Solaris 10 Antivirus Software

Search Scope:

  This Document

  Entire Library

About Virus Scanning

Data is protected from viruses by a scanning service, vscan, that uses

various scan engines. A scan engine is a third-party application, residing on an external

host, that examines a file for known viruses. A file is a candidate

for virus scanning if the file system supports the vscan service, the

service has been enabled, and the type of file has not been

exempted. The virus scan is then performed on a file during open

and close operations if the file has not been scanned with the current

virus definitions previously or if the file has been modified since it

was last scanned.

The vscan service can be configured to use multiple scan engines. It

is recommended that the vscan service use a minimum of two scan

engines. The requests for virus scans are distributed among all available scan

engines. Table 4-1 shows the scan engines that are supported when configured with

their most recent patch.

Table 4-1 Antivirus Scan Engine Software

Symantec Antivirus Scan Engine 4.3

Is supported

Symantec

Antivirus Scan Engine 5.1

Computer Associates eTrust AntiVirus 7.1

Computer Associates Integrated Threat

Management 8.1

Trend Micro Interscan Web Security Suite IWSS 2.5

McAfee Secure Internet

Gateway 4.5

1Requires installation of the Sun StorageTek 5000 NAS ICAP

Server for Computer Associates Antivirus Scan Engine. Get the package from

the Sun Download Center.

Copyright 2002, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices.

About Virus Scanning - Oracle Solaris Administration: Security Services

Anti virus software for Solaris? What are they thinking?

Update: Anti virus software for Solaris. What are they thinking. By user12611852 on Aug 01, 2007.

Release Notes for McAfee Agent 4.5 for Solaris 10 x86 a. In the ePolicy Orchestrator 4.0 console, click Software. b. Click Master Repository.

Recently, the US DoD introduced an updated version of their Security Technical Implementation Guide Checklist aka STIG for Unix platforms.  They added a requirement for Anti-Virus software to be installed and rated it as a Category I highest requirement.  Within the DoD, you must follow this checklist in order to get Authority to Connect to the network.  It is EXTREMELY difficult to get a waiver to ignore a Category I finding.

To quote the most recent March 2007 checklist:

GEN006640 – Virus Protection Software

Check for the existence of the Mcafee command line scan tool to be executed weekly in the cron file.  The Mcafee command line scanner is available for most Unix/Linux operating systems.  Additional tools specific for each operating system are also available and will have to be manually reviewed if they are installed.  In addition, the defintions file should not be older than 14 days.

 I have been researching the offerings of  major and minor AV vendors.  Please feel free to make corrections or additions to this list via the Comments feature of blogs.sun.com

TrendMicroNo host-based anti-virus software for Solaris either platform

SymantecNo host-based anti-virus software for Solaris either platform

McAfeeCommand Line anti-virus for Solaris 10 Sparc and plans for X64 platformF-ProtHas anti-virus for Solaris on Sparc and X64 platforms.  F-Prot is based in Iceland. I m not sure if the DoD can use their software.CAWeb site claims support for Sun Solaris 8 and greater.  Unclear on Sparc/X64 platforms.Central CommandReports supporting Sun Solaris 9 or SunOS 5.9 on Sparc onlyAvastReports having anti-virus scanner for Solaris 8-10 on Sparc and X64 platforms.  Based in Prague,

Czech Republic.

Clam AV Open source project.  Now owned by SourceFire.

Has binary build for Solaris on Sparc and X64 platforms at blastwave.orgCyberSoftVFind has support for Solaris 2.5.1, 2.6, 7, 8, 9 and 10 on Sparc and X64. Based in

Conshohocken, PA.

I have also perused their virus databases in an attempt to prove with data what I know in my heart, ie. there are really no damaging Solaris viruses.McAfeeTwo malware findings.  Each rated as low threat. One requires that telnet port be open which most enterprises closeSymantec11 Total findings, most of which are vulnerabilities rather than viruses.  These vulnerabilities can all be dealt with via existing Solaris patches.

Trend Micro

13 finding, most of which were vulnerabilities and DoS warnings some of which were over 7 years old.F-ProtLists only 2 Unix viruses that affect Apache on BSD and Linux platforms dated from 2002.

 

A similar search of the McAfee malware database for Windows XP returned 5300 results.

Apparently this requirement is derived from the NISPOM as evidenced by this email from a customer:

The NISPOM, referenced in the DSS scenario below is the _National

Industrial Security Program Operation Manual_ DoD 5220.22M - Feb 28,

2006

Chapter 8 of the NISPOM deals with Information System IS Security.

    8-103. The information Systems Security Manager ISSM shall:

    8-103.f. 5 Implement security features for the detection of

malicious code, viruses, and intruders hackers, as appropriate.

    8-305 Malicious Code. Policies and procedures to detect and deter

incidents caused by malicious code, such as viruses or unauthorized

modification to software shall be implemented.  All files must be

checked for viruses before being introduced to an IS and checked for

other malicious code as feasible. The use of personal or public domain

software is strongly discouraged. Each installation of such software

must be approved by the ISSM. 

In my mind, the key portion of this excerpt would be the phrase, as appropriate.   While it is certainly appropriate to install anti-virus software on a MS Windows platform, I can t see where it would be appropriate for a Solaris platform.

 I am doing all of this work in an attempt to get the DISA Field Security Office to

eliminate the requirement or at best, reduce its severity.  If you are also running into this issue, please email me or add a comment to my blog.  At this time, I understand that DISA is planning to lower the rating of this finding to Category II.  I don t know when this change might occur.

Solaris has a number of features that can help secure your system without anti-virus software including:Signed binariesBasic Audit and Reporting Tool BART

No stack executionMandatory Access Control when Trusted Extensions are enabled Solaris Containers

A white paper on Solaris security is available.  The Solaris Security Toolkit supports the hardening of Solaris 10.

Why you should care.

Solaris is known for its security.  Placing a requirement for anti-virus software on Solaris is preventing some customers from deploying it because of the paperwork required to get a waiver.  In particular, requiring Solaris users to install software that specifically searches for malware that primarily attacks a competitive platform Windows would appear to put Sun at a competitive disadvantage.

solaris 10 antivirus software

Anti-Virus for Solaris 10. Question by: SteveK2003 On 2006-08-23 AM. Unix OS; OS Security; so they require antivirus software on all their Windows boxes.

This may be a silly question but is anti-virus/anti-malware software recommended for Solaris or Linux systems. If so, do you have any recommendations.

Looks to me like if you ve got a Solaris system, you re pretty much screwed. My managers are demanding anti-virus software on all machines including Solaris.

solaris 10 antivirus software solaris 10 antivirus software