Backup box is clearly running Linux. It is slammed shut firewall-wise until backup time. It opens a port to a client system to push a script that shuts down it's network except to the backup box. Then it calls the AV to run on the client and send it's log to the backup box to verify clean. Alternatively, a vm launches on the backup box that does a CIFS mount and runs the AV tool that way. It then calls that client to begin backup to a temp space on backup box. Second AV tool is run on each file in the backup set then it's backed up to real backup solution space. Finally, client has firewall returned to normal and backup box shuts down it's network again.<br>
<br>Better solution is to not get the virus in the first place by using a known clean VM of the windows environment that is read-only. A snapshot is run as a thin client environment using a Samba served user space. No user has any admin privileges. The user space is scanned using a commercial AV tool (F-Prot is an excellent choice) while in use and the storage area on the Samba server is scanned again using a different tool. All network access is controlled, filtered (or just plain denied). If the OS shows a virus, the snapshot is tossed and a new copy produced for use.<br>
<br><div class="gmail_quote">On Tue, Jan 8, 2013 at 8:31 PM, Ron Frazier (ALE) <span dir="ltr"><<a href="mailto:atllinuxenthinfo@techstarship.com" target="_blank">atllinuxenthinfo@techstarship.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
I'm considering making a mini nas to run backups on here at home. It would probably have 2 - 4 TB of storage. My router has 1 USB port, so I could just attach a HDD to that. Or, I could get something like a Buffalo Link Station which holds two drives and attaches to the router.<br>
<br>
The main concern I've always had about having backup media attached all the time is that, if a virus got into the machine, it could attack and wipe out the backup drive.<br>
<br>
So, I need to know how to make a virus proof nas, such that at least one partition on the device is accessible only to the backup software for write mode. I don't care if everything can read the backup file, but I only want the backup software to be able to add new files, write to them, or delete them.<br>
<br>
I need something that can run while Windows 7 is running and backup using the volume shadow copy service. I also need it to be able to back up the ext4 Ubuntu partition on the PC's HDD, either by reading the native file system or by using a sector by sector approach. This way, I can just let the backups run periodically on their own and not worry about malware affecting the backup.<br>
<br>
Any help is appreciated.<br>
<br>
Sincerely,<br>
<br>
Ron<br>
<br>
<br>
--<br>
<br>
Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.<br>
Please excuse my potential brevity.<br>
<br>
(To whom it may concern. My email address has changed. Replying to former<br>
messages prior to 03/31/12 with my personal address will go to the wrong<br>
address. Please send all personal correspondence to the new address.)<br>
<br>
(PS - If you email me and don't get a quick response, you might want to<br>
call on the phone. I get about 300 emails per day from alternate energy<br>
mailing lists and such. I don't always see new email messages very quickly.)<br>
<br>
Ron Frazier<br>
770-205-9422 (O) Leave a message.<br>
linuxdude AT <a href="http://techstarship.com" target="_blank">techstarship.com</a><br>
<br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
</i></i></i></i>