Solaris 10 Antivirus Software
Search Scope:
This Document
Entire Library
About Virus Scanning
Data is protected from viruses by a scanning service, vscan, that uses
various scan engines. A scan engine is a third-party application, residing on an external
host, that examines a file for known viruses. A file is a candidate
for virus scanning if the file system supports the vscan service, the
service has been enabled, and the type of file has not been
exempted. The virus scan is then performed on a file during open
and close operations if the file has not been scanned with the current
virus definitions previously or if the file has been modified since it
was last scanned.
The vscan service can be configured to use multiple scan engines. It
is recommended that the vscan service use a minimum of two scan
engines. The requests for virus scans are distributed among all available scan
engines. Table 4-1 shows the scan engines that are supported when configured with
their most recent patch.
Table 4-1 Antivirus Scan Engine Software
Symantec Antivirus Scan Engine 4.3
Is supported
Symantec
Antivirus Scan Engine 5.1
Computer Associates eTrust AntiVirus 7.1
Computer Associates Integrated Threat
Management 8.1
Trend Micro Interscan Web Security Suite IWSS 2.5
McAfee Secure Internet
Gateway 4.5
1Requires installation of the Sun StorageTek 5000 NAS ICAP
Server for Computer Associates Antivirus Scan Engine. Get the package from
the Sun Download Center.
Copyright 2002, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices.
Anti virus software for Solaris? What are they thinking?
Update: Anti virus software for Solaris. What are they thinking. By user12611852 on Aug 01, 2007.
Release Notes for McAfee Agent 4.5 for Solaris 10 x86 a. In the ePolicy Orchestrator 4.0 console, click Software. b. Click Master Repository.
Recently, the US DoD introduced an updated version of their Security Technical Implementation Guide Checklist aka STIG for Unix platforms. They added a requirement for Anti-Virus software to be installed and rated it as a Category I highest requirement. Within the DoD, you must follow this checklist in order to get Authority to Connect to the network. It is EXTREMELY difficult to get a waiver to ignore a Category I finding.
To quote the most recent March 2007 checklist:
GEN006640 – Virus Protection Software
Check for the existence of the Mcafee command line scan tool to be executed weekly in the cron file. The Mcafee command line scanner is available for most Unix/Linux operating systems. Additional tools specific for each operating system are also available and will have to be manually reviewed if they are installed. In addition, the defintions file should not be older than 14 days.
I have been researching the offerings of major and minor AV vendors. Please feel free to make corrections or additions to this list via the Comments feature of blogs.sun.com
TrendMicroNo host-based anti-virus software for Solaris either platform
SymantecNo host-based anti-virus software for Solaris either platform
McAfeeCommand Line anti-virus for Solaris 10 Sparc and plans for X64 platformF-ProtHas anti-virus for Solaris on Sparc and X64 platforms. F-Prot is based in Iceland. I m not sure if the DoD can use their software.CAWeb site claims support for Sun Solaris 8 and greater. Unclear on Sparc/X64 platforms.Central CommandReports supporting Sun Solaris 9 or SunOS 5.9 on Sparc onlyAvastReports having anti-virus scanner for Solaris 8-10 on Sparc and X64 platforms. Based in Prague,
Czech Republic.
Clam AV Open source project. Now owned by SourceFire.
Has binary build for Solaris on Sparc and X64 platforms at blastwave.orgCyberSoftVFind has support for Solaris 2.5.1, 2.6, 7, 8, 9 and 10 on Sparc and X64. Based in
Conshohocken, PA.
I have also perused their virus databases in an attempt to prove with data what I know in my heart, ie. there are really no damaging Solaris viruses.McAfeeTwo malware findings. Each rated as low threat. One requires that telnet port be open which most enterprises closeSymantec11 Total findings, most of which are vulnerabilities rather than viruses. These vulnerabilities can all be dealt with via existing Solaris patches.
Trend Micro
13 finding, most of which were vulnerabilities and DoS warnings some of which were over 7 years old.F-ProtLists only 2 Unix viruses that affect Apache on BSD and Linux platforms dated from 2002.
A similar search of the McAfee malware database for Windows XP returned 5300 results.
Apparently this requirement is derived from the NISPOM as evidenced by this email from a customer:
The NISPOM, referenced in the DSS scenario below is the _National
Industrial Security Program Operation Manual_ DoD 5220.22M - Feb 28,
2006
Chapter 8 of the NISPOM deals with Information System IS Security.
8-103. The information Systems Security Manager ISSM shall:
8-103.f. 5 Implement security features for the detection of
malicious code, viruses, and intruders hackers, as appropriate.
8-305 Malicious Code. Policies and procedures to detect and deter
incidents caused by malicious code, such as viruses or unauthorized
modification to software shall be implemented. All files must be
checked for viruses before being introduced to an IS and checked for
other malicious code as feasible. The use of personal or public domain
software is strongly discouraged. Each installation of such software
must be approved by the ISSM.
In my mind, the key portion of this excerpt would be the phrase, as appropriate. While it is certainly appropriate to install anti-virus software on a MS Windows platform, I can t see where it would be appropriate for a Solaris platform.
I am doing all of this work in an attempt to get the DISA Field Security Office to
eliminate the requirement or at best, reduce its severity. If you are also running into this issue, please email me or add a comment to my blog. At this time, I understand that DISA is planning to lower the rating of this finding to Category II. I don t know when this change might occur.
Solaris has a number of features that can help secure your system without anti-virus software including:Signed binariesBasic Audit and Reporting Tool BART
No stack executionMandatory Access Control when Trusted Extensions are enabled Solaris Containers
A white paper on Solaris security is available. The Solaris Security Toolkit supports the hardening of Solaris 10.
Why you should care.
Solaris is known for its security. Placing a requirement for anti-virus software on Solaris is preventing some customers from deploying it because of the paperwork required to get a waiver. In particular, requiring Solaris users to install software that specifically searches for malware that primarily attacks a competitive platform Windows would appear to put Sun at a competitive disadvantage.
Anti-Virus for Solaris 10. Question by: SteveK2003 On 2006-08-23 AM. Unix OS; OS Security; so they require antivirus software on all their Windows boxes.
This may be a silly question but is anti-virus/anti-malware software recommended for Solaris or Linux systems. If so, do you have any recommendations.
Looks to me like if you ve got a Solaris system, you re pretty much screwed. My managers are demanding anti-virus software on all machines including Solaris.