• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

New guy here with a question

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
Aftiel
Just Arrived
Just Arrived


Joined: 17 Oct 2005
Posts: 0


Offline

PostPosted: Wed Oct 19, 2005 1:20 am    Post subject: New guy here with a question Reply with quote

Hey all, great forums by the way. Lots of information and folks with knowledge.

I run Fedora Core.

3 other computers in the house run Windows XP Home Edition.

I can access them (Windows shares) without a problem.

I would like to be able to run a virus scan on the Windows machines FROM my Linux box.

i.e. scan them all without having to go to each machine individually.

I Googled. I fell flat. The difference in file system types appears to be the impass.

Is there a way to run a virus scanner from Linux that scans Windows network shares?

I await an education.

- Aftiel
Back to top
View user's profile Send private message
hugo
Forum Fanatic
Forum Fanatic


Joined: 14 Jun 2003
Posts: 16777215
Location: Netherlands, Europe

Offline

PostPosted: Wed Oct 19, 2005 8:20 am    Post subject: Reply with quote

From the Windows computer you could set-up a share especially for your Linux box's virusscanner: export the drive(s) you want to scan, of course protected with a password.

Then, from your Linux machine, you can then mount this network share as if it is a local drive, and you can perform a virus-scan on it.

If your Windows box is exporting \SomeDrive; i.e. \\WINDOWSBOX1\SomeDrive, you can mount this on you Linux box in the directory /mount_point with the following command:
Code:
~# mount -t smbfs //WINDOWSBOX1/SomeDrive /mount_point -o 'username=linuxbox,password=s3cr3t'
.

Hope this helps.
Back to top
View user's profile Send private message
dannyboy 950
Lurker
Lurker


Joined: 27 Dec 2004
Posts: 10
Location: Port Arthur Texas

Offline

PostPosted: Wed Oct 19, 2005 1:51 pm    Post subject: a question on this Reply with quote

What is the advantage/disadvantage of running an AV from one machine to scan others, as opposed to haveing the AV software installed on each machine and just contoling its actions from the central control machine.

To me it would be better to have the software on each machine to take advantage of any reaal time protections it would have.

Just my view
Back to top
View user's profile Send private message
Aftiel
Just Arrived
Just Arrived


Joined: 17 Oct 2005
Posts: 0


Offline

PostPosted: Wed Oct 19, 2005 4:41 pm    Post subject: Reply with quote

hugo,

thanks, that is a great idea. I already have shares mounted, so going from there will be easy.


danny,

great question. I have a family that runs windows, and I fight to keep the machines from being bloated adware monsters.

I have them set up so every download goes to a single directory, so scanning from my machine will allow me to be:

1. LAZY Smile

2. keep track better of what is happening on my network.

Real time virus protection is nice, however it also results in cpu load, slow machines, etc. (which the family complains about)

So I am slowly streamlining their machines and they are much happier.

I have them setup with

Firefox
Adaware SE
Kerio firewall
and a single download directory

so that is why I want to do it this way. But again, the main reason is so I dont have to move out of my chair to clean a virus problem lol

Thanks much for the replies

- Aftiel
Back to top
View user's profile Send private message
The_Real_Gandalf
Trusted SF Member
Trusted SF Member


Joined: 14 Apr 2004
Posts: 0
Location: Athens,Greece

Offline

PostPosted: Thu Oct 20, 2005 9:17 am    Post subject: Reply with quote

cost:estimated about 150-160 us dollars..

Nod32 or E-trust antivirus server for Linux machines.

they both come with 5 licenses for clients and you can set it up easilly enough to manage and control all machines. You can still disable realtime scan, and also reduce network traffic as a scan over the network on samba mounted drives, will cost in bandwidth and network performance.

Gandalf
Back to top
View user's profile Send private message Visit poster's website AIM Address
hugo
Forum Fanatic
Forum Fanatic


Joined: 14 Jun 2003
Posts: 16777215
Location: Netherlands, Europe

Offline

PostPosted: Thu Oct 20, 2005 5:09 pm    Post subject: Re: a question on this Reply with quote

dannyboy 950 wrote:
..as opposed to haveing the AV software installed on each machine and just contoling its actions from the central control machine.

Yeah, I'd rather run the software locally too. Although... There are pro's and cons for both situations:

Running AV software 'remotely'
Pro's:
- If local AV software is compromised, virii will still be detected.
Cons:
- If say, network share-handling DLLs are trojaned, these could 'fake' the files to be OK when it's being read by another machine.

Running AV software locally
Pro's:
- If network DLLs are trojaned, this could be detected by the AV software.
Cons:
- AV software could be targetted by malware and thus disabled.

So, concluding, it would actually be the best scenario to do both on a regular basis.
Back to top
View user's profile Send private message
union
Just Arrived
Just Arrived


Joined: 16 Mar 2003
Posts: 1
Location: Slovenia

Offline

PostPosted: Thu Oct 27, 2005 1:32 pm    Post subject: Reply with quote

Biggest plus IMHO is that, you don't have problems whit antivirus on client machines. I can't tell you how many times i get calls because some antivirus proggy start flashing about end of the world. Of course if you have users whit a clue that isn't a problem.

Second, while it is possible that virus changes net dll's like hugo suggested, but i have never heard of such a thing, but there have been several viruses that attacked host antivirus programs.

Best solution probably is combining the two. Have host based one, and then regulary check whit remote one, just in case.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register