Re: Antivirus for Debian

To: debian-user@lists.debian.org
Subject: Re: Antivirus for Debian
From: "Andrew M.A. Cater" <amacater@galactic.demon.co.uk>
Date: Thu, 20 Aug 2015 20:08:28 +0000
Message-id: <[🔎] 20150820200828.GA6523@galactic.demon.co.uk>
In-reply-to: <[🔎] 20082015201248.d77b92bf31ea@desktop.copernicus.demon.co.uk>
References: <[🔎] CAMb9PZmocO3KKPOJhAevvouM0Tgfx8ZZc-bUXdgat3Gzv906GQ@mail.gmail.com> <[🔎] 20150820192449.0c4d17e4@abydos.stargate.org.uk> <[🔎] 20082015201248.d77b92bf31ea@desktop.copernicus.demon.co.uk>

On Thu, Aug 20, 2015 at 08:30:18PM +0100, Brian wrote:
> On Thu 20 Aug 2015 at 19:24:49 +0100, Brad Rogers wrote:
> 
> > On Thu, 20 Aug 2015 21:58:50 +0400
> > Dwijesh Gajadur <dwijesh1@gmail.com> wrote:
> > 
> > Hello Dwijesh,
> > 
> > >Hello guys. I wanted to know if antivirus is required for Debian or for
> > >linux in general. And if it is required, what are the recommended
> > >antivirus for Debian?
> > 
> > The viruses that run on linux (any distro) are few and far between.
> 
> To the extent that they don't exist. So the frequency of them is not an
> issue.
> 

Viruses for Linux - There's a couple of lab examples, pretty much, and that's it. 

Although chkrootkit and rkhunter are still around, a patched, up to date Debian
is pretty much immune to "rootkits". Debsecan - Debian security analyser - which
links CVEs with vulnerable packages produces some false positives and cannot be
relied on as definitively correct but only as an indicator.

Where security bugs are pointed up as people find holes in packaes, they're fixed. 
It's important to stay up to date with updates as they are made, that's the most 
important risk mitigation in any OS.

Extensions to webservers and the like are where most problems occur and websites
are most often exploited, one way and another.

> > Existing almost entirely as "proof of concept".
> > 
> > As Renaud points out, if you run a mailserver, then you would be well
> > advised to run AV software.  That software will be looking for Windows
> > malware though, not linux.
> 
> I run a mail server on Debian. All mail is handled by it. I do not run
> AV software, Where am I going wrong? I refuse to take your advice to
> install AV software simply because I have a mail server. I am not "well
> advised".

Are you running an ISP / providing mail services for friends/neighbours?
If not, it's pretty much immaterial. If you're worried about it and you
want to be nice to people reading their mail on vulnerable OS'es, then
you run spamassassin / clamav to advise. 

Buying commercial AV for Linux is a waste of money unless and until your
security authorities "require AV" for e.g. banking regulation and compliance
certification.

All the best,

AndyC

Reply to:

References:
- Antivirus for Debian
  - From: Dwijesh Gajadur <dwijesh1@gmail.com>
- Re: Antivirus for Debian
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: Antivirus for Debian
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: Antivirus for Debian
Next by Date: Re: Antivirus for Debian
Previous by thread: Re: Antivirus for Debian
Next by thread: Re: Antivirus for Debian
Index(es):
- Date
- Thread