lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: kevin.cherry at leggett.com (Kevin Cherry)
Subject: antivirus s/w

One product you might want to look into is Cisco Security Agent or CSA.
CSA runs on all NT Class machines and works as a kind of a Personal
Firewall.  It does this through OS behavior monitoring and then reports
any suspicious activity to a centralized console called VMS.  The VMS
console can read the log information leading up to a successful block
and compare that information from other CSA agents running on other
machines to determine if a new rule needs to be generated and pushed out
to the clients to block a new worm or attack that may be active on your
network.  CSA's rules can be customized down to a very detailed level
and provides a proactive approach for combating new viruses and system
compromise attempts and it does not need any definitions to do so,
because it works by monitoring OS behavior.  CSA will also work in
combination with Cisco VPN concentrators by only allowing machines that
have CSA running to connect to the VPN.  Here are some links for more
info.

http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/

If I made any mistakes in my description please let me know as I only
told this information at Cisco Security Seminar and I may have forgot
some things 
or explained them incorrectly.


Kevin




-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Gadi Evron
Sent: Tuesday, January 27, 2004 5:10 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] antivirus s/w

Patrick J Okui wrote:

 > Hi all,
 >
 > (.*flames.*>/dev/null)
 >
 > 1. I'm trying to decide on an AV solution for a campus wide n/w.
 > I'm basically looking for something that'll respond as quick as
 > possible to new viruses. I'm currently evaluating NAV, and Fprot.
 > Any other suggestions/recomendations?

To install on every workstation or to filter malware from email?

 >
 > 2. Fprot have an AV 4 linux/bsd workstations....does this just
 > scan for virii from infected winbloze or are there un*x virii i'm
 > ignorant about?

A better question would be.. rootkits?

	Gadi Evron




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ