Re: virus killers?

To: debian-user@lists.debian.org
Subject: Re: virus killers?
From: "Jamin W. Collins" <jcollins@asgardsrealm.net>
Date: Sat, 12 Oct 2002 14:35:02 -0500
Message-id: <[🔎] 20021012193502.GC4925@jamin-mini>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20021012052208.GA85220@doorstop.net>
References: <[🔎] ZW2YLGYW86XUNQLWKI13XQHCA6C7.3da72edc@AOpen> <[🔎] 20021011215201.GA37089@doorstop.net> <[🔎] 20021011175037.1cc3ca6d.jcollins@asgardsrealm.net> <[🔎] 20021012052208.GA85220@doorstop.net>

On Fri, Oct 11, 2002 at 10:22:08PM -0700, Vineet Kumar wrote:

> Had my message consisted solely of "Nope." that would have been bad
> advice.  But, in fairness, I did mention that there are other steps to
> take in order to secure a debian machine, but that a virs scanner isn't
> necessarily one of them. 

The dismissal of a virus scanner as one of the steps to secure a system
(Linux based or otherwise) is the bad advice.  It's somewhat similar to
thinking that just because you might happen to live in a
neighborhood/city with little to no crime that there is no need to lock
your house when you leave.  While this may be true the majority of the
time, it's silly not to take the extra precaution.

> All right, so what would you recommend?  I can't think of a good scanner
> that will protect a debian system from viruses.  That's not to say that
> things like iptables/snort/tripwire aren't important, but I don't think
> that any of them properly fits into the "virus scanner" category.

That would all depend on the desired end result.  Are we talking about
scanning routed IP level traffic, e-mails, or local system files?  These
are all very different items.  Let's take them one at a time.

IP traffic:
I've seen very little (even in the MS sector) that is capable of
adequately scanning IP traffic routed through the system.  So, I doubt
there is much available in the Linux (or other Unix variant) area.

e-mail:
A quick scan of the Debian package archive shows the following:
   messagewall
   sanitizer
   amavis-exim
   amavis-milter
   amavis-postfix
   blackhole-exim
   mailscanner
   blacikhole-qmail

local system files:
Another quick scan of the Debian package list shows:
   scannerdaemon
   f-prot-installer
   clamav

So, it would appear that there are a number of options.  Again, it
really depends on what the desired end result is.  However, my point is
that just because a platform doesn't currently have a large list of
viruses targeted at it (such as in the MS sector), doesn't mean that
the end users shouldn't be prepared with a virus scanner and frequently
updated virus definitions. 

Before it's posted as a rebuttal, I'll post it here myself.  I am fully
aware of, and have read opinions expressed on the following link
indicating that a virus scanner is not needed.  I don't agree with all
of the points the author makes.  I'm not saying that a scanner is a
mandatory item, but it is something that _should_ be considered rather
than simply dismissed.

   http://linuxmafia.com/~rick/faq/#virus

For those that believe that Linux (or other Unix variants) are
completely immune to virus infection, the following link may be of
interest:

   http://www.lwfug.org/~abartoli/virus-writing-HOWTO/_html/

-- 
Jamin W. Collins

Reply to:

Follow-Ups:
- Re: virus killers?
  - From: Paul Johnson <baloo@ursine.dyndns.org>
- Re: virus killers?
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>
- Re: virus killers?
  - From: Tom Cook <tom.cook@adelaide.edu.au>

References:
- virus killers?
  - From: if.frijns@wanadoo.nl
- Re: virus killers?
  - From: Vineet Kumar <debian-user@virtual.doorstop.net>
- Re: virus killers?
  - From: Jamin W.Collins <jcollins@asgardsrealm.net>
- Re: virus killers?
  - From: Vineet Kumar <debian-user@virtual.doorstop.net>

Prev by Date: RE: Kernel Panic was: System is too Big; son of make menuconfig
Next by Date: Re: Kernel Panic was: System is too Big; son of make menuconfig
Previous by thread: Re: virus killers?
Next by thread: Re: virus killers?
Index(es):
- Date
- Thread