Antivirus Question - 1 Computer To Scan/Protect Others On A Network..

Discussion in 'other anti-virus software' started by chrome_sturmen, Feb 27, 2016.

  1. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    I haven't put alot of thought into this, so if it seems strange do forgive me:

    Say you have 3 computers on a network - 1, A & B.

    Say you turned on file-sharing on systems A & B, Then on system 1, you mapped those network drives from A & B.

    Then you did your virus scanning on A & B, from system 1 (or even turned on real-time monitoring for those network drives through system 1 *puppy* )

    Would that eliminate the need for antivirus on systems A & B ?
    Seems a strange idea*puppy*
     
  2. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @chrome_sturmen

    Using network filesystems for this would probably open up waaaay more holes than it could possibly close.

    Also, locked files could not be scanned this way - you would need a local driver to bypass the file locks.

    I have to commend you on coming up with this idea though. :) It's probably not unlike how a cloud AV would work, with a local "cloud" hosted on a dedicated machine. I believe business versions of some current AVs offer this.

    ...

    FWIW a better implementation might use a dedicated client/server architecture.

    The client could be very minimal - a driver to bypass file locks and intercept execution, and a service keeping a database of file checksums, for instance. If it encountered an unknown checksum, it would upload the executable to the server machine (over an encrypted connection) to have it scanned.

    Edit: on a related note, you might want to look into HIDS software such as Tripwire and OSSEC. Tripwire in particular can keep an encrypted database of checksums.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Something like Sophos UTM?
     
  4. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    Sophos UTM (Unified Threat Management).. from what I've read it's basically appliance firewall software with Sophos antivirus functionality included - which would make it comparable to Pfsense with Clam AV. Apparently both these offer only http scanning (which of course covers a major threat vector)

    I suppose it would be better to use something like one of these, rather than running a windows machine to map network-shared drives for scanning -- in order for the host machine to scan the c: drive it would have to be shared over the lan.. sharing the c: drives of 3 or 4 computers would be bad if network security were compromised. Too much potential for privacy breach /against the minor convenience of not having to install an antivirus on client machines - as light as many avs are today there is really no reason not to have one installed on every client on a network.

    The UTM looks like an excellent first-line of network and antivirus defense - that, and a light av on each client machine would probably be the way to go.
    Gullible Jones, J L, thanks both for thoughts :shifty:
     
  5. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    26
    router with av within?
     
Loading...