Re: Antivirus for Debian

To: debian-user@lists.debian.org
Subject: Re: Antivirus for Debian
From: Gene Heskett <gheskett@wdtv.com>
Date: Fri, 21 Aug 2015 09:25:24 -0400
Message-id: <[🔎] 201508210925.24068.gheskett@wdtv.com>
In-reply-to: <[🔎] 20150821125346.GA13576@tuxteam.de>
References: <[🔎] CAMb9PZmocO3KKPOJhAevvouM0Tgfx8ZZc-bUXdgat3Gzv906GQ@mail.gmail.com> <[🔎] 2310533.AcITYzl1yZ@port-fma> <[🔎] 20150821125346.GA13576@tuxteam.de>

On Friday 21 August 2015 08:53:46 tomas@tuxteam.de wrote:

> On Fri, Aug 21, 2015 at 01:55:54PM +0200, Frédéric Marchal wrote:
>
> [...]
>
> > My understanding of ClamAV is that it is not suitable to scan an
> > infected Linux computer from the computer itself.
>
> The best summary so-far. Thanks for it!
> -- t

I would never make such a statement. I use it to do a daily scan 3 major 
areas of this machine that covers both home, and my web pages content. 
And it has found suspicious files in the email corpus tree, files that 
somehow got past the incoming email scan that procmail also subjects 
that email to. I suspect they were zero-day things aimed at winderz 
lusers that got by and were caught later after freshclam had updated the 
signature database.

Files that I never attempted to view in the first place by following 
common sense rules, like know the sender.

The incoming virii scan quarantines those in a separate file that I may 
scan thru with less before I nuke it a few months later, but I have yet 
to find a msg from somone I semi-know in that file.  Its about 100k in 
size ATM so clamd is doing its job.

My biggest complaint?  It sends me emails even if it doesn't find 
anything. I guess its a reminder assuring me the machine is relatively 
clean.

I am also on a 4 machine local network, isolated from all the attack 
vectors by an install of DD-WRT in my router. I used to follow the logs 
from it, but watching 100k+ login failures a day got boring.  Only one 
person has come into this system, and because I needed help 
troubleshooting, I gave him the username & passwords it took to do that 
over the phone. NO ONE else has managed that feat in over a decade of 
hiding behind DD-WRT.  Obvously it comes highly recommended by me.

I also run my own web pages on this machine, so that needs qualifying in 
that all that runs in an isolated sandbox I won't further describe for 
obvious reasons.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: Antivirus for Debian
  - From: Frédéric Marchal <frederic.marchal@wowtechnology.com>

References:
- Antivirus for Debian
  - From: Dwijesh Gajadur <dwijesh1@gmail.com>
- Re: Antivirus for Debian
  - From: Frédéric Marchal <frederic.marchal@wowtechnology.com>
- Re: Antivirus for Debian
  - From: <tomas@tuxteam.de>

Prev by Date: Re: VC keyboard configuration
Next by Date: Re: Antivirus for Debian
Previous by thread: Re: Antivirus for Debian
Next by thread: Re: Antivirus for Debian
Index(es):
- Date
- Thread