View previous topic :: View next topic |
Author |
Message |
Aftiel Just Arrived
Joined: 17 Oct 2005 Posts: 0
|
Posted: Wed Oct 19, 2005 1:20 am Post subject: New guy here with a question |
|
|
Hey all, great forums by the way. Lots of information and folks with knowledge.
I run Fedora Core.
3 other computers in the house run Windows XP Home Edition.
I can access them (Windows shares) without a problem.
I would like to be able to run a virus scan on the Windows machines FROM my Linux box.
i.e. scan them all without having to go to each machine individually.
I Googled. I fell flat. The difference in file system types appears to be the impass.
Is there a way to run a virus scanner from Linux that scans Windows network shares?
I await an education.
- Aftiel
|
|
Back to top |
|
|
hugo Forum Fanatic
Joined: 14 Jun 2003 Posts: 16777215 Location: Netherlands, Europe
|
Posted: Wed Oct 19, 2005 8:20 am Post subject: |
|
|
From the Windows computer you could set-up a share especially for your Linux box's virusscanner: export the drive(s) you want to scan, of course protected with a password.
Then, from your Linux machine, you can then mount this network share as if it is a local drive, and you can perform a virus-scan on it.
If your Windows box is exporting \SomeDrive; i.e. \\WINDOWSBOX1\SomeDrive, you can mount this on you Linux box in the directory /mount_point with the following command:
Code: |
~# mount -t smbfs //WINDOWSBOX1/SomeDrive /mount_point -o 'username=linuxbox,password=s3cr3t' |
.
Hope this helps.
|
|
Back to top |
|
|
dannyboy 950 Lurker
Joined: 27 Dec 2004 Posts: 10 Location: Port Arthur Texas
|
Posted: Wed Oct 19, 2005 1:51 pm Post subject: a question on this |
|
|
What is the advantage/disadvantage of running an AV from one machine to scan others, as opposed to haveing the AV software installed on each machine and just contoling its actions from the central control machine.
To me it would be better to have the software on each machine to take advantage of any reaal time protections it would have.
Just my view
|
|
Back to top |
|
|
Aftiel Just Arrived
Joined: 17 Oct 2005 Posts: 0
|
Posted: Wed Oct 19, 2005 4:41 pm Post subject: |
|
|
hugo,
thanks, that is a great idea. I already have shares mounted, so going from there will be easy.
danny,
great question. I have a family that runs windows, and I fight to keep the machines from being bloated adware monsters.
I have them set up so every download goes to a single directory, so scanning from my machine will allow me to be:
1. LAZY
2. keep track better of what is happening on my network.
Real time virus protection is nice, however it also results in cpu load, slow machines, etc. (which the family complains about)
So I am slowly streamlining their machines and they are much happier.
I have them setup with
Firefox
Adaware SE
Kerio firewall
and a single download directory
so that is why I want to do it this way. But again, the main reason is so I dont have to move out of my chair to clean a virus problem lol
Thanks much for the replies
- Aftiel
|
|
Back to top |
|
|
The_Real_Gandalf Trusted SF Member
Joined: 14 Apr 2004 Posts: 0 Location: Athens,Greece
|
Posted: Thu Oct 20, 2005 9:17 am Post subject: |
|
|
cost:estimated about 150-160 us dollars..
Nod32 or E-trust antivirus server for Linux machines.
they both come with 5 licenses for clients and you can set it up easilly enough to manage and control all machines. You can still disable realtime scan, and also reduce network traffic as a scan over the network on samba mounted drives, will cost in bandwidth and network performance.
Gandalf
|
|
Back to top |
|
|
hugo Forum Fanatic
Joined: 14 Jun 2003 Posts: 16777215 Location: Netherlands, Europe
|
Posted: Thu Oct 20, 2005 5:09 pm Post subject: Re: a question on this |
|
|
dannyboy 950 wrote: |
..as opposed to haveing the AV software installed on each machine and just contoling its actions from the central control machine. |
Yeah, I'd rather run the software locally too. Although... There are pro's and cons for both situations:
Running AV software 'remotely'
Pro's:
- If local AV software is compromised, virii will still be detected.
Cons:
- If say, network share-handling DLLs are trojaned, these could 'fake' the files to be OK when it's being read by another machine.
Running AV software locally
Pro's:
- If network DLLs are trojaned, this could be detected by the AV software.
Cons:
- AV software could be targetted by malware and thus disabled.
So, concluding, it would actually be the best scenario to do both on a regular basis.
|
|
Back to top |
|
|
union Just Arrived
Joined: 16 Mar 2003 Posts: 1 Location: Slovenia
|
Posted: Thu Oct 27, 2005 1:32 pm Post subject: |
|
|
Biggest plus IMHO is that, you don't have problems whit antivirus on client machines. I can't tell you how many times i get calls because some antivirus proggy start flashing about end of the world. Of course if you have users whit a clue that isn't a problem.
Second, while it is possible that virus changes net dll's like hugo suggested, but i have never heard of such a thing, but there have been several viruses that attacked host antivirus programs.
Best solution probably is combining the two. Have host based one, and then regulary check whit remote one, just in case.
|
|
Back to top |
|
|
|