tomexx
Posts: 122
Joined: Thu Nov 01, 2012 4:58 pm
Location: Kitchener, ON, Canada, Earth
Contact: Website

Antivirus for Raspberry Pi on a corporate network

Tue Jun 05, 2018 12:51 pm

Hi,
Need a good antivirus commendation to be used on a Pi 3 in a corporate environment mostly running windows.

...and no, answers like "Linux doesn't get viruses" or "you don't need one" etc are not really helpful since I have to sell this to the IT department that wants antivirus on everything that is connected to a their network.

Thanks,
Tomexx


tomexx
Posts: 122
Joined: Thu Nov 01, 2012 4:58 pm
Location: Kitchener, ON, Canada, Earth
Contact: Website

Re: Antivirus for Raspberry Pi on a corporate network

Tue Jun 05, 2018 1:06 pm

thanks i486, used to have a 486DX running at super speed of 40Mhz... yes, I'm that old. ;)

I did search on different linux A/Vs but was hoping that someone here had an experience of running one on a Pi. Something that will make IT happy but will not slow down my cpu too much.

so far i found clamAV, Sophos, Comodo, F-Secure, Dr.Web but don't know how many of these can run nicely on the Pi.

Thanks
Tomexx

User avatar
mahjongg
Forum Moderator
Forum Moderator
Posts: 12355
Joined: Sun Mar 11, 2012 12:19 am
Location: South Holland, The Netherlands

Re: Antivirus for Raspberry Pi on a corporate network

Tue Jun 05, 2018 1:15 pm

tomexx wrote:
Tue Jun 05, 2018 1:06 pm
thanks i486, used to have a 486DX running at super speed of 40Mhz... yes, I'm that old. ;)

I did search on different linux A/Vs but was hoping that someone here had an experience of running one on a Pi. Something that will make IT happy but will not slow down my cpu too much.

so far i found clamAV, Sophos, Comodo, F-Secure, Dr.Web but don't know how many of these can run nicely on the Pi.

Thanks
Tomexx
You will need one that you can compile from sourcecode for the ARM chip in the raspberry PI.

ClamAV is open source.

tomexx
Posts: 122
Joined: Thu Nov 01, 2012 4:58 pm
Location: Kitchener, ON, Canada, Earth
Contact: Website

Re: Antivirus for Raspberry Pi on a corporate network

Tue Jun 05, 2018 1:20 pm

thanks, clamAV seem to come up pretty often in my searches.

tomexx
Posts: 122
Joined: Thu Nov 01, 2012 4:58 pm
Location: Kitchener, ON, Canada, Earth
Contact: Website

Re: Antivirus for Raspberry Pi on a corporate network

Tue Jun 05, 2018 4:16 pm

well, if there're no other suggestions, I'll have to recommend clamAV.

Thanks,
Tomexx

snakepit
Posts: 9
Joined: Tue Jun 05, 2018 7:31 pm

Re: Antivirus for Raspberry Pi on a corporate network

Tue Jun 05, 2018 7:39 pm

Removing post.
Last edited by snakepit on Tue Jun 05, 2018 11:48 pm, edited 1 time in total.

User avatar
Roken
Posts: 308
Joined: Sun Dec 31, 2017 4:35 pm
Location: UK

Re: Antivirus for Raspberry Pi on a corporate network

Tue Jun 05, 2018 9:29 pm

Honestly, there have only ever been two viruses released into the wild for Linux, and both still require user intervention to give them su access, so any AV product is redundant.

ClamAV will, however, give Windows clients some comfort, since it will help protect them should an infected file get shared from a Linux machine.
Headless PI. OMG, someone cut it's head off. Oh, hang on. it didn't have one to start with.

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: Antivirus for Raspberry Pi on a corporate network

Thu Jun 07, 2018 8:03 am

tomexx wrote:
Tue Jun 05, 2018 12:51 pm
Hi,
Need a good antivirus commendation to be used on a Pi 3 in a corporate environment mostly running windows.
The first question should probably be what's the purpose of the AV software.
  1. Is it to keep the Corporate/Security people happy
  2. Is it to protect Windows users from things that might be shared/sent from the Pi
  3. Is it to protect the Pi from nasty actions against it.
In the case of 1. or 2. then something like ClamAV (as already suggested) would probably suffice. For 3. you might be looking more at rootkit detection and unauthorised modification so things like rkhunter and tripwire might be better.

i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Re: Antivirus for Raspberry Pi on a corporate network

Thu Jun 07, 2018 12:06 pm

I think it is only 1. because of this: "...the IT department that wants antivirus on everything that is connected to a their network."

For that reason any AV will do the job. I don't know what they will do if network printer is installed.
Last edited by i486 on Thu Jun 07, 2018 12:23 pm, edited 1 time in total.

User avatar
mahjongg
Forum Moderator
Forum Moderator
Posts: 12355
Joined: Sun Mar 11, 2012 12:19 am
Location: South Holland, The Netherlands

Re: Antivirus for Raspberry Pi on a corporate network

Thu Jun 07, 2018 12:18 pm

A potential problem will be that you will probably need to get the source code, so you can compile it for the ARM CPU in the PI.

Ernst
Posts: 1247
Joined: Sat Feb 04, 2017 9:39 am
Location: Germany

Re: Antivirus for Raspberry Pi on a corporate network

Thu Jun 07, 2018 1:16 pm

tomexx wrote:
Tue Jun 05, 2018 12:51 pm
Hi,
Need a good antivirus commendation to be used on a Pi 3 in a corporate environment mostly running windows.

...and no, answers like "Linux doesn't get viruses" or "you don't need one" etc are not really helpful since I have to sell this to the IT department that wants antivirus on everything that is connected to a their network.

Thanks,
Tomexx
You are wasting your time, there is no satisfactory answer obtainable here.

If your corporate IT environment requires virus protection on all devices connected to the corporate network then it will also require that the virus protection software and signatures are updated almost continuously. (effectively daily). If you do find a solution then you may have a problem convincing the virus protection group (sometimes part of Information Security) of your solution.

Before I give you my recommendation I must alert you to the problem that the information security department may want you to lock up your system so that they can not be seen as a security risk and can only be administered by "trusted" administrators.

My recommendation is that you do not talk to your IT department because these people are responsible for running systems/applications used by the users. Instead contact your information security department and ask who you should contact about virus protection for Linux/Unix systems (NO, DO NOT MENTION RASPBERRY), next find out what is recommended/mandated for Linux, if there is a corporate license and update service (sw and signatures) and take a good look at what they advise. If they do not have a solution then ask then what can be done to satisfy the IT-department. If they do have a solution then ask for details, study the information to see if raspberry is supported and only then ask the question about raspberry support to ensure compliance with the corporate IT requirements.
Last edited by Ernst on Sat Jun 09, 2018 8:20 am, edited 1 time in total.
The road to insanity is paved with static ip addresses

Aydan
Posts: 700
Joined: Fri Apr 13, 2012 11:48 am
Location: Germany, near Lake Constance

Re: Antivirus for Raspberry Pi on a corporate network

Fri Jun 08, 2018 1:26 pm

mahjongg wrote:
Thu Jun 07, 2018 12:18 pm
A potential problem will be that you will probably need to get the source code, so you can compile it for the ARM CPU in the PI.
There is an armhf package for clamAV in the debian repos:
https://packages.debian.org/search?suit ... rds=clamav
So it should be in Raspbian as well.

Regards Aydan

mikerr
Posts: 2782
Joined: Thu Jan 12, 2012 12:46 pm
Location: UK
Contact: Website

Re: Antivirus for Raspberry Pi on a corporate network

Fri Jun 08, 2018 1:34 pm

There is also Maldet (generally used in hosting environments)

https://www.rfxn.com/projects/linux-malware-detect/
Android app - Raspi Card Imager - download and image SD cards - No PC required !

echmain
Posts: 242
Joined: Fri Mar 04, 2016 8:26 pm

Re: Antivirus for Raspberry Pi on a corporate network

Fri Jun 08, 2018 8:06 pm

I know exactly what the OP is talking about.

Where I work, they won’t let a computer connect to the network unless the machine is in full compliance and it gets tested upon every boot up.

That means security software utilites must be installed, specific o/s patches must be installed, etc. Our laptops are incredibly locked down.

Normally, software updates are pushed down by IT but every now and then a problem happens. I couldn’t log on because ONE specific Windows 7 security patch K123xyz hadn’t been installed.

They are only just recently beginning to certify Windows 10 machines.

This is just the way of life at certain companies.

ejolson
Posts: 3724
Joined: Tue Mar 18, 2014 11:47 am

Re: Antivirus for Raspberry Pi on a corporate network

Fri Jun 08, 2018 9:57 pm

echmain wrote:
Fri Jun 08, 2018 8:06 pm
I couldn’t log on because ONE specific Windows 7 security patch K123xyz hadn’t been installed.
The 123xyz patch is very important: You can tell by its numbering.

At some point, reputation and protection from liability through negligence understandably become more important than productivity. This is good because the resulting inefficiency allows smaller companies to produce a disruptive innovation and become market leaders. In particular, the Raspberry Pi was not developed by IBM, Apple or Xerox.

Although each case is likely different, my suspicion is that many companies take extreme security measures with all computers because they have not properly segmented their network topology, data or operating practices. Once an organisation becomes big enough, it must operate in a way that does not tie important data and decisions to the unimportant.

A possible way of constructing such a structure is through the principle of subsidiarity--each decision is made by the most local competent authority. In a corporate setting such a policy naturally segregates data and provides robustness that prevents a security breach from taking over the entire organisation. The classic example of the resiliency of such a structure is provided by the Catholic Church, which has survived multiple catastrophies through thousands of years.

i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Re: Antivirus for Raspberry Pi on a corporate network

Sat Jun 09, 2018 3:59 pm

echmain wrote:
Fri Jun 08, 2018 8:06 pm
...Normally, software updates are pushed down by IT but every now and then a problem happens. I couldn’t log on because ONE specific Windows 7 security patch K123xyz hadn’t been installed.
...
This is just the way of life at certain companies.
Sounds crazy. I know one company where every PC had 3 (three) AV programs running in parallel. They decided that this is safer. Maybe 90% of resources were used for AV. BTW, this company does not exist since 2007.

Heater
Posts: 13692
Joined: Tue Jul 17, 2012 3:02 pm

Re: Antivirus for Raspberry Pi on a corporate network

Sat Jun 09, 2018 6:33 pm

I think the way to keep you IT BOF's happy is not to connect to their network.

Get yourself a cellular modem and get your Pi access to the internet with that. They are pretty cheap now a days. I use one of these: https://consumer.huawei.com/en/support/ ... 573BS-322/

If you need to communicate between the Pi and anything inside your IT's network use the universal tunnelling protocol (HTTP/HTTPS). Using the services of Dataplicity (https://www.dataplicity.com/) You will be able to get to the command line of your Pi from any web browser. Also with dataplicity you can get access to any web server on your Pi. I'm guessing that not even your IT BOFs are blocking HTTP/HTTPS from inside their network to outside. That is your way in :)
Memory in C++ is a leaky abstraction .

ejolson
Posts: 3724
Joined: Tue Mar 18, 2014 11:47 am

Re: Antivirus for Raspberry Pi on a corporate network

Sat Jun 09, 2018 7:10 pm

Heater wrote:
Sat Jun 09, 2018 6:33 pm
I think the way to keep you IT BOF's happy is not to connect to their network.
Even better would be to leave the Pi in a drawer in the supply room.

Since ClamAV is part of the Debian and Raspbian repositories, a good case can be made for ClamAV to be the supported virus scanner of choice on the Pi. Once that is established, there is plenty more that needs to be done to prevent the Pi from becoming a security liability. At the minimum you will want to change the default password and disable the pi user.

It might be good to have a written policy for updates, backups, user accounts, firewalls, logging and a verification procedure for system integrity and correct functioning. Further documentation how to reinstall and configure the software from scratch is also a good idea.

Depending on how bureaucratic your company is, two to three printed pages may be sufficient. If nothing is required, you may still want such a document for your own reference.

Return to “General discussion”