[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: In search of a Linux Virus Scanner

On Mon, Oct 01, 2001 at 01:51:31PM -0400, Theodore Knab wrote:

> With the Nimba virus/worm and the Code Red worm breaking Windows
> around the globe, I am nervously waiting for the next Linux Worm. 
> It would be more work to make a Linux virus or worm because the
> designer would have to take care creating 2 programs as opposed to
> one.
> What is being done to protect against this ?  Are there any Linux
> virus/ worm scanners for Debian?

I don't see much of a use for such a thing.  In the windows world, a
virus scanner is merely a program that searching the contents of a disk
for "fingerprints".  It keeps these fingerprints in a database that must
be periodically updated by the user.  The only reason this is needed is
that there are just so damn many Windows viruses.

In the Linux world, it's much more reasonable to just write a one-shot
scripts/programs to search for specific viruses/worms, since they're so
uncommon.  Since the virus/worm doesn't yet exist, we don't know what to
look for.  Once it exists, someone will figure out exactly what to look
for to determine whether a host has been infected and write a scanner.

You can also use a tool like AIDE or tripwire to monitor your disk for
unexpected changes.  That will catch most trouble right there.


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpod2pACfkRt.pgp
Description: PGP signature

Reply to: