anti-virus for linux
Results 1 to 11 of 11

Thread: anti-virus for linux

  1. #1
    Registered User Ronin's Avatar
    Join Date
    Nov 2001
    Location
    Virginia, U.S.A.
    Posts
    465

    anti-virus for linux

    Are there any anti-virus programs that'll work with Linux?
    "I see your lips moving but all I hear is 169.blah.blah.blah."

  2. #2
    Registered User
    Join Date
    Mar 2002
    Posts
    110

  3. #3
    Driver Terrier NooNoo's Avatar
    Join Date
    Dec 2000
    Location
    UK
    Posts
    31,824
    Never, ever approach a computer saying or even thinking "I will just do this quickly."

  4. #4
    Registered User
    Join Date
    Mar 2001
    Location
    Birmingham, AL
    Posts
    19

    Try trendmicro or NAI...

    Don't remeber if they have a linux one but I have used NAI's antivirus for AIX and Trendmicro has a linux antivirus package.
    ***I Like Pie***

  5. #5
    Registered User shamus's Avatar
    Join Date
    Apr 2001
    Location
    Cornish,Maine,USA
    Posts
    3,140
    Never tried it but there's also BitDefender

  6. #6
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    Ah, er, the thing is, several publishers including Sophos, Norman, Kaspersky have Linux versions, but none have fared well in Virus Bulletin's tests http://www.virusbtn.com/vb100/archives/products.xml . Right now, this may not be a big issue, but as Linux gains ground on the desktop, I'm sure it will become more and more of a target. Guess we just have to hope AV companies see the business oportunities ahead of the virus authors.

  7. #7
    Registered User
    Join Date
    Jan 1999
    Location
    Canada
    Posts
    2,513
    I wonder if anyone can provide an update here.

    What is the best anti-virus application for Linux desktops?

    What is the best free anti-virus?

    Is it essential to have a tsr/realtime AV program or are the command line freebies adequate?

    Thanks.
    Last edited by houseisland; September 7th, 2004 at 08:17 PM.

  8. #8
    Registered User
    Join Date
    Dec 2003
    Posts
    38
    I've been using Clam Scan on my gentoo system for a while. It has a deamon running in the background, but I've never noticed it sending any messages, hopefully because there are no viruses in my system. Also, I run ChkRootKit regularly to make sure no kernel mods are infected or malicious.

    Make sure that you get something that scans for linux native viruses, and not just for windows viruses that might be passing through a linux email or file server.

  9. #9
    Registered User Jeff316's Avatar
    Join Date
    Jul 2004
    Location
    Birmingham, AL
    Posts
    65

    OK, serious ?

    OK, Serious ? / Devil's advocate:

    Does one really need an AV package for linux (or Unix?)

    I'm just saying - in windows you accidently click on a file/visit a bad website/have unpatched & unnecessary services running and boom! you're infected. But if I get a malicious attachment in linux well I have to detach it, chmod it, and then run it right?

    Don't get me wrong, any linux/unix system serving files (samba/NFS/ftp) to win clients I see the benefit....but wouldn't you be hesitant to put an AV package on linux box used as a standalone system or even (especially) a DB or app server where performamce is key? (e.g. to my knowledge there are no mainframe-based AV scanners..)

    My concern in the unix/linux environment is about trojans, and unauthorized file modification... If your PATH is set correctly, you don't run as root 24x7, and only install from trusted sources are you OK just running something like Tripwire or the app noone suggested to detect changes to critical files?

    Anyway - just trying to start some lively debate - if linux makes ground as a desktop OS and Linux distros become more "point-n-drool" (i.e make it easier for unprivledged users to execute untrusted code) I guess I can see a risk - Are we safe until MS ports IE and ActiveX to*nix?

  10. #10
    Registered User
    Join Date
    Dec 2003
    Posts
    38
    With some of the buffer overflow and privledge escalation vulnerabilities lately, yes, even in a desktop setting there is some use of an antivirus. Do you need it running as a daemon constantly, no. Do you need some form of protection, yes.

    Case example, Gaim versions before 0.81-r5 had a buffer overflow vuln that would allow code or commands executed with the same permissions as the user running Gaim. Mesh that with the vuln found in star (an enhanced tar utility) that allowed a local user to gain root access. Use one to activate the other, and you could have a serious situation on your hands. Unlike windows, though, because almost none of this is installed by default, you don't have this situation on every computer out there.

    On an DB or app server, with PATH and all the rest, Bastille checking the PATH and firewall rules, Tripwire and chkrootkit checking files in a timely manner from cron, I don't know if you would want the daemon in the background. But why not add it to the down time cron jobs? Sure, you may trust the sources of the programs, but trusted sources don't protect you from some 0-day vulnerability that may affect your system. It comes down to a layered defence, and linuxs tendancy to have programs that do only one thing, instead of suites that do everything. You don't have Norton suite offering a firewall, IDS, virus detection, and such.

    Quote Originally Posted by Jeff316
    Anyway - just trying to start some lively debate - if linux makes ground as a desktop OS and Linux distros become more "point-n-drool" (i.e make it easier for unprivledged users to execute untrusted code) I guess I can see a risk -Are we safe until MS ports IE and ActiveX to*nix?
    You mean like QT based systems were vulnerable to buffer overruns in BMP and other graphics files? Okay, so I cheated and went through http://www.gentoo.org/security/en/glsa/ looking for vulns, but these could affect either a stand alone system or a server being used to surf the web by an underworked and easily borred admin. And I think this is one of the things keeping linux from being "point-and-drool" because who wants to worry about all these little backgroun things, other then geeks? Not saying it's a good or bad thing, but I'm happy that I compiled my system from source.

  11. #11
    Registered User Jeff316's Avatar
    Join Date
    Jul 2004
    Location
    Birmingham, AL
    Posts
    65

    you sir, make some very good points

    Quote Originally Posted by noone
    With some of the buffer overflow and privledge escalation vulnerabilities lately, yes, even in a desktop setting there is some use of an antivirus. Do you need it running as a daemon constantly, no. Do you need some form of protection, yes. ... because almost none of this is installed by default, you don't have this situation on every computer out there.

    You make good points here - and in a desktop setting one is more likely to have many more apps installed.


    Quote Originally Posted by noone
    ... I don't know if you would want the daemon in the background. But why not add it to the down time cron jobs?
    Good point - running a full scan when the computer isn't being used wouldn't hurt performance.


    Quote Originally Posted by noone
    Sure, you may trust the sources of the programs, but trusted sources don't protect you from some 0-day vulnerability that may affect your system. It comes down to a layered defence, and linuxs tendancy to have programs that do only one thing, instead of suites that do everything. You don't have Norton suite offering a firewall, IDS, virus detection, and such.

    Good point - I will say personally I enjoy the work needed harden a linux box. and a layered defense is IMO better than an all-in-one solution.

    Quote Originally Posted by noone
    You mean like QT based systems were vulnerable to buffer overruns in BMP and other graphics files? Okay, so I cheated and went through http://www.gentoo.org/security/en/glsa/ looking for vulns, but these could affect either a stand alone system or a server being used to surf the web by an underworked and easily borred admin. And I think this is one of the things keeping linux from being "point-and-drool" because who wants to worry about all these little backgroun things, other then geeks? Not saying it's a good or bad thing, but I'm happy that I compiled my system from source.

    OK, in 50 words or less - yes, AV for linux makes sense as part of your overall security strategy and I will definitely check out the program you mentioned. Personally I do see a future for desktop linux - especially in those business settings where most work is done on big iron anyway.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •