[kwlug-disc] so ... what's your opinion on linux anti-virus software?

unsolicited unsolicited at swiz.ca
Wed Feb 4 21:17:47 EST 2009


john at netdirect.ca wrote, On 02/04/2009 5:12 PM:
> -----kwlug-disc-bounces at kwlug.org wrote: -----
>  >One thought is that although viruses may not affect your friends
>  >computer, infected files can be passed through. Although this issue
>  >affects mostly servers, maybe your friend wants to make sure there
>  >are no infected files in the system or in the media that passes
>  >through.
> 
> Raul makes a good point here. This is why we use AV on Linux *servers*.

IIRC, if you want on the fly scanning, for, at least, avg and clamav 
(note the c not the k) [but klamav calls clamav], you have to rebuild 
your kernel removing a module (capability) so you can add one (dazuko).

A non-trivial operation if not an expert.

Have you found this to be true John / your experiences?

>  >Here is an article asking and responding the same question. The
>  >comments have additional ideas to secure a linux system.
>  >
>  >http://www.linux.com/feature/60208
>  >
>  >Here are a few antivirus
>  >
>  >http://www.pandasoftware.com/download/linux/linux.asp
>  >http://free.avg.com/faq.num-652?srch=linux#faq_652
>  >http://www.f-prot.com/
> 
> We use Trend Micro Serverprotect product as wel as ClamAV.
> 
> IINM, there are Linux viruses and there definetely are Linux worms. The 
> concern is valid but the assumption that an AV product will solve all 
> the problems is wrong.
> 
> Running AV on a Linux box is not without issues though. I've seen cases 
> where an AV client moved all of /bin to quarantine due to a root kit 
> infection. It's a real canary in a coal mine and, in this case anyway, I 
> would have preferred a notice rather than a severely crippled system.
> 
> The biggest security concerns I've seen is password guessing, service 
> bugs and poorly programmed web applications.
> 
> Thwarting them involves only a few basic measures:
> 
> Firewalls to restrict access to ports
> Regular software updates
> Strong passwords or use of alternatives like ssh keys.
> 
> Just be sure to make him/her aware that this is far better than Windows.



More information about the kwlug-disc_kwlug.org mailing list