[ale] how do I make a virus proof nas?

Erik Mathis erik at mathists.com
Wed Jan 9 13:36:05 EST 2013 

http://ubuntuforums.org/archive/index.php/t-52385.html

That looks interesting. (windows has had this for years) basiclly it 
looks like it preforms a clamscan on the file onces it written out.


-Erik-


On 01/08/2013 10:54 PM, Jim Kinney wrote:
> Backup box is clearly running Linux. It is slammed shut firewall-wise 
> until backup time. It opens a port to a client system to push a script 
> that shuts down it's network except to the backup box. Then it calls 
> the AV to run on the client and send it's log to the backup box to 
> verify clean. Alternatively, a vm launches on the backup box that does 
> a CIFS mount and runs the AV tool that way. It then calls that client 
> to begin backup to a temp space on backup box. Second AV tool is run 
> on each file in the backup set then it's backed up to real backup 
> solution space. Finally, client has firewall returned to normal and 
> backup box shuts down it's network again.
>
> Better solution is to not get the virus in the first place by using a 
> known clean VM of the windows environment that is read-only. A 
> snapshot is run as a thin client environment using a Samba served user 
> space. No user has any admin privileges. The user space is scanned 
> using a commercial AV tool (F-Prot is an excellent choice) while in 
> use and the storage area on the Samba server is scanned again using a 
> different tool. All network access is controlled, filtered (or just 
> plain denied). If the OS shows a virus, the snapshot is tossed and a 
> new copy produced for use.
>
> On Tue, Jan 8, 2013 at 8:31 PM, Ron Frazier (ALE) 
> <atllinuxenthinfo at techstarship.com 
> <mailto:atllinuxenthinfo at techstarship.com>> wrote:
>
>     Hi all,
>
>     I'm considering making a mini nas to run backups on here at home.
>      It would probably have 2 - 4 TB of storage.  My router has 1 USB
>     port, so I could just attach a HDD to that.  Or, I could get
>     something like a Buffalo Link Station which holds two drives and
>     attaches to the router.
>
>     The main concern I've always had about having backup media
>     attached all the time is that, if a virus got into the machine, it
>     could attack and wipe out the backup drive.
>
>     So, I need to know how to make a virus proof nas, such that at
>     least one partition on the device is accessible only  to the
>     backup software for write mode.  I don't care if everything can
>     read the backup file, but I only want the backup software to be
>     able to add new files, write to them, or delete them.
>
>     I need something that can run while Windows 7 is running and
>     backup using the volume shadow copy service.  I also need it to be
>     able to back up the ext4 Ubuntu partition on the PC's HDD, either
>     by reading the native file system or by using a sector by sector
>     approach.  This way, I can just let the backups run periodically
>     on their own and not worry about malware affecting the backup.
>
>     Any help is appreciated.
>
>     Sincerely,
>
>     Ron
>
>
>     --
>
>     Sent from my Android Acer A500 tablet with bluetooth keyboard and
>     K-9 Mail.
>     Please excuse my potential brevity.
>
>     (To whom it may concern.  My email address has changed.  Replying
>     to former
>     messages prior to 03/31/12 with my personal address will go to the
>     wrong
>     address.  Please send all personal correspondence to the new address.)
>
>     (PS - If you email me and don't get a quick response, you might
>     want to
>     call on the phone.  I get about 300 emails per day from alternate
>     energy
>     mailing lists and such.  I don't always see new email messages
>     very quickly.)
>
>     Ron Frazier
>     770-205-9422 (O)   Leave a message.
>     linuxdude AT techstarship.com <http://techstarship.com>
>
>
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
>
>
>
>
> -- 
> -- 
> James P. Kinney III
> ////
> ////Every time you stop a school, you will have to build a jail. What 
> you gain at one end you lose at the other. It's like feeding a dog on 
> his own tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> ////
> http://electjimkinney.org
> http://heretothereideas.blogspot.com/
> ////
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130109/b8bffac8/attachment.html>

More information about the Ale mailing list