landysaccoun
join:2008-10-10
| Server Antivirus - Does it exist?
Hello.
I've noticed our LAN is full of viruses spread like crazy and some customer's pc have to be reformatted every other week. They're asking if is our LAN, I say no because my pc is on the same LAN and I haven't get any virus I know of.
I'm curious if theres a program or utility that can be used on a linux router/firewall that would scan all traffic for viruses for especific local ip? With this I'm looking to charge users a small fee to prevent their pc virus free. I don't know if theres really anything like it.
Thanks in advanced for your help. |
|
viperm
Carpe Diem
Premium
join:2002-07-09
Winchester, CA | Control your network and dont allow people to openly surf to whatever the want. |
|
landysaccoun
join:2008-10-10
| I've tried doing that. I've closed all ports and only open web, ssh, mysql, live mess, and others. You can't imagine how many calls I received:
"I can't use my webcam",
"I can't use MagicJack",
"I can't use CallWave",
"I can't play online",
and a lot other crap. |
|
Mike_27
Premium
join:2004-05-15
Gardiner, MT
| reply to landysaccoun
create something like this in your bind:
»www.malware.com.br/cgi/submit?ac···ist_bind
but use a better list of domains:
»www.malwaredomainlist.com/hostsl···osts.txt
then block windows file sharing between hosts on your network.
Mike |
|
Mad Dawg
Mad Dawg
Premium
join:2006-03-19
1 edit | pfsense has a addon package for on the fly Av scanning
so does smoothwall also Fortigate routers have this built in
not sure if IPcop does too but likely it does have an addon as well |
|
shorthairedp
join:2005-11-21
united state | reply to landysaccoun
you can integrate clamav, its on my zeroshell, but it causes a noteable slowness when there is heavy traffic, so I shut it off, but it could have just been a config issue since I left it default |
|
viperm
Carpe Diem
Premium
join:2002-07-09
Winchester, CA
| reply to landysaccoun
If this is a LAN in your own bus9iness network why do they need Magic jack webcams online games etc. Sounds like this office which I am assuming it is, is out of control.
We use a proxy server at the office and only allow certain websites to be accessesd, certain ports etc. We dont have any issues with peopel going to sites and getting "download antivirus 2009" pop ups etc.
You need to lock it down and if they odnt like it then tell them to look elsewhere for employment. WORK IS WORK not someplace where you cna go and screw off all day and watch u-tube, play online games etc.
If this is a binvh of customers on you "wireless network" then they need to hire the right people to contorl thier own internal LAN if you are running your Wireless as a big huge lan then yes you are going to see stuff like this happen.
Thats why you need to route properly, have everyone behind thier own router etc etc.
--
ComTrain Certified Tower Climber. American Tower Certified approved contractor. Wireless consultants. |
|
maxit
join:2009-02-22
Fort St James, BC
| reply to landysaccoun
Have you ever seen an office that isn't 'out of control'? Everyone I've ever been in has at least 80% of workers surfing Facebook, MSNing and youtubing during supposed 'idle times'. Half have Limewire or BitTorrent running all day long.
Talked a couple into blocking apps at their server, setting users with limited rights etc. One office tech even installed DeepFreeze on every terminal and cut traffic down to about 15GB a month for an entire office of 30.
Also as we run a computer shop, I'm damn sick of the 'you should do it for us' line from lazy-ass ignorant PC users. When they bring their system in and it instantly pops up with a warning (they're too stupid to even click the remove or clean button) and you listen to the usual tirade about how 'YOU put the anti-virus in, YOU should clean it for free' it tends to get you a little riled at the total lack of personal responsibility and I for one won't pander to that. |
|
prairiesky
join:2008-12-08
Springstein, MB | reply to landysaccoun
I use open dns to help out my users. I've blocked adware, advertising etc, only had one complaint, so i removed only that site from the block list. Blocks the popup sites nicely.
deepfreeze is an awesome program too! |
|
landysaccoun
join:2008-10-10 |
This is not an office. Is a small wlan I own of about 50 users. |
|
viperm
Carpe Diem
Premium
join:2002-07-09
Winchester, CA
| reply to landysaccoun
Thats differnet but you still need to control as much as you can. I would not recomend a customer be put on without a router or having firewall and stuff turned on etc.
You want to be abel to block certain ports used by malware, phising etc. Its hard to control broadacst storms and other brodcast traffic unless you try and control it at the customer end.
--
ComTrain Certified Tower Climber. American Tower Certified approved contractor. Wireless consultants. |
|
hottboiinnc
ME
join:2003-10-15
Cleveland, OH
 ·Time Warner Cable
·buckeye cable
| reply to landysaccoun
you charge people to have filtered internet? WTF! IF i was paying you to access the network and had to deal with what you said i could and could not do as far as games, webcamming with my brother and nephew/etc, id drop you so fast you wouldn't know what hit you. |
|
shorthairedp
join:2005-11-21
united state
| said by hottboiinnc  :you charge people to have filtered internet? WTF! IF i was paying you to access the network and had to deal with what you said i could and could not do as far as games, webcamming with my brother and nephew/etc, id drop you so fast you wouldn't know what hit you. AND A USER LIKE YOU WOULDNT BE MISSED SO EVERYONE WINS |
|
landysaccoun
join:2008-10-10
| reply to landysaccoun
Dropping a customer is a difficult call. I wouldn't like to lose any customers but, if one is causing problems to the rest I think is better to stay away from that client and drop it like is hot. That's why I'm confused on what to do with the current WLAN settings. I don't know what todo. As I mentioned, I block all ports with:
iptables -P FORWARD DROP
but, once I do that I start getting calls from about 30% of all the customers saying they can't do certain things so, I'm looking for any solution that would allow me to just leave all ports open or just allow all traffic forwarded without having so many problems around such as viruses, slowed internet speed, and so on... |
|
gunther_01
Premium
join:2004-03-29
Saybrook, IL
| reply to landysaccoun
If this wLAN doesn't need to have it's computers talk to each other Definitely don't allow them to see or talk to each other. That will solve any spreading of internal viruses so to speak. Then you can track the bad eggs at your head end and let them know you can fix them for a fee. |
|
landysaccoun
join:2008-10-10 | reply to landysaccoun
I have disabled "default forward" on MT. |
|
ponline
join:2004-03-04
presheva
| If they get viruses from websurfing and downloading suspisious files than it is their responsibility.
Viruses cannot exist on LAN itself, its one(or more) of the infected computer spreading the virus to the other LAN computers.
You should block netbios file sharing and prevent computers to comunicate directly (client isolation on AP). Also advice clients to activate firewall on their computers if they did't. In an ISP environment clients should not be able to communicate to each other directly as in LAN. |
|
Diddy1
join:2003-07-19
Sidney, NE
| reply to landysaccoun
There are many protocols that just shouldn't exist on a WAN etc. network. Lock those out and in addition, disable client to client Comm. and all is legitimate traffic, as far as your network is concerned, and all should be good.
--
if you fail to plan, you plan to fail |
|
kewlkeed
Grouch
Premium
join:2005-02-05
Knowlton, QC
| reply to landysaccoun
Ummmmm yeah this shouldn't be a problem if all was done right.
What kind of WLAN is this? A private one, a business one, a WISP, etc?
It's hard to come up with solutions without knowing how they are able to affect people.
We run a massive WLAN as a WISP and I've never ever had a virus outbreak.
-Client isolation
-Router mode CPE with NAT
-NAT at the head end (For a small network like this it's fine)
-Block SMTP except what you control
-Block windows sharing across the network (not an issue with the first two)
--
Justin - DSLR resident grouch and Mr Negativity
TSI Fanboy - "Dontchya wish your 'net was hot like mine! Ohhh Dontchya!"
Have a nice day! |
|
Inssomniak
Premium
join:2005-04-06
Cayuga, ON
| Ya what he said.!
Route everything.
Netbios blocked is a given, set speed limits in mikrotik.
QoS traffic.
Public IPs direct to the customer with CPE in router mode/PPPoE works really well for us.
I can count on one hand how many customers needed special requests for port forwarding, we dont allow running of servers so its OK. |
|
