Re: Antivirus for Debian

To: debian-user@lists.debian.org
Subject: Re: Antivirus for Debian
From: Frédéric Marchal <frederic.marchal@wowtechnology.com>
Date: Fri, 21 Aug 2015 13:55:54 +0200
Message-id: <[🔎] 2310533.AcITYzl1yZ@port-fma>
In-reply-to: <[🔎] 55D6EF4B.6040401@yahoo.fr>
References: <[🔎] CAMb9PZmocO3KKPOJhAevvouM0Tgfx8ZZc-bUXdgat3Gzv906GQ@mail.gmail.com> <[🔎] 20082015193032.d182317082a2@desktop.copernicus.demon.co.uk> <[🔎] 55D6EF4B.6040401@yahoo.fr>

On Friday 21 August 2015 11:28:43 Diogene Laerce wrote:
> Could anyone here, honest, as we all are I know, guarantee at 100% that
> the OP won't ever have any virus issue on his Debian system ?
> 
> No.
> 
> Should he fear viruses as much as on a Windows system ?
> 
> Certainly not.
> 
> Security relies first on common sense. Is it common sense to rely on the
> hackers laziness to attack Linux because it would maybe eventually be
> unattractive ?
> 
> Certainly not.
> 
> Does run a AV from time to time on his computer will harm the OP or his
> machine ?
> 
> Unless he does it manually with a hammer and a saw.. I don't think so.
> 
> So should you (the OP) run an AV ?
> 
> Well.. I guess. IMVHO ;)

My understanding of ClamAV is that it is not suitable to scan an infected 
Linux computer from the computer itself.

ClamAV is suitable to scan Windows partitions from a Linux boot cd or to scan 
mails relayed by a Linux server or scan Windows files hosted on a 
Samba/ftp/http server but that's about it. It doesn't work like Windows AV.

As far as I know there are no software for Linux that work like AV on Windows 
where the virus killer is also responsible for preventing a nasty application 
from starting in the first place (please provide links if I'm wrong).

To protect the integrity of a Linux system, Tripwire, AppArmor or SElinux can 
be used but they don't protect files in $HOME (if the user is allowed to edit 
his/her own files, a rogue app running as that user can do it too).

If the system is infected, rkcheck or rootkit hunter are the tools to use but 
then it is already too late for the damaged files.

On the good side, an active runtime protection (like Windows does) is not 
really necessary on Linux as we all install softwares from the official 
repository or compile them from trusted source code (we all do that, do we :-) 
). It is much less common to install games or warez downloaded from the 
internet.

The main threat left comes from web scripts such as javascript, flash or java 
applets running on visited web sites. Installing an addon such a NoScript on 
Iceweasel may help a lot here. And keeping the browser up to date is 
mandatory!

Frederic

Reply to:

Follow-Ups:
- Re: Antivirus for Debian
  - From: <tomas@tuxteam.de>
- Re: Antivirus for Debian
  - From: Michael Jones <mj@mikejonesey.co.uk>

References:
- Antivirus for Debian
  - From: Dwijesh Gajadur <dwijesh1@gmail.com>
- Re: Antivirus for Debian
  - From: Brian <ad44@cityscape.co.uk>
- Re: Antivirus for Debian
  - From: Diogene Laerce <me_buss777@yahoo.fr>

Prev by Date: Re: Antivirus for Debian
Next by Date: Re: Antivirus for Debian
Previous by thread: Re: Antivirus for Debian
Next by thread: Re: Antivirus for Debian
Index(es):
- Date
- Thread