
The NISPOM, referenced in the DSS scenario below is the _National
Industrial Security Program Operation Manual_ DoD 5220.22M - Feb 28,
2006
Chapter 8 of the NISPOM deals with Information System IS Security.
8-103. The information Systems Security Manager ISSM shall:
8-103.f. 5 Implement security features for the detection of
malicious code, viruses, and intruders hackers, as appropriate.
8-305 Malicious Code. Policies and procedures to detect and deter
incidents caused by malicious code, such as viruses or unauthorized
modification to software shall be implemented. All files must be
checked for viruses before being introduced to an IS and checked for
other malicious code as feasible. The use of personal or public domain
software is strongly discouraged. Each installation of such software
must be approved by the ISSM.
In my mind, the key portion of this excerpt would be the phrase, as appropriate. While it is certainly appropriate to install anti-virus software on a MS Windows platform, I can t see where it would be appropriate for a Solaris platform.
I am doing all of this work in an attempt to get the DISA Field Security Office to
eliminate the requirement or at best, reduce its severity. If you are also running into this issue, please email me or add a comment to my blog. At this time, I understand that DISA is planning to lower the rating of this finding to Category II. I don t know when this change might occur.
Solaris has a number of features that can help secure your system without anti-virus software including:Signed binariesBasic Audit and Reporting Tool BART
No stack executionMandatory Access Control when Trusted Extensions are enabled Solaris Containers
A white paper on Solaris security is available. The Solaris Security Toolkit supports the hardening of Solaris 10.
Why you should care.
Solaris is known for its security. Placing a requirement for anti-virus software on Solaris is preventing some customers from deploying it because of the paperwork required to get a waiver. In particular, requiring Solaris users to install software that specifically searches for malware that primarily attacks a competitive platform Windows would appear to put Sun at a competitive disadvantage.
Download Avira Antivirus for Windows, Mac, Android or iOS operating system. Get the latest protection for your device against internet threats right now.
ESET File Security for Linux / BSD / Solaris. Security that blocks malware and suspicious Web and FTP traffic at the perimeter. Contact sales.
Anti-Virus on Solaris
Web site, provides free online file integrity verification utilities for many generations of 2 Solaris 10 Operating System and Security sun.com/solaris.
Get Solaris through the Free Solaris Program. Oracle. Country; Country; Communities; Migration to an Oracle Solaris Zone on an Oracle Solaris 10 Host.
Anti virus software for Solaris. What are they thinking. Please feel free to make corrections or additions No host-based anti-virus software for Solaris.
Anti virus software for Solaris? What are they thinking?
Your account is ready.
You re now being signed in.
This may be a silly question but is anti-virus/anti-malware software recommended for Solaris or Linux systems. If so, do you have any recommendations.
Thanks.
Mark this reply as the best answer.
Choose carefully, this can t be changed
Yes
No
Saving
James Isom
replied Apr 5, 2011
I have used Mcaffe with AIX previously. It works but unix for the most part does not get attacked by viruses, the attacks are spawned by new releases of the o/s, you should keep your system current with updates for all o/s s. Users often are able to get elevated rights by utilizing scripts/shell s/executables.
Sent from my Verizon Wireless BlackBerry
Ray Peck
replied Apr 12, 2011
I ve heard that anti-virus either does not make that much sense for Unix or is not that needed; but I ve seen products are out there now for it. So what is standard practice for Solaris system admins out there.
Chris Baker
replied Apr 13, 2011
There are many levels of security available in the OS, and a well maintained
system can be highly resistant to many types of attack. Windows viruses of course cannot propagate on a
UNIX system, so a Solaris machine
running a commercial or open source virus scanner can be a strong asset in a
largely windows environment in that it cannot be compromised using approaches that may work on Windows.
Rgds
C
PS - some good hints here:
387324623 774
Robert Sullivan
Following is a snippet from an article which explains why Unix is not as prone to viruses as windows.
Oh it can, but it heavily depends on what kind of virusses and in what way.
For example; Unix isn t safe for the so called trojan horse virusses; but
when used in a sane manner the damage will always be limited to the users own
homedirectory and/or other personal files on the system. The system itself
won t be harmed.
The reason why is obvious: a user doesn t own all the files on the system and
as such doesn t have the option to access them all.
When you wish to attack the system itself you d be looking at trying to gain
root access. And that is close to impossible when it comes to automating this
since there are just too many possible scenario s out there.
For example; suppose you wish to compromise a system using a backdoor in a
certain program which has been installed suid execute as user, and its owned
by root. You d have to be able and get the version of the program so that you
can be sure its exploitable. Not all programs support this. You can t simply
assume that Unix version 6 will always have this program available, even if
we re talking about system-related binaries.
replied Apr 20, 2011
Thank you for your responses. They were enlightening. I went into this with the un-researched assumption that anti-virus wasn t needed on Unix. After researching further, it seems Unix antivirus software is not used in many installations, there are all kinds of other measures a good system administrator can take, it hasn t been much of an issue, there aren t that many attacks designed for Unix systems relatively speaking and the nature of Unix makes it less likely--but that it can happen. And with the ballooning of new malware which has increased remarkably in the Windows world over the past year it seems it s worth adding as another layer of protection. I admit, I m also dubious about the Unix world remaining as safe as it s been, if only because the core servers that control the most sensitive areas use it. If anyone has any other comments, feel free to jump in.
michael steele
You will never hear of a virus taking control of the UNIX kernel. Why. Unlike the registry driven windows O/S, UNIX kernels are compiled binaries and inaccessible once loaded into memory.
Not so with in Windows where a virus gets loaded into memory very easily.
iI there is ever an attack in UNIX then it will be to patches and modules grouped together during a recompile of the kernel. But there are many, many checks that make this difficult in Copyrighted versions of UNIX like HPUX and AIX but Solaris to a lesser extent because SUN now Oracle, will support customer changes. HPUX and AIX will tell you that you ve put the O/S into an unknown and unsupported state and we will force you to put it back to a known state before we assist you.
Not so with Red Hat or Suse or any other open systems O/S. Why. Because these are O/S built by hobbyists and these hobbyists retain the right to make changes to the O/S. Consequently, Red Hat will continue to support you no matter how many modifications you make. For example, I have a Red Hat box with over 20,000 O/S errors recorded and Red Hat could care less. If I get one error in an AIX box they have the solution. In HP-UX they let me have 4,000 or so errors before they will make the statement . .your O/S is in an unsupported and unknown state
How do you find these errors.
These native O/S commands are far better than ANY Third Party Off the Shelf Bogus Application.
In Solaris its pkgchk -n
In Red Hat its rpm -Va
In HP-UX its swverify
In AIX its lppchk -vm3
I repeat, these commands will verify the integrity of your UNIX O/S FAR better than any 3rd party off the shelf yet unmade non - native application.
.
kartik vashishta
Let s say you have a UNIX server - serving filesystems via SAMBA to windows
clients who write to it. In such circumstances anti-virus protection becomes
necessary. I have used Clamwin on Solaris to good measure.
harshit singh
replied Apr 21, 2011
Unix systems are rarely attacked by virus..as like in Windows the. exe
format are most of the times culprit of virus, but.exe files are not
executed in Unix systems. Also other scripts if it contains virus would
not be able to run because of high level of security in UNIX kernel..the
scripts cannot be executed without effective file permission.
As a whole UNIX is the best.
Thanks and Regards
Harshit Kumar Singh
Oghenevwairhe Emefe
Viruses cannot run in Solaris so there is no need for antivirus
Sent from my Nokia phone
Paul_Pedant
There were a huge number of exploits notified by Sun a couple of years back, with patches to fix them. The same bug showed up in a lot of the utilities that had been coded the same way.
Basically, many programs did not check for buffer over-run. It was possible to fake an input line that might be say 3048 bytes long. If you then passed that into a standard utility that used gets to read into a buffer of 2048 bytes and did not check for over-run, you could then plant 1000 extra bytes into the utility memory.
Because the sources were online, it was possible to figure out what bytes would be corrupted, and how they would then be accessed. So it was possible to design your implant to subvert the program, by changing data or stack objects near to the buffer depending where the buffer was allocated.
If you had a utility that ran with suid, then you had a potential hook into root and had the whole system opened up.
OK, it was hard to do more so than conning some dumb cluck to open an attachment.exe or a VBmacro.doc but it was entirely feasible, and so much more rewarding.
Incidentally, Brian Kernighan claims there is a hidden user/password in every Unix system, and it is undetectable does not appear in the source. There is a description of how it was done somewhere out there, but I can t find my link. However, try 28computing 29
Basically, the C compiler once had a source patch that made it embed some object code into itself being written in C, the C compiler gets to compile itself.
Say that patched version was V12. Then the patch was removed, and the V12 compiler was used to recompile V13. But V12 has code to inject some sourceless object into V13 too. And V13 to V14. And so on. And don t quibble about sourceless object. Generating executable code is what compilers do.
And apart from the code that just copies itself a virus by any other name, there is another block of sourceless object code in there. What for. It recognizes when it is compiling the Login process, and adds a hidden username/password entry to the ones it gets from /etc/password. Job done.
ENDS
Sorry - the full Ken Thompson paper is actually referred to from the WikiPedia article.
Don t be naive. All systems are vulnerable. All.
replied Apr 22, 2011
Very interesting postings. I ran the pkgchk -n and found a number of permissions that were different. Not too bad though. And Paul--fascinating examples. I m sure we will hear of more. I appreciate all the feedback.
4129412.
Experts Exchange Questions Anti-Virus for Solaris 10. F-prot has an antivirus for Solaris, I have a bunch of FREE tools I use to clean these.
