I haven't put alot of thought into this, so if it seems strange do forgive me: Say you have 3 computers on a network - 1, A & B. Say you turned on file-sharing on systems A & B, Then on system 1, you mapped those network drives from A & B. Then you did your virus scanning on A & B, from system 1 (or even turned on real-time monitoring for those network drives through system 1 ) Would that eliminate the need for antivirus on systems A & B ? Seems a strange idea
@chrome_sturmen Using network filesystems for this would probably open up waaaay more holes than it could possibly close. Also, locked files could not be scanned this way - you would need a local driver to bypass the file locks. I have to commend you on coming up with this idea though. It's probably not unlike how a cloud AV would work, with a local "cloud" hosted on a dedicated machine. I believe business versions of some current AVs offer this. ... FWIW a better implementation might use a dedicated client/server architecture. The client could be very minimal - a driver to bypass file locks and intercept execution, and a service keeping a database of file checksums, for instance. If it encountered an unknown checksum, it would upload the executable to the server machine (over an encrypted connection) to have it scanned. Edit: on a related note, you might want to look into HIDS software such as Tripwire and OSSEC. Tripwire in particular can keep an encrypted database of checksums.
Sophos UTM (Unified Threat Management).. from what I've read it's basically appliance firewall software with Sophos antivirus functionality included - which would make it comparable to Pfsense with Clam AV. Apparently both these offer only http scanning (which of course covers a major threat vector) I suppose it would be better to use something like one of these, rather than running a windows machine to map network-shared drives for scanning -- in order for the host machine to scan the c: drive it would have to be shared over the lan.. sharing the c: drives of 3 or 4 computers would be bad if network security were compromised. Too much potential for privacy breach /against the minor convenience of not having to install an antivirus on client machines - as light as many avs are today there is really no reason not to have one installed on every client on a network. The UTM looks like an excellent first-line of network and antivirus defense - that, and a light av on each client machine would probably be the way to go. Gullible Jones, J L, thanks both for thoughts