Security Basics mailing list archives
Re: antivirus for linux
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 17 Jun 2004 14:12:53 +0200
On 2004-06-15 Bruno França dos Reis wrote:
I'm kinda new to linux, and getting more and more worried about security. I was wondering: is it necessary for me to have an anti-virus application? If so, is it a "live scanner", like the ones I know for windows?
Running a virus scanner is never necessary, though running one may be a Good Idea(tm), since it allows you to identify certain malware. However, keep in mind that any scanner is only as good as its signatures are. If you are using outdated signatures, then the scanner won't be very useful. Also keep in mind that a scanner may be fooled in some way or the other, e.g.: - compressed file in a compressed file in a ... - compression-algorithm unknown to the scanner - encrypted files - compressed large files may DoS the scanner
Do you recommend using an anti-virus software?
If you are running on Linux only, you probably won't need AV software. If you have some Windows clients in your network, you would probably want a virus scanner to scan directories your Linux box shares over the network.
If so, which?
I won't recommend any, but there are various AV products available for Linux, e.g.: - ClamAV [1] - F-Prot [2] - AntiVir [3]
Moreover, I have a linux firewall. Is there any way for me to detect virus activity trying either to break into a computer (like Sasser or others like it)
Sasser and the like are not viruses but worms. A virus scanner won't help against those, because when the scanner detects them, the intrusion has already happened. I would recommend preventing infection by not providing the exploited services to the outside world rather than just detecting that you've been hosed. To be more precise, provide only services to the outside world that definitely must be accessible from there. Not to forget: keep your system patched.
or to detect incoming mail with virus? Note: my firewall isn't my mail server. I was wondering if it could sniff connections to pop mail servers and detect virus code.
AMaViS [4] will allow you to scan mails. [1] http://www.clamav.net/ [2] http://www.f-prot.com/products/home_use/linux/ [3] http://www.antivir.de/en/ [4] http://www.amavis.org/ HTH Regards Ansgar Wiechers --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- antivirus for linux Bruno França dos Reis (Jun 16)
- Re: antivirus for linux Glenn_Valenta (Jun 18)
- Re: antivirus for linux Mircea MITU (Jun 18)
- RE: antivirus for linux Jason Jaszewski (Jun 18)
- Re: antivirus for linux backup (Jun 21)
- Re: antivirus for linux Ansgar -59cobalt- Wiechers (Jun 21)
- <Possible follow-ups>
- Re: antivirus for linux Iain Thomson (Jun 17)
- Re: antivirus for linux Derek Schaible (Jun 18)
- Re: antivirus for linux Ranjeet Shetye (Jun 19)
- Re: Antivirus for Linux Robert McIntyre (Jun 18)
- Re: Antivirus for Linux Ho Chaw Ming (Jun 21)
- RE: antivirus for linux Harshal Dedhia (Jun 18)
- Re: antivirus for linux Larry Mitchell (Jun 21)
- Re: antivirus for linux Joerg Over Dexia (Jun 22)
- Re: antivirus for linux Mircea MITU (Jun 23)
- Re: antivirus for linux Dan Margolis (Jun 24)
- Re: antivirus for linux Larry Mitchell (Jun 21)