[kwlug-disc] so ... what's your opinion on linux anti-virus software?
unsolicited at swiz.ca
Wed Feb 4 21:17:47 EST 2009
john at netdirect.ca wrote, On 02/04/2009 5:12 PM:
> -----kwlug-disc-bounces at kwlug.org wrote: -----
> >One thought is that although viruses may not affect your friends
> >computer, infected files can be passed through. Although this issue
> >affects mostly servers, maybe your friend wants to make sure there
> >are no infected files in the system or in the media that passes
> Raul makes a good point here. This is why we use AV on Linux *servers*.
IIRC, if you want on the fly scanning, for, at least, avg and clamav
(note the c not the k) [but klamav calls clamav], you have to rebuild
your kernel removing a module (capability) so you can add one (dazuko).
A non-trivial operation if not an expert.
Have you found this to be true John / your experiences?
> >Here is an article asking and responding the same question. The
> >comments have additional ideas to secure a linux system.
> >Here are a few antivirus
> We use Trend Micro Serverprotect product as wel as ClamAV.
> IINM, there are Linux viruses and there definetely are Linux worms. The
> concern is valid but the assumption that an AV product will solve all
> the problems is wrong.
> Running AV on a Linux box is not without issues though. I've seen cases
> where an AV client moved all of /bin to quarantine due to a root kit
> infection. It's a real canary in a coal mine and, in this case anyway, I
> would have preferred a notice rather than a severely crippled system.
> The biggest security concerns I've seen is password guessing, service
> bugs and poorly programmed web applications.
> Thwarting them involves only a few basic measures:
> Firewalls to restrict access to ports
> Regular software updates
> Strong passwords or use of alternatives like ssh keys.
> Just be sure to make him/her aware that this is far better than Windows.
More information about the kwlug-disc