Are there any anti-virus programs that'll work with Linux?
Printable View
Are there any anti-virus programs that'll work with Linux?
Don't remeber if they have a linux one but I have used NAI's antivirus for AIX and Trendmicro has a linux antivirus package.
Never tried it but there's also BitDefender
Ah, er, the thing is, several publishers including Sophos, Norman, Kaspersky have Linux versions, but none have fared well in Virus Bulletin's tests http://www.virusbtn.com/vb100/archives/products.xml . Right now, this may not be a big issue, but as Linux gains ground on the desktop, I'm sure it will become more and more of a target. Guess we just have to hope AV companies see the business oportunities ahead of the virus authors.
I wonder if anyone can provide an update here.
What is the best anti-virus application for Linux desktops?
What is the best free anti-virus?
Is it essential to have a tsr/realtime AV program or are the command line freebies adequate?
Thanks.
I've been using Clam Scan on my gentoo system for a while. It has a deamon running in the background, but I've never noticed it sending any messages, hopefully because there are no viruses in my system. Also, I run ChkRootKit regularly to make sure no kernel mods are infected or malicious.
Make sure that you get something that scans for linux native viruses, and not just for windows viruses that might be passing through a linux email or file server.
OK, Serious ? / Devil's advocate:
Does one really need an AV package for linux (or Unix?)
I'm just saying - in windows you accidently click on a file/visit a bad website/have unpatched & unnecessary services running and boom! you're infected. But if I get a malicious attachment in linux well I have to detach it, chmod it, and then run it right?
Don't get me wrong, any linux/unix system serving files (samba/NFS/ftp) to win clients I see the benefit....but wouldn't you be hesitant to put an AV package on linux box used as a standalone system or even (especially) a DB or app server where performamce is key? (e.g. to my knowledge there are no mainframe-based AV scanners..)
My concern in the unix/linux environment is about trojans, and unauthorized file modification... If your PATH is set correctly, you don't run as root 24x7, and only install from trusted sources are you OK just running something like Tripwire or the app noone suggested to detect changes to critical files?
Anyway - just trying to start some lively debate - if linux makes ground as a desktop OS and Linux distros become more "point-n-drool" (i.e make it easier for unprivledged users to execute untrusted code) I guess I can see a risk - Are we safe until MS ports IE and ActiveX to*nix? ;)
With some of the buffer overflow and privledge escalation vulnerabilities lately, yes, even in a desktop setting there is some use of an antivirus. Do you need it running as a daemon constantly, no. Do you need some form of protection, yes.
Case example, Gaim versions before 0.81-r5 had a buffer overflow vuln that would allow code or commands executed with the same permissions as the user running Gaim. Mesh that with the vuln found in star (an enhanced tar utility) that allowed a local user to gain root access. Use one to activate the other, and you could have a serious situation on your hands. Unlike windows, though, because almost none of this is installed by default, you don't have this situation on every computer out there.
On an DB or app server, with PATH and all the rest, Bastille checking the PATH and firewall rules, Tripwire and chkrootkit checking files in a timely manner from cron, I don't know if you would want the daemon in the background. But why not add it to the down time cron jobs? Sure, you may trust the sources of the programs, but trusted sources don't protect you from some 0-day vulnerability that may affect your system. It comes down to a layered defence, and linuxs tendancy to have programs that do only one thing, instead of suites that do everything. You don't have Norton suite offering a firewall, IDS, virus detection, and such.
You mean like QT based systems were vulnerable to buffer overruns in BMP and other graphics files? Okay, so I cheated and went through http://www.gentoo.org/security/en/glsa/ looking for vulns, but these could affect either a stand alone system or a server being used to surf the web by an underworked and easily borred admin. And I think this is one of the things keeping linux from being "point-and-drool" because who wants to worry about all these little backgroun things, other then geeks? Not saying it's a good or bad thing, but I'm happy that I compiled my system from source.Quote:
Originally Posted by Jeff316
Quote:
Originally Posted by noone
You make good points here - and in a desktop setting one is more likely to have many more apps installed.
Good point - running a full scan when the computer isn't being used wouldn't hurt performance.Quote:
Originally Posted by noone
Quote:
Originally Posted by noone
Good point - I will say personally I enjoy the work needed harden a linux box. and a layered defense is IMO better than an all-in-one solution.
Quote:
Originally Posted by noone
OK, in 50 words or less - yes, AV for linux makes sense as part of your overall security strategy and I will definitely check out the program you mentioned. Personally I do see a future for desktop linux - especially in those business settings where most work is done on big iron anyway.