AntiVirus on Servers?
-
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@thwr said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
Depends, if it is a Windows file server, I would generally like to have it. Other than that, I normally don't. We rarely run Windows on servers, so that generally solves the problem right there.
And in case of a Linux fileserver? I did that, not a big problem.
ClamAV if you feel the need
Yeah, I know, but would you do it?
Not normally, the end points do it already.
But wouldn't that mean that you actually trust your endpoints?
/me takes cover
Nope, that's why I run an IDS like Wazuh everywhere I can.
-
AV on a file server only protects against users stashing malware on there.
For example, if someone's homedrive has malware.exe in it, the AV running on the file server will kill it.
This is file server OS agnostic, and should be on there regardless of OS. Simply being Linux does not protect against this.
You can't count on client OSs to keep fileservers free of malware, so you definitely need it on every fileserver.
-
@tim_g said in AntiVirus on Servers?:
AV on a file server only protects against users stashing malware on there.
Well, my point was simple: If you don't protect your server too, you automatically trust either your clients, your IDS or both, whatever applies. If you put AV on a fileserver, you don't need to worry about proper AV - in terms of malware - on your IDS or clients, you check the files on your own.
For example, if someone's homedrive has malware.exe in it, the AV running on the file server will kill it.
This is file server OS agnostic, and should be on there regardless of OS. Simply being Linux does not protect against this.
You can't count on client OSs to keep fileservers free of malware, so you definitely need it on every fileserver.
OK, you basically wrote the same here
-
Yeah, the fileserver being Linux has no bearing. A file server is a file server. Users can put whatever they want on there, if they have write access.
Nobody plays on the fileserver itself, and most likely no GUI, so you don't need protections for that reason.
You just need a way to keep your directories clean and free of infectious files. There shouldn't be because a users computer accessing the fileserver in the first place should have the same AV, so from that point of view I can see why the server itself wouldn't need anything.
-
@tim_g said in AntiVirus on Servers?:
Yeah, the fileserver being Linux has no bearing. A file server is a file server. Users can put whatever they want on there, if they have write access.
Nobody plays on the fileserver itself, and most likely no GUI, so you don't need protections for that reason.
You just need a way to keep your directories clean and free of infectious files. There shouldn't be because a users computer accessing the fileserver in the first place should have the same AV, so from that point of view I can see why the server itself wouldn't need anything.
For file servers, do you have your antivirus set to on demand and have it on quick and full scan schedules?
-
@black3dynamite said in AntiVirus on Servers?:
@tim_g said in AntiVirus on Servers?:
Yeah, the fileserver being Linux has no bearing. A file server is a file server. Users can put whatever they want on there, if they have write access.
Nobody plays on the fileserver itself, and most likely no GUI, so you don't need protections for that reason.
You just need a way to keep your directories clean and free of infectious files. There shouldn't be because a users computer accessing the fileserver in the first place should have the same AV, so from that point of view I can see why the server itself wouldn't need anything.
For file servers, do you have your antivirus set to on demand and have it on quick and full scan schedules?
I put AV on all file servers. It never fails that it eventually finds things. It has in every case so far, which it shouldn't because all endpoints connecting to the file servers have the same AV the file servers use.
But to answer your question, it does different scans depending on the situation. I forget exactly what they are now without looking... But one is like after every definition update, a quick scan of some sort. A quick something after boot up, a full scan at some point. I'll have to look to get more specific.
I could be completely off, I don't remember.
-
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
-
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
I actually have a family member that leaves their common door unlocked all of the time. Common door meaning the door that they use all of the time and not the front door.
-
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
-
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
If the servers aren't "serving" anything out, then what would be the purpose of the servers?
-
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
-
@nerdydad said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
If the servers aren't "serving" anything out, then what would be the purpose of the servers?
AV only is for files, not other traffic. Which is nearly everything outside of the SMB. FIle sharing is a minor task percentage wise. Think about a database server, for example. Or a proxy, or a load balancer, or an XMPP server, or a PBX....
-
@nashbrydges said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
Nextcloud is a file server, so I'd use it there for sure.
-
@scottalanmiller said in AntiVirus on Servers?:
@nashbrydges said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
Nextcloud is a file server, so I'd use it there for sure.
Why? Because nextcloud itself does not ever execute the files.
-
@jaredbusch said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@nashbrydges said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
Nextcloud is a file server, so I'd use it there for sure.
Why? Because nextcloud itself does not ever execute the files.
To make sure people aren't sending infected or risky files.
-
@jaredbusch said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@nashbrydges said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
Nextcloud is a file server, so I'd use it there for sure.
Why? Because nextcloud itself does not ever execute the files.
In case things get put there, there is a chance to catch them without the clients having to catch them. Not real time AV, just scheduled.
-
@scottalanmiller said in AntiVirus on Servers?:
@nerdydad said in AntiVirus on Servers?:
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
If the servers aren't "serving" anything out, then what would be the purpose of the servers?
AV only is for files, not other traffic. Which is nearly everything outside of the SMB. FIle sharing is a minor task percentage wise. Think about a database server, for example. Or a proxy, or a load balancer, or an XMPP server, or a PBX....
I was also thinking of any possibility that a malicious program made its way onto a server intended for something other than file services. I should clarify that I'm only talking about a Windows Server. Load balancers running FreeBSD, DB on bare metal, etc I wouldn't think about putting it on those. Haha honestly, my post was more in the facetious now that I've re-read it.
I lacked more specific information in my post though about server OS or deliverable. That's my bad.