Re: Running AV via SSH? (Was: Re: Bad Antivirus)

[Tracy Reed <treed () ultraviolet org>]

On Thu, Feb 14, 2013 at 06:26:29AM PST, Michael Peppard spake thusly:
> The scan is a stopgap for killing the functionality of the virus and to get
> information on the virus, it's not the first or last line of defence. 

So if the antivirus does not detect anything, what is your next step?

> If the virus makes it past the antivirus, the antivirus has to be reinstalled
> at a minimum. If the virus is unknown or has a rootkit which all your
> antivirus/rootkit tools are incapable of getting rid of then the machine has
> to be rebuilt off a clone for that type of desktop or server. 

I would say the machine has to be reinstalled. And I always recommend reinstall
regardless of whether the AV says it has "cleaned" the machine.

> Why bother trying to save the machine? Because endusers get fussy when they
> can't get kitten emails from their friends all day.

What's more important? The end-users kittens or the security of the enterprise?
If your execs don't understand and support you on this you are sunk anyway.

-- 
Tracy Reed

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------