Re: Antivirus for Debian
On Friday 21 August 2015 08:53:46 tomas@tuxteam.de wrote:
> On Fri, Aug 21, 2015 at 01:55:54PM +0200, Frédéric Marchal wrote:
>
> [...]
>
> > My understanding of ClamAV is that it is not suitable to scan an
> > infected Linux computer from the computer itself.
>
> The best summary so-far. Thanks for it!
> -- t
I would never make such a statement. I use it to do a daily scan 3 major
areas of this machine that covers both home, and my web pages content.
And it has found suspicious files in the email corpus tree, files that
somehow got past the incoming email scan that procmail also subjects
that email to. I suspect they were zero-day things aimed at winderz
lusers that got by and were caught later after freshclam had updated the
signature database.
Files that I never attempted to view in the first place by following
common sense rules, like know the sender.
The incoming virii scan quarantines those in a separate file that I may
scan thru with less before I nuke it a few months later, but I have yet
to find a msg from somone I semi-know in that file. Its about 100k in
size ATM so clamd is doing its job.
My biggest complaint? It sends me emails even if it doesn't find
anything. I guess its a reminder assuring me the machine is relatively
clean.
I am also on a 4 machine local network, isolated from all the attack
vectors by an install of DD-WRT in my router. I used to follow the logs
from it, but watching 100k+ login failures a day got boring. Only one
person has come into this system, and because I needed help
troubleshooting, I gave him the username & passwords it took to do that
over the phone. NO ONE else has managed that feat in over a decade of
hiding behind DD-WRT. Obvously it comes highly recommended by me.
I also run my own web pages on this machine, so that needs qualifying in
that all that runs in an isolated sandbox I won't further describe for
obvious reasons.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: