You may have read my earlier blog discussing the requirement for Anti-virus scanning software on Solaris in the US DoD. The Field Security Office of DISA maintains Security Checklists to help their system admins secure a system before attaching to a DoD network.
The good news is that this requirement was lowered from a Category I finding (highest) to a Category II finding (out of a possible IV). Although Sun would prefer an even lower rating, we are happy to see this change.
The bad news is that the checklist requires, "An approved DOD virus scan program" with no definition of which products are approved. Many of the most popular products do not yet support Solaris on X64 platforms. I've updated my earlier blog with products that I've been able to identify so far. Some of these products support Solaris 10 on both the Sparc and X86 platforms.
At this point I'm trying to find out what the "approved DoD products" are from DISA FSO.
Posted by John on August 01, 2007 at 03:33 PM EDT #
Posted by Jim Laurent on August 01, 2007 at 03:52 PM EDT #
DISA might say that the finding for Anti-Virus is a CAT II finding, but it has not made it to either the March or May SRR scripts.
PDI Number: GEN006640 Finding Category: CAT I Reference: UNIX STIG: 6.6 Description: An approved DOD virus scan program is not used and/or updated. Status: OpenFor example: GEN006640: UNIX STIG: 6.6 - An approved DOD virus scan program is not used and/o r updated. GEN006640: The Anti-Virus software needs to be updated.
This is from one of my Solaris 10 machines that the May 2007 SRR scripts was run on.Posted by Robert Escue on August 02, 2007 at 02:13 PM EDT #
Posted by Jim Laurent on August 02, 2007 at 02:28 PM EDT #
You're right! It figures they would show up without the latest stuff.
Posted by Robert Escue on August 02, 2007 at 02:59 PM EDT #
Posted by Everett "Ev" F Batey on August 02, 2007 at 04:41 PM EDT #
Posted by Jim Laurent on August 02, 2007 at 04:45 PM EDT #
We use Retina and so does DISA. What's your question?
Posted by Robert Escue on August 02, 2007 at 05:41 PM EDT #
You need a .mil address to even see it, but a customer can supposedly download his/her own copy of a DISA-licensed (and one would assume, "approved") AV from URL https://www.jtfgno.mil/antivirus/av_info.htm
This is from the DISA web site.
I have not been able to verify this myself, since I no longer have a .mil url/login to try from. Several years ago ('04), some licensed AV and signature updates were available from the DISA site for some *nix and *nux, but your original blog post summed up their limitations and tradeoffs quite nicely.
Neither have I been able to verify whether a Solaris binary exists or if it is necessary to compile source.
Posted by Dave K on August 20, 2007 at 04:12 PM EDT #
McAfee's (aka Symantec)'s Uvscan is DoD approved but does not natively run on Solaris x86. However, you can use LXRUN to emulate uvscan for Linux (actually it translates system calls from Linux to Solaris) and it will run uvscan just fine. There may be a few initial warnings when running it due to the 'emulation' but it runs great. Running uvscan through LXRUN does require a few libaries from a Linux distribution. I built LXRUN from source using GCC on Trusted Solaris 8 system for a government (Navy) customer of mine.. works great with uvscan.
http://www.ugcs.caltech.edu/~steven/lxrun/
Kevin Caldwell
Black Sheep Networks
Posted by Kevin Caldwell on August 23, 2007 at 04:43 PM EDT #
Very interesting. Thanks for the tip although I'm surprised that the govt. customer let you do that.
It will be out little secret.
Posted by Jim Laurent on August 23, 2007 at 04:54 PM EDT #
Thank you for the information.
http://www.cebeci.info
Posted by new software on June 09, 2009 at 05:05 PM EDT #
Thanks to Brian Cameron of Sun for providing this answer.....
The best way to do this is to modify the GDM Init script so that it
launches a dialog. If you launch the dialog with "&" then the dialog
will display with the login screen. If you don't launch with "&", then
the user will need to exit the dialog (perhaps by hitting a confirmation
button) before the login screen will display.
http://www.globalsale.me/Aion-gold-083.aspx
http://www.cheap-gamegold.org
http://www.gamegoldvip.org
http://www.watchrolexshop.com
http://www.gamegoldme.com
Posted by lotro gold on June 24, 2009 at 06:54 AM EDT #
good writer and this kind of article is nice.
Posted by Free Virus Protection on July 24, 2009 at 12:02 AM EDT #
any update on what the "approved DoD products" are from DISA FSO
Posted by Presley Ellsworth on October 08, 2009 at 03:00 PM EDT #
I don't know. If you are a DoD customer, you should contact the DISA FSO help desk at:
iase.disa.mil
IASE Support Questions:
Line
Please contact the Oklahoma City Help Desk for IASE Information Desk questions:
Phone: DSN 339-5600, (405) 739-5600
Toll Free: 1-800-490-1643
Email: disa-esmost@csd.disa.mil
Posted by Jim Laurent on October 08, 2009 at 03:07 PM EDT #