Are NAS systems popular enough for Commercial AV?

[JoeAtWork]

Hi All,

I am checking to see if NAS Appliances have got very far in Corporate settings were EVERY device MUST have brand X security software installed on it?

Do any security vendors support TrueNAS?

1. McAfee
2. Symantec
3. Malwarebytes
4. Bitdefender
5. Avast
6. SentineOne
7. ESET
8. Kaspersky
9. F-Secure
10. AVG

How would these vendors get started with iXsystems to make this happen?

Thanks,
Joe

 

[jgreco]

In general, while there have been some ports to UNIX by a few vendors, these have generally languished and are so expensive that they are unpopular, and they also tend to be limited in functionality and scope. It is quite common for UNIX platforms to use ClamAV or, perhaps, Sophos or McAfee.

In an environment such as PCI-DSS where "EVERY device MUST" have thing X, typically it is simply documented that thing X isn't available for UNIX device Y. This typically flies a bit better with the auditor if you can simultaneously say "but ClamAV is installed," but nonavailability of an option is something that is very much a situation you have to cope with.

This really has nothing to do with iXsystems or TrueNAS. If an antivirus vendor wants to get onto UNIX, they need to port their platform to UNIX and define a scope. Because most AV-ware is targeted at Windows, it is common for these things to only have on-demand file scanning and e-mail filtering as an option. They are usually not integrated tightly into UNIX to provide "on-demand" scanning.

Integration with a NAS would probably happen through Samba somehow.

 

[anodos]

No Unix A/V products I'm aware of scan xattrs for malware. Since these are exposed over SMB protocol, it means that all a malware author needs to do to circumvent scanning is to simply write the payload to an alternate data stream. This limits the usefulness of the Unix products, and hence somewhat disinclined to do anything to integrate on the Samba-side (I'd rather not give an impression that something is more "protected" than it really is). On the other hand, it's not that hard to configure periodic scans of SMB shares via an SMB client.

 

[winnielinnie]

No Unix A/V products I'm aware of scan xattrs for malware. Since these are exposed over SMB protocol, it means that all a malware author needs to do to circumvent scanning is to simply write the payload to an alternate data stream.

I thought only SMB1 exposes xattrs? From what I understand, SMB2/3 dropped support for xattrs. Unless I'm misinterpreting what you meant?

 

[anodos]

I thought only SMB1 exposes xattrs? From what I understand, SMB2/3 dropped support for xattrs. Unless I'm misinterpreting what you meant?

You can query xattrs over SMB2/3. Alternate datastreams are also supported over SMB 2/3. The latter are written to the local filesystem as xattrs with a special prefix written to the xattr name, the former have no prefix.