Re: Debian virus/spy-ware detection and detection technique.
Thank You for Your time and answer, Camaleón:
> On Sat, 17 Jul 2010 14:06:58 +0700, Sthu Deus wrote:
> > I have 3 questions on virus/spy-ware detection and detection
> > technique.
> He, sounds like a test...
Would You like to take it?
> > 1. Which software (may that is even packaged for Debian) is the
> > best at Your opinion and why for virus/spy-ware (the software that
> > scans for interesting data and sends it to some host) detection?
> - For scanning/detecting virus/malware for Windows systems or linux
Please, do not be amazed, but... LINUX. And preferably.... DEBIAN 5/6.
> - For local scanning (e-mails, Internet browsing) or a bunch of
> network share files?
For the local files on HDD and the whole CD/DVD of a distro (live or
> - By "(sic) and sends it to some host" you mean "keep the admin
> informed by sending an alert to a host" or you mean "collaborative
> tools to benefit others"?
Here I mean malicious software that scans for sensitive data like saved
passwords in files and the typed on keyboard as well, then sends it to
the people that have created / infested my OS w/ the software.
> > 3. Is it possible to scan for this very purposes (virus & spy-ware)
> > the distro CD/DVD -s - as it is from the media, without explicit
> > manual unpacking - to be sure the software is OK (in case when
> > check sums are not available OR it is impossible for some reasons
> > to re-download the images)?
> I think yes. Many AV scanners will scan ISO files (no "unpacking"
> required) but that depends on the AV engine itself.
Do You know such a skillful AV engine available for Debian?
> But (and I think this is important) when you scan and ISO file for
> malware and the result is clean/passed, that is not proving the ISO
> image could have been manipulated and/or changed. Checksum (or
If so, then AV engines gives false negatives, why should I use it?
In case we misunderstand each other, I try to rephrase my this
question: I have s live/installable-CD/DVD. I use its normal/rescue
mode - I do somethings w/ my OS on HDD in order to make it working. I
had no ability to check its checksum, so, is there a way I can be sure
that the software I used is "clean"?
> I hope I've passed the test :-P
You truly did. Thank You, once again.