Hello,
In our case (working for a Dutch bank) we proved that TE with the right policies, and logging enabled is sufficient.
The problem with virus scanners on Unix, is that few that are available such as clamav, cannot deal with AIX, and more specific with the AIX Kernel.
I must confess that it is more than 2 years ago that I searched for those virus scanners.
So maybe it’s different now?
It seems there is at least one product now that has an endpoint scanner:
Powertech Antivirus for AIX | Fortra but I never tested it.
Due to this discussion, I will have a look at this product.
Concerning virus scanners on AIX I think it also depends what kind of workload you are running, TE is a good protector for the operating system, (executables, libraries, and scripts) but if your data consists of files that are send form other systems, an extra virus scanner to check this data can be a good idea. More ideal is that this data is scanned on the origin system before it’s send to AIX.
About the use of TE:
we use TE in active mode and in passive mode, passive mode for daily scans.
Active mode logs to syslog and the security department monitors TE messages.
See also my blog series:
https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/02/08/aix-and-te-sec-part1
https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/02/22/aix-and-te-trusted-execution-an-underestimated-sec
Part 3 is coming soon 😊
------------------------------
Christian Sonnemans
Tactical Unix system engineer
------------------------------
Original Message:
Sent: Wed March 06, 2024 04:00 AM
From: Mafaaz Salam
Subject: Antivirus Software Recommendations for AIX System
Hi Guys,
Is the implementation of AIX Trusted Execution (TE) functions alone sufficient to address security features, or do you find it necessary to complement it with antivirus software on the AIX system? If you are using antivirus software, could you share your reasons for doing so and recommend any specific products that have proven effective in this context?
------------------------------
Mafaaz Salam
------------------------------