Antivirus Software on NAS, TrueNAS: SentinelOne

[JoeAtWork]

Hi All,

Not that FreeBSD or Linux have virus issues like Microsoft Windows but we do have users....

Our company has standardized on SentinelOne and I need the client to run on the NAS, I would also need exclusions as well.

Is there any enterprise AV software that is getting certified to run on TrueNAS?

Thanks,
Joe

 

[Patrick M. Hausen]

ClamAVNet

www.clamav.net

 

[JoeAtWork]

ClamAVNet

www.clamav.net

Hi Patrick,

Once a company standardizes on a solution it is very difficult to ask for alternate to be supported. I do not see any commercial AV supporting TrueNAS, I do see commercial support for Synology NASes.

I think iXsystems needs to work with some of these software vendors. Maybe send them a mini to have them publish software for TrueNAS.

Thanks,
Joe

 

[Patrick M. Hausen]

What exactly is any AV software on a storage system supposed to do in the concept of your company?

Live scanning each file access? My experience is that this does not work, plain and simple. We had fortune 500 customers with large (~50 Linux VMs) portal solutions demand that the "standard AV" must be deployed. They ran their own infrastructure, so they could deploy whatever they liked. We just delivered the portal application software. Turned out the portal froze to a halt. And that was that.

 

[awasb]

How is that supposed to increase security? (I mean: AV … at all?)

 

[nikkon]

Is not

 

[JoeAtWork]

What exactly is any AV software on a storage system supposed to do in the concept of your company?

Live scanning each file access? My experience is that this does not work, plain and simple. We had fortune 500 customers with large (~50 Linux VMs) portal solutions demand that the "standard AV" must be deployed. They ran their own infrastructure, so they could deploy whatever they liked. We just delivered the portal application software. Turned out the portal froze to a halt. And that was that.

a good av administrator knows how to apply exclusions.

 

[JoeAtWork]

How is that supposed to increase security? (I mean: AV … at all?)

corporate standards

 

[awasb]

Well … no pity.

Every antivirus software must have parsers for x file types. „Could be malware in there.“ Suddenly you've got more attack surface.

I'm safe against PDF exploits, for example, if I don't have a PDF reader. 100%. Unless I have antivirus snake oil looking into PDFs. Hooray! New attack vector. Even _without_ any PDF-Apps.

The snake oil salesmen always proudly try to tell me how many viruses their product supposedly detects. (Ask your snake oil vendor's sales rep how many file formats their software can scan. Ask the question in such a way that it sounds as if you think it is advantageous if the software reads/detects many file formats.) Recalculate the _vectors_ by comparing with the installed apps.

Uninstall antivirus.

Avoiding unnecessary attack surfaces is the oldest measure in IT security. Shutting down services you don't need. Close ports that are not needed. Filter IPs that do not need to be accessible. Uninstalling software that is not needed.

Snake oil is the antithesis and the complete opposite of this measure, and somehow nobody (in the compliance department, however) seems to notice it.