Re: Debian virus/spy-ware detection and detection technique.

To: debian-user@lists.debian.org
Subject: Re: Debian virus/spy-ware detection and detection technique.
From: Sthu Deus <sthu.deus@gmail.com>
Date: Mon, 19 Jul 2010 15:12:26 +0700
Message-id: <[🔎] 4c4484b9.ce7c0e0a.15d2.1815@mx.google.com>
In-reply-to: <[🔎] pan.2010.07.17.09.31.09@gmail.com>
References: <[🔎] 4c4156a3.ce7c0e0a.6a17.ffffa666@mx.google.com> <[🔎] pan.2010.07.17.09.31.09@gmail.com>

Thank You for Your time and answer, Camaleón:

> On Sat, 17 Jul 2010 14:06:58 +0700, Sthu Deus wrote:
> 
> > I have 3 questions on virus/spy-ware detection and detection
> > technique.  
> 
> He, sounds like a test...

Would You like to take it?

> > 1. Which software (may that is even packaged for Debian) is the
> > best at Your opinion and why for virus/spy-ware (the software that
> > scans for interesting data and sends it to some host) detection?  
> 
> - For scanning/detecting virus/malware for Windows systems or linux 
> systems?

Please, do not be amazed, but... LINUX. And preferably.... DEBIAN 5/6.

> - For local scanning (e-mails, Internet browsing) or a bunch of
> network share files?

For the local files on HDD and the whole CD/DVD of a distro (live or
installable).

> - By "(sic) and sends it to some host" you mean "keep the admin
> informed by sending an alert to a host" or you mean "collaborative
> tools to benefit others"?

Here I mean malicious software that scans for sensitive data like saved
passwords in files and the typed on keyboard as well, then sends it to
the people that have created / infested my OS w/ the software.

> > 3. Is it possible to scan for this very purposes (virus & spy-ware)
> > the distro CD/DVD -s - as it is from the media, without explicit
> > manual unpacking - to be sure the software is OK (in case when
> > check sums are not available OR it is impossible for some reasons
> > to re-download the images)?  
> 
> I think yes. Many AV scanners will scan ISO files (no "unpacking" 
> required) but that depends on the AV engine itself.

Do You know such a skillful AV engine available for Debian?

> But (and I think this is important) when you scan and ISO file for 
> malware and the result is clean/passed, that is not proving the ISO
> image could have been manipulated and/or changed. Checksum (or

If so, then AV engines gives false negatives, why should I use it?
In case we misunderstand each other, I try to rephrase my this
question: I have s live/installable-CD/DVD. I use its normal/rescue
mode - I do somethings w/ my OS on HDD in order to make it working. I
had no ability to check its checksum, so, is there a way I can be sure
that the software I used is "clean"?

> I hope I've passed the test :-P
You truly did. Thank You, once again.

Reply to:

Follow-Ups:
- Re: Debian virus/spy-ware detection and detection technique.
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Debian virus/spy-ware detection and detection technique.
  - From: Camaleón <noelamac@gmail.com>

References:
- Debian virus/spy-ware detection and detection technique.
  - From: Sthu Deus <sthu.deus@gmail.com>
- Re: Debian virus/spy-ware detection and detection technique.
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: Debian virus/spy-ware detection and detection technique.
Next by Date: ftp client that understands utf8
Previous by thread: Re: Debian virus/spy-ware detection and detection technique.
Next by thread: Re: Debian virus/spy-ware detection and detection technique.
Index(es):
- Date
- Thread