5
AleCx04
5y

Our Networks manager just send a mass email to the rest of it stating that some of our Linux servers need to have an antivirus installed.

He mentioned cisco AMP for Linux. Just saw the email like 2 mins ago so i have not researched anything.

Is that a thing that some of you that are more on the networking side and security side would recommend?

Never heard of installing an anti virus on linux which is why i ask and i don't know shit about cisco.

Comments
  • 2
    Why should you have no Antivirus on Linux? Linux is not Safe from viruses
  • 3
    @leon3103 i know that no os is safe from viruses, bu would normally think that it goes more on the side of monitoring the server for outside access and stuff like that
  • 13
    if someone uploads a file with a malware to a Linux server, a windows user will be able to download it and get infected. That's one use for Linux AV.

    Tho I try to stay away from any Linux AVs. They just feel.. wrong. Like wearing a condom when attending an urologist.
  • 2
    We have bit defender for Linux. It is a crap shoot whether it locks up my machine when it runs...
  • 2
    @Haxk20 And not have coworkers.
  • 3
    @Haxk20 if only that were enough to be secure :)
  • 2
    @Haxk20 "you dont need fucking av ..." comment is not entirely true. You can be super hero in it admin and still not see a gateway for a malware to slip in. That's all thanks to buggy sw, buggy protocols. Smbv1-v3, mdns, nw attacks at low tcp, ip or even eth layers. Like eternalblue, petya or wannacry. You will never have a chance to see the buggar slipping in, even better, you may not even know you have had a sleeper for 2 months that slipped in at night, while you were at home.
    And you may not know your pc is attacking your coleagues [mirror-attacks] if you don't know you have buggy sw, implementing buggy protocols.

    At the end of the day it boils down to simply being lucky :)
  • 3
    @Haxk20 it is indeed :) if it works. And if it's not legit traffic that you need for your bau that can be exploited [dns, arp, smb, etc]. Then you cannot block that traffic. Bcz you need it :) that's why you need the 'lucky' card..

    But these are prolly rare cases and not smth av would protect.

    It's a cruel world when you think about it 😁 a wild jungle..

    FTR clamav on one of our linux servers happened to catch a malignant pdf in one of our systems. Apparently it was crafted to exploit adobe reader for rce [had a cve#]. These pdf files could have infected thousands of our customers :) thanks to clam we could at least prevent that vector
  • 1
    There's no "safe" space in IT. Just spaces that aren't worth the effort to break-in.

    We use an av to screen all files entering our file archives(rest API with background workers)...
  • 2
    @AleCx04
    Yep,
    There's Sophos AV, which seems very proficient on the last years.
    Collaborating and researching on the level of Kaspersky and such.
    Its CLI environment is free, analytics and webend though are to be paid.
    Hfgl
Add Comment