AntiVirus on Servers?
-
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
Depends, if it is a Windows file server, I would generally like to have it. Other than that, I normally don't. We rarely run Windows on servers, so that generally solves the problem right there.
And in case of a Linux fileserver? I did that, not a big problem.
ClamAV if you feel the need
Yeah, I know, but would you do it?
Not normally, the end points do it already.
But wouldn't that mean that you actually trust your endpoints?
/me takes cover
I don't trust anyone using legacy file serving
-
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
Depends, if it is a Windows file server, I would generally like to have it. Other than that, I normally don't. We rarely run Windows on servers, so that generally solves the problem right there.
And in case of a Linux fileserver? I did that, not a big problem.
ClamAV if you feel the need
Yeah, I know, but would you do it?
Not normally, the end points do it already.
But wouldn't that mean that you actually trust your endpoints?
/me takes cover
Or... maybe it is that I don't care, let the helpdesk deal with those issues
-
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
Depends, if it is a Windows file server, I would generally like to have it. Other than that, I normally don't. We rarely run Windows on servers, so that generally solves the problem right there.
And in case of a Linux fileserver? I did that, not a big problem.
ClamAV if you feel the need
Yeah, I know, but would you do it?
I think it's only useful if the server is hosting files that Windows clients will be using. If it's non-windows from file storage to clients then I don't think it will make much difference.
-
@emad-r said in AntiVirus on Servers?:
@nerdydad said in AntiVirus on Servers?:
@black3dynamite said in AntiVirus on Servers?:
Windows Server 2016 comes Windows Defender Antivirus
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016And then I install the real antivirus onto the server.
But does Windows server allow you to install AV on the server with Defender ? feels like it this day an age it will penalize any 3rd party software.
Defender plays nice with webroot, can't speak for other AV programs.
-
I run Webroot on some http, Exchange, CRM, MSSQL, file servers here without issue.
-
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
Depends, if it is a Windows file server, I would generally like to have it. Other than that, I normally don't. We rarely run Windows on servers, so that generally solves the problem right there.
And in case of a Linux fileserver? I did that, not a big problem.
ClamAV if you feel the need
Yeah, I know, but would you do it?
Not normally, the end points do it already.
But wouldn't that mean that you actually trust your endpoints?
/me takes cover
Nope, that's why I run an IDS like Wazuh everywhere I can.
-
AV on a file server only protects against users stashing malware on there.
For example, if someone's homedrive has malware.exe in it, the AV running on the file server will kill it.
This is file server OS agnostic, and should be on there regardless of OS. Simply being Linux does not protect against this.
You can't count on client OSs to keep fileservers free of malware, so you definitely need it on every fileserver.
-
@tim_g said in AntiVirus on Servers?:
AV on a file server only protects against users stashing malware on there.
Well, my point was simple: If you don't protect your server too, you automatically trust either your clients, your IDS or both, whatever applies. If you put AV on a fileserver, you don't need to worry about proper AV - in terms of malware - on your IDS or clients, you check the files on your own.
For example, if someone's homedrive has malware.exe in it, the AV running on the file server will kill it.
This is file server OS agnostic, and should be on there regardless of OS. Simply being Linux does not protect against this.
You can't count on client OSs to keep fileservers free of malware, so you definitely need it on every fileserver.
OK, you basically wrote the same here
-
Yeah, the fileserver being Linux has no bearing. A file server is a file server. Users can put whatever they want on there, if they have write access.
Nobody plays on the fileserver itself, and most likely no GUI, so you don't need protections for that reason.
You just need a way to keep your directories clean and free of infectious files. There shouldn't be because a users computer accessing the fileserver in the first place should have the same AV, so from that point of view I can see why the server itself wouldn't need anything.
-
@tim_g said in AntiVirus on Servers?:
Yeah, the fileserver being Linux has no bearing. A file server is a file server. Users can put whatever they want on there, if they have write access.
Nobody plays on the fileserver itself, and most likely no GUI, so you don't need protections for that reason.
You just need a way to keep your directories clean and free of infectious files. There shouldn't be because a users computer accessing the fileserver in the first place should have the same AV, so from that point of view I can see why the server itself wouldn't need anything.
For file servers, do you have your antivirus set to on demand and have it on quick and full scan schedules?
-
@black3dynamite said in AntiVirus on Servers?:
@tim_g said in AntiVirus on Servers?:
Yeah, the fileserver being Linux has no bearing. A file server is a file server. Users can put whatever they want on there, if they have write access.
Nobody plays on the fileserver itself, and most likely no GUI, so you don't need protections for that reason.
You just need a way to keep your directories clean and free of infectious files. There shouldn't be because a users computer accessing the fileserver in the first place should have the same AV, so from that point of view I can see why the server itself wouldn't need anything.
For file servers, do you have your antivirus set to on demand and have it on quick and full scan schedules?
I put AV on all file servers. It never fails that it eventually finds things. It has in every case so far, which it shouldn't because all endpoints connecting to the file servers have the same AV the file servers use.
But to answer your question, it does different scans depending on the situation. I forget exactly what they are now without looking... But one is like after every definition update, a quick scan of some sort. A quick something after boot up, a full scan at some point. I'll have to look to get more specific.
I could be completely off, I don't remember.
-
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
-
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
I actually have a family member that leaves their common door unlocked all of the time. Common door meaning the door that they use all of the time and not the front door.
-
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
-
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
If the servers aren't "serving" anything out, then what would be the purpose of the servers?
-
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
-
@nerdydad said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
If the servers aren't "serving" anything out, then what would be the purpose of the servers?
AV only is for files, not other traffic. Which is nearly everything outside of the SMB. FIle sharing is a minor task percentage wise. Think about a database server, for example. Or a proxy, or a load balancer, or an XMPP server, or a PBX....
-
@nashbrydges said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
Nextcloud is a file server, so I'd use it there for sure.
-
@scottalanmiller said in AntiVirus on Servers?:
@nashbrydges said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
Nextcloud is a file server, so I'd use it there for sure.
Why? Because nextcloud itself does not ever execute the files.
-
@jaredbusch said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@nashbrydges said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
Nextcloud is a file server, so I'd use it there for sure.
Why? Because nextcloud itself does not ever execute the files.
To make sure people aren't sending infected or risky files.
