I am looking for an Anti-Virus program.....

[bcummings]

I am looking for an Anti-Virus program that will run in my environment, which is a 64 bit IBM x3650 Server running FreeNAS-8.2.0-RELEASE-p1-x64 (r11950).

Somehow, our machine became infected (files, folders and O/S) and we spent a good deal of money & time removing it.

I am hoping that there is an AV program out there I can use. I see some old posts from 2011 but it looks like these went nowhere. I located a program called Avast that runs on Ubuntu and Linux but not sure about FreeNAS.

Any help or direction on this would be appreciated.

 

[cyberjock]

My recommendation would be to setup a file share with complete read and write access to your zpool. Then take one of your workstations and map the file share you created. Then do a scan. Yes, if you have TBs of data it could take a looong time, but I think that's the best option you have.

FreeNAS doesn't have much free space on the USB, so installing additional software(especially something as big as antivirus) is pretty much out of the question.

If your workstations all have antivirus(which they SHOULD) and you turn on their auto-protect or whatever its called the workstations should be scanning every file as they access it. So your network should clean itself up slowly but surely. But I'd still setup a machine as a dedicated scan just to make sure you find them all.

If your workstations are infected you have a bigger problem because now you'll also need to isolate the ones that are infected(assume they all are until you prove they aren't).

 

[toddos]

FreeNAS doesn't have much free space on the USB, so installing additional software(especially something as big as antivirus) is pretty much out of the question.

You shouldn't install any additional software to the main FreeNAS installation. It's an image that's loaded into memory on boot and the only thing it ever writes back to the USB drive is the configuration database. If you were to hack around (remount / to rw) and install software there, it would all be gone on your next reboot.

Instead, you can install software to the plugin jail. ClamAV is available, and you could install that package inside the jail (pkg_add -r clamav), mount all of your datasets to the jail, and set clamav to scan them. I would only do this if you can't trust your client machines to run their own AV solutions, but that's apparently the case if your data storage has been infected already.

 

[JaimieV]

running FreeNAS-8.2.0-RELEASE-p1-x64 (r11950).

Somehow, our machine became infected (files, folders and O/S)

Are you saying your FreeNAS *OS* was infected? As toddos says, the only writeable thing on the OS USB stick is the configuration database - which cannot host viruses. The OS itself is mounted read-only, and cannot be written to without the root password. Not to mention there aren't any cross-platform viruses (etc) that could bother both Windows and the restricted FreeBSD install that makes up FreeNAS.

Mind you, folders can't be infected either. Only files and bootblocks.

If you mean the client machine OSes were infected, that's understandable.

 

[bcummings]

Are you saying your FreeNAS *OS* was infected? As toddos says, the only writeable thing on the OS USB stick is the configuration database - which cannot host viruses. The OS itself is mounted read-only, and cannot be written to without the root password. Not to mention there aren't any cross-platform viruses (etc) that could bother both Windows and the restricted FreeBSD install that makes up FreeNAS.

Mind you, folders can't be infected either. Only files and bootblocks.

If you mean the client machine OSes were infected, that's understandable.

Yes. The OS was apparently infected. We used ESET File Security for Linux / BSD / Solaris” and it found “Virus.Linux.Vit.4096. When we copied the files off to a removable drive and scanned them, there were 23 other files infected with things like "Insdrv.exe (Trojan.Gen.2), frxexp.tdb (Bloodhound.Exploit.183)", etc..

We are using FreeNAS as an FTP server only, although we have considered putting a Windows share on it as an additional backup device. I see in a previous thread the suggestion to "set up a file share with complete read and write access to your zpool" and then scan from a workstation.

The idea presented by toddos and using the plugin jail looks interesting as well.

Has anyone ever tried either of these solutions?

 

[JaimieV]

Virus.Linux.Vit.4096 only infects Linux systems, it can't even run under FreeBSD. Generally speaking once one Windows virus gets embedded, it'll start downloading dozens of its best virus and malware friends and scatter them everywhere it can. The other named ones are all Windows viruses, again cannot run or infect FreeBSD. These items can certainly be files found in the FreeNAS data stores, but won't be active and won't have affected the FreeBSD OS at all.

Both recommendations are good, the choice is probably down to choosing the tradeoff of either network resources (use a Windows machine to scan) or local CPU+RAM resources (plugin jail). Which is best depends on your setup.

 

[cyberjock]

I prefer to have each workstation do its own virus scanning when it opens files on network shares. Symantec Endpoint Protection and McAfee both do this by default last time I checked. I prefer to let each workstation control its own destiny of what gets infected or not instead of trusting 1 machine to handle all of the virus scanning for the network shares.

 

[Joshua Parker Ruehlig]

Yeah, those aren't files taht could even execute in FreeBSD. somehow may have gotten into your box, but it was a person, not a self spreading infection. Nothing to cleanup.. just boost your security