-
November 6th, 2003, 11:19 AM
#1
Registered User
anti-virus for linux
Are there any anti-virus programs that'll work with Linux?
"I see your lips moving but all I hear is 169.blah.blah.blah."
-
November 6th, 2003, 01:11 PM
#2
-
November 6th, 2003, 03:30 PM
#3
Driver Terrier
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
November 7th, 2003, 09:15 AM
#4
Try trendmicro or NAI...
Don't remeber if they have a linux one but I have used NAI's antivirus for AIX and Trendmicro has a linux antivirus package.
-
November 7th, 2003, 09:38 AM
#5
Registered User
Never tried it but there's also BitDefender
-
November 7th, 2003, 08:44 PM
#6
Registered User
Ah, er, the thing is, several publishers including Sophos, Norman, Kaspersky have Linux versions, but none have fared well in Virus Bulletin's tests http://www.virusbtn.com/vb100/archives/products.xml . Right now, this may not be a big issue, but as Linux gains ground on the desktop, I'm sure it will become more and more of a target. Guess we just have to hope AV companies see the business oportunities ahead of the virus authors.
-
September 6th, 2004, 10:08 PM
#7
I wonder if anyone can provide an update here.
What is the best anti-virus application for Linux desktops?
What is the best free anti-virus?
Is it essential to have a tsr/realtime AV program or are the command line freebies adequate?
Thanks.
Last edited by houseisland; September 7th, 2004 at 08:17 PM.
-
September 7th, 2004, 10:39 AM
#8
I've been using Clam Scan on my gentoo system for a while. It has a deamon running in the background, but I've never noticed it sending any messages, hopefully because there are no viruses in my system. Also, I run ChkRootKit regularly to make sure no kernel mods are infected or malicious.
Make sure that you get something that scans for linux native viruses, and not just for windows viruses that might be passing through a linux email or file server.
-
September 9th, 2004, 12:57 AM
#9
Registered User
OK, serious ?
OK, Serious ? / Devil's advocate:
Does one really need an AV package for linux (or Unix?)
I'm just saying - in windows you accidently click on a file/visit a bad website/have unpatched & unnecessary services running and boom! you're infected. But if I get a malicious attachment in linux well I have to detach it, chmod it, and then run it right?
Don't get me wrong, any linux/unix system serving files (samba/NFS/ftp) to win clients I see the benefit....but wouldn't you be hesitant to put an AV package on linux box used as a standalone system or even (especially) a DB or app server where performamce is key? (e.g. to my knowledge there are no mainframe-based AV scanners..)
My concern in the unix/linux environment is about trojans, and unauthorized file modification... If your PATH is set correctly, you don't run as root 24x7, and only install from trusted sources are you OK just running something like Tripwire or the app noone suggested to detect changes to critical files?
Anyway - just trying to start some lively debate - if linux makes ground as a desktop OS and Linux distros become more "point-n-drool" (i.e make it easier for unprivledged users to execute untrusted code) I guess I can see a risk - Are we safe until MS ports IE and ActiveX to*nix?
-
September 9th, 2004, 07:56 AM
#10
With some of the buffer overflow and privledge escalation vulnerabilities lately, yes, even in a desktop setting there is some use of an antivirus. Do you need it running as a daemon constantly, no. Do you need some form of protection, yes.
Case example, Gaim versions before 0.81-r5 had a buffer overflow vuln that would allow code or commands executed with the same permissions as the user running Gaim. Mesh that with the vuln found in star (an enhanced tar utility) that allowed a local user to gain root access. Use one to activate the other, and you could have a serious situation on your hands. Unlike windows, though, because almost none of this is installed by default, you don't have this situation on every computer out there.
On an DB or app server, with PATH and all the rest, Bastille checking the PATH and firewall rules, Tripwire and chkrootkit checking files in a timely manner from cron, I don't know if you would want the daemon in the background. But why not add it to the down time cron jobs? Sure, you may trust the sources of the programs, but trusted sources don't protect you from some 0-day vulnerability that may affect your system. It comes down to a layered defence, and linuxs tendancy to have programs that do only one thing, instead of suites that do everything. You don't have Norton suite offering a firewall, IDS, virus detection, and such.
Originally Posted by Jeff316
Anyway - just trying to start some lively debate - if linux makes ground as a desktop OS and Linux distros become more "point-n-drool" (i.e make it easier for unprivledged users to execute untrusted code) I guess I can see a risk -Are we safe until MS ports IE and ActiveX to*nix?
You mean like QT based systems were vulnerable to buffer overruns in BMP and other graphics files? Okay, so I cheated and went through http://www.gentoo.org/security/en/glsa/ looking for vulns, but these could affect either a stand alone system or a server being used to surf the web by an underworked and easily borred admin. And I think this is one of the things keeping linux from being "point-and-drool" because who wants to worry about all these little backgroun things, other then geeks? Not saying it's a good or bad thing, but I'm happy that I compiled my system from source.
-
September 9th, 2004, 10:56 AM
#11
Registered User
you sir, make some very good points
Originally Posted by noone
With some of the buffer overflow and privledge escalation vulnerabilities lately, yes, even in a desktop setting there is some use of an antivirus. Do you need it running as a daemon constantly, no. Do you need some form of protection, yes. ... because almost none of this is installed by default, you don't have this situation on every computer out there.
You make good points here - and in a desktop setting one is more likely to have many more apps installed.
Originally Posted by noone
... I don't know if you would want the daemon in the background. But why not add it to the down time cron jobs?
Good point - running a full scan when the computer isn't being used wouldn't hurt performance.
Originally Posted by noone
Sure, you may trust the sources of the programs, but trusted sources don't protect you from some 0-day vulnerability that may affect your system. It comes down to a layered defence, and linuxs tendancy to have programs that do only one thing, instead of suites that do everything. You don't have Norton suite offering a firewall, IDS, virus detection, and such.
Good point - I will say personally I enjoy the work needed harden a linux box. and a layered defense is IMO better than an all-in-one solution.
Originally Posted by noone
You mean like QT based systems were vulnerable to buffer overruns in BMP and other graphics files? Okay, so I cheated and went through http://www.gentoo.org/security/en/glsa/ looking for vulns, but these could affect either a stand alone system or a server being used to surf the web by an underworked and easily borred admin. And I think this is one of the things keeping linux from being "point-and-drool" because who wants to worry about all these little backgroun things, other then geeks? Not saying it's a good or bad thing, but I'm happy that I compiled my system from source.
OK, in 50 words or less - yes, AV for linux makes sense as part of your overall security strategy and I will definitely check out the program you mentioned. Personally I do see a future for desktop linux - especially in those business settings where most work is done on big iron anyway.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks