Any AV that provides realtime plus on-demand/manual scan (of a file/folder tt we can specify) for Solaris x86, RHEL & Windows platforms?

We have a mix of RHEL 5, RHEL 6 (all 64bits) & Solaris 10 x86 (we have both 32 plus 64 bits & planning
to add on Solaris 11 x86)  plus Win2008 R2 & Win 2012 (all Windows are 64bits).

Q1:
Anyone know of any efficient AV/antimalware scan that supports all the above platforms in realtime
plus on-demand (which we can specify specific files/folders to be scanned) scans?

Q2:
We've run into AV on-demand scans that go on for days (esp it scan Solaris Fifo & socket files or very slow
scans of terminfo files) so a good vendor support that could advise what to skip & how to tune for best
efficiency (so as not to affect production services/applications) is crucial

Q3:
Does ClamAV comes free with ClamFS?  Understand when both combined together could provide
Realtime plus on-demand scan for Linux & Solaris (but I'm not sure if it's Solaris x86 or Sparc
Solaris) platforms, is this right?
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Q1 - taking an estimate from wiki, easily Windows and MacOSX is well supported. Linux is next best supported by majority of AV providers. Otherwise, for Oracle Solaris, it left with ClamAV, F-PROT and Panda Security https://en.wikipedia.org/wiki/Comparison_of_antivirus_software and apparently based on Solaris old blog stated a list of AV and F-PROT included. So probably good to engage the latter to be more specific on req for file scanning. There is mentioned for Panda Security on Linux but more of endpoint s/w scanner and not AV (also stated such scanner not running - maybe due to config though).

 Q2/Q3 - ClamFS uses ClamAV engine instead. I do believe it is separate. Apparently ClamFS ceased ti exist even in Sourceforge and it should already be part of Debian build package.
https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=clamfs

But since ClamFS uses clamd and uses xml to go for the path scanning e.g. below. Maybe a way is to see ClamAV conf file has such similar fields...
<clamd socket="socket file for ex: /var/run/clamav/clamd.sock" />
<filesystem root="PathToScan" />
<filesystem mountpoint="Copy Of PathToScan" />

See also below on alternative including mention of ClamFS.
http://www.experts-exchange.com/OS/Linux/Distributions/Q_26274172.html#a33042980
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
So is there any chance I can still get a working ClamFS for Solaris 10 x86 and RHEL5+RHEL 6 ?
Ideally I don't have to 'make' or compile the source codes but a ready-to-use binary for the above
platforms plus Windows
0
btanExec ConsultantCommented:
ClamFS sourceforge cease to exist as you already know too. not that I know of exact copy for those OS stated though there are download for the Linux build
http://linux.freedow123.info/clamfs-100-35d98a92.html
Otherwise is from Debian OS http://ftp.uni-stuttgart.de/gentoo-x86-portage/sys-fs/clamfs/
Wondering if there is any LiveCD that can be run off (debian has liveCD - https://www.debian.org/CD/live/). The whole listing of public sharing is at http://livecdlist.com/ which there is no sight of clamfs apparently.

Can be tough overall to push in for the OS stated.
0
gheistCommented:
clamfs is selective fuse overlay, not full system scan (say ftp server, not /boot) . I know hpedv, sophos and mcafee scans all in their enterprise versions, typical scenario would be to let mailer scan incoming mails and web proxy scan incoming pages which in turn does not require resident filesystem interception.

A1: none is efficenat
A2: the usual vendor support states to exclude such files, like database stores etc.
A3: NO
0
btanExec ConsultantCommented:
Cannot depend on AV scanning alone either and central mgmt. push of patch is also a hassle to get it updated as well as NAC remediation (on top of the OS fixes). Regardless, ClamFS which is part of Debian is just a good to have but really hips is the one to consider in lockdown and safeguard your systems.

may consider F-Proto - see chart (F-PROT Antivirus for Linux, F-PROT Antivirus for Solaris)http://www.f-prot.com/support/customer_service/18.html

no clear cut candidate till tried out then...file scanner should be part of it as base but better have those support to state and the best practice - by default those system is not included (typically)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.