Re: Antivirus for Debian
On Friday 21 August 2015 09:25:24 Gene Heskett wrote:
> On Friday 21 August 2015 08:53:46 tomas@tuxteam.de wrote:
> > On Fri, Aug 21, 2015 at 01:55:54PM +0200, Frédéric Marchal wrote:
> >
> > [...]
> >
> > > My understanding of ClamAV is that it is not suitable to scan an
> > > infected Linux computer from the computer itself.
> >
> > The best summary so-far. Thanks for it!
> > -- t
>
> I would never make such a statement. I use it to do a daily scan 3 major
> areas of this machine that covers both home, and my web pages content.
> And it has found suspicious files in the email corpus tree, files that
> somehow got past the incoming email scan that procmail also subjects
> that email to. I suspect they were zero-day things aimed at winderz
> lusers that got by and were caught later after freshclam had updated the
> signature database.
>
> Files that I never attempted to view in the first place by following
> common sense rules, like know the sender.
I wasn't clear enough.
ClamAV cannot fix a Linux box infected by a live virus. A virus tailored for
Linux would make sure it fails. A boot CD is required in that case. So,
running ClamAV on a daily basis to make sure the system is sane is pointless.
In addition, ClamAV cannot protect your computer the way Windows anti-viruses
do when the user execute a program containing a virus.
My mail had a paragraph about cases where ClamAV is useful. Scanning mails for
Windows virii was in the list. But note that it won't do you any good to scan
your Linux inbox for Windows virii unless you have a habit of forwarding
suspicious mails to Windows users (that could be fun though }:-> ).
Frederic
Reply to: