antiviral On unix system? (253 Views)
Reply
Advisor
farhi
Posts: 47
Registered: ‎11-09-2000
Message 1 of 9 (253 Views)
Accepted Solution

antiviral On unix system?

I have a cluster with two Rp5470 servers, and my customer asks me to integrate an antiviral solution there, and I don't know how to convince him that it???s useless in such environment. I will like to know if I am right and if it is yes, could someone give me elements (documents???) to convince him. I would be you very thankful. It???s very urgent.
Hold to forgiveness; command what is right; but turn away from the ignorant.
Honored Contributor
Sridhar Bhaskarla
Posts: 6,350
Registered: ‎08-15-2001
Message 2 of 9 (253 Views)

Re: antiviral On unix system?

Hi,

There is nothing called virus on the UNIX systems. But there are programs called "trojen horses" that could damage the OS. So, it is essential that you keep your system secure. You have to tighten the system in all possible ways. The following document can help you in securing the system.

http://people.hp.se/stevesk/bastion11.html

Regular auditing for logins, su attempts is very necessary. root's password must be kept secret and strict password policies are to be implemented.

Following is a simple example what will happen if the system is not secured. Say .profile of root is with world-wide permissions. So an ordinary user can modify the profile and keep the following entry

PATH=/somewhere:$PATH

Then he will keep a small script called ll in /somewhere that reads

#!/usr/bin/ksh
echo "myuser hostname" >> /.rhosts
/usr/bin/ll $1

Next time when root logs in and executes ll, there will be no difference for root. However, the user will get added to the .rhosts file of root and could do anything on the system.

-Sri


You may be disappointed if you fail, but you are doomed if you don't try
Honored Contributor
Sridhar Bhaskarla
Posts: 6,350
Registered: ‎08-15-2001
Message 3 of 9 (253 Views)

Re: antiviral On unix system?

Hi (Again),

Though Unix systems won't get infected by viruses,they can be carriers of virus. For ex., if your unix server is a mail server and is accessed by PC clients, there is a possibility of virus being introduced into the mailboxes through PCs. They may not affect UNIX but can spread to other PCs depending on how they are accessed.

So, there are anti-viral softwares available depending on the software you use.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Advisor
farhi
Posts: 47
Registered: ‎11-09-2000
Message 4 of 9 (253 Views)

Re: antiviral On unix system?

Thank you Sri, but I really need document to show my customer to convince him that is no virus in Unix environment.
Regards
Hold to forgiveness; command what is right; but turn away from the ignorant.
Honored Contributor
Sridhar Bhaskarla
Posts: 6,350
Registered: ‎08-15-2001
Message 5 of 9 (253 Views)

Re: antiviral On unix system?

Hi,

Try this documentation as provided by HP.


http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000063248035

If it doesn't work, then go to itrc.hp.com, click on search knowledge database, change the criteria to "select by Doc.ID", enter KBRC00008034 and then click search.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Honored Contributor
harry d brown jr
Posts: 8,418
Registered: ‎12-12-2000
Message 6 of 9 (253 Views)

Re: antiviral On unix system?


Start here http://www.users.qwest.net/~eballen1/virefs.html

live free or die
harry
Live Free or Die
Exalted Contributor
Steven E. Protter
Posts: 33,806
Registered: ‎08-15-2002
Message 7 of 9 (253 Views)

Re: antiviral On unix system?

There actually is source code available for a Unix virus checker. Its designed for Linux but if you are a hard worker, you might get it to compile and run on HP-UX.

It is pretty useless however, since mostly you'll just zap mail attachments on their way to PC's that should be protected anyway.

Bastille would be helpful, it hardens security.

https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6849AA&date=

Here is a link to an anti virus thread.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x697aef70e827d711abdc0090277a778c,00.html

There are links to a pulic domain gnu type virus checking software for Linux.

P
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Advisor
farhi
Posts: 47
Registered: ‎11-09-2000
Message 8 of 9 (253 Views)

Re: antiviral On unix system?

Hi,
doc.ID KBRC00008034 gives no result.
Hold to forgiveness; command what is right; but turn away from the ignorant.
Honored Contributor
Robert-Jan Goossens
Posts: 7,384
Registered: ‎04-04-2000
Message 9 of 9 (253 Views)

Re: antiviral On unix system?

Hi,

Can HP-UX be attacked by a virus?

date: 9/20/01
document description: Can HP-UX be attacked by a virus?
document id: KBRC00008034

You may provide feedback on this document

Can HP-UX be attacked by a virus?
DocId: KBRC00008034 Updated: 9/24/01 4:36:00 AM
PROBLEM
Can HP-UX be attacked by a virus? Is there anti-virus HP-UX software?
RESOLUTION

"Trojans" for UNIX, can exist and would very easy to script. For example: a
script that calls /sbin/rm -f /* executed by root will delete the files under /
(exception would be /sbin and /sbin/rm and the shell because they are in use).
While some people consider trojans a virus, they are not.

A virus has certain characteristics which would define them as a virus. First,
a virus is usually memory resident. This means that the virus sits in memory
and looks for keys to attack files. Usually the dos extension to the file
name, for example .exe files and .com files. Next, a virus must be at least a
nuisance, like writing "hacked by chinese" in the case of CodeRed. It also
causes an unwanted change to an attacked file. A program that sat in memory and
wrote ficticous message to files would be a virus. A virus must also spread
itself in one way or another.

Because the virus usually needs a trigger (like the .bat, .exe or some other
executable) a UNIX virus is much more difficult to create. Since /usr/bin/rm is
an executable not denoted by rm.exe, the virus would not be able to tell by
name what is an executable to infect and spread, and what is not. /etc/hosts
would look the same to a virus as /etc/ping. A virus would have to be huge to
sit in memory and be able to stat all files, run magic, check bits, etc...
to know how to spread.

Next, in UNIX the kernel is memory resident. When the system boots the kernel,
it is read only. The kernel sits in memory until system shutdown. If a virus
was to infect the kernel, it would not be effective until the system was
rebooted with the bad kernel. In Win/XXXX the kernel sits on a disk, and is
constantly accessed.

The next problem with running a virus in UNIX is that the virus can only run at
the access level of the user who executes the program. For example: if johndoe
executes the program, the program can only affect johndoe's processes and
files. Anything owned by root, and bettysue would be unaffected. The virus
could only do wide spread system damage if the super-user root executed the
virus. This severely limits the ability of a virus in UNIX. Windows NT and
2000 also have multi-leveled access for processes, but the implementation is
very easy to bypass.

In SunOS and Linux, the virus scanning software that is available is NOT for
UNIX/Linux protection, but Microsoft Windows protection. The software is made
to scan data shared to and from Windows boxes.

The best defense in UNIX to the Virus threat is common sense, built in UNIX
functionality, and basic security measures.

Based on this information, viruses do not pose a threat to a Unix system, where
as anyone with root access does. Limit or do not give out root access.

ALT KEYWORDS
unix, hpux, virus, virii, anti-viral
You may provide feedback here

To help us improve our content, please provide feedback and any additional comments below. If you have a problem or a question that needs immediate attention, please submit a call or contact your HP Response Center instead.
Robert-Jan.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.