Re: Antivirus for Debian
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 21/08/15 12:55, Frédéric Marchal wrote:
> On Friday 21 August 2015 11:28:43 Diogene Laerce wrote:
>> Could anyone here, honest, as we all are I know, guarantee at
>> 100% that the OP won't ever have any virus issue on his Debian
>> system ?
>>
>> No.
>>
>> Should he fear viruses as much as on a Windows system ?
>>
>> Certainly not.
(unless files are shared with a windows machine that has mounts /
access to the linux machine), in which case be very afraid :)
also i've seen corporate av fail to identify where clamd has picked up
the virus.
>>
>> Security relies first on common sense. Is it common sense to rely
>> on the hackers laziness to attack Linux because it would maybe
>> eventually be unattractive ?
>>
>> Certainly not.
>>
>> Does run a AV from time to time on his computer will harm the OP
>> or his machine ?
>>
>> Unless he does it manually with a hammer and a saw.. I don't
>> think so.
>>
>> So should you (the OP) run an AV ?
>>
>> Well.. I guess. IMVHO ;)
>
> My understanding of ClamAV is that it is not suitable to scan an
> infected Linux computer from the computer itself.
the idea is to scan files prior to their execution.
>
> ClamAV is suitable to scan Windows partitions from a Linux boot cd
> or to scan mails relayed by a Linux server or scan Windows files
> hosted on a Samba/ftp/http server but that's about it. It doesn't
> work like Windows AV.
it can be configured to quarantine / delete files it does not like (I
wouldn't recommend deletion unless it's a mail server)
>
> As far as I know there are no software for Linux that work like AV
> on Windows where the virus killer is also responsible for
> preventing a nasty application from starting in the first place
> (please provide links if I'm wrong).
it has the ability to delete the application / file(s), so yes it can
act as a full av, the only part that is missing from the built in
functionality is that there is no live av (scans are manual, however
live scan can be achieved with inotify + clamd)
>
> To protect the integrity of a Linux system, Tripwire, AppArmor or
> SElinux can be used but they don't protect files in $HOME (if the
> user is allowed to edit his/her own files, a rogue app running as
> that user can do it too).
>
> If the system is infected, rkcheck or rootkit hunter are the tools
> to use but then it is already too late for the damaged files.
>
> On the good side, an active runtime protection (like Windows does)
> is not really necessary on Linux as we all install softwares from
> the official repository or compile them from trusted source code
> (we all do that, do we :-) ). It is much less common to install
> games or warez downloaded from the internet.
>
> The main threat left comes from web scripts such as javascript,
> flash or java applets running on visited web sites. Installing an
> addon such a NoScript on Iceweasel may help a lot here. And keeping
> the browser up to date is mandatory!
clamav does also scan javascript, i've seen files it's picked up as
malicious in some scans.
snip:
Aug 17 03:00:03 *HOSTNAME* clamd[9675]:
/srv/nfs4/*path*/js/owl.carousel.min.js: PUA.Script.Packed-2 FOUND
>
> Frederic
>
the main priority of av in linux is to identify malicious files prior
to passing them onto someone with a susceptible machine (who may or
may not have mount points to one or more of your secure machines).
Kind Regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJV1zv1AAoJEB7eq/g9VwLiCVoH+wXidgpXOZMrWqC+55g4CzCI
zmsxy8DZe5x242btmR9NK1X+xaExaw0Z4oz8rG496Jh13whQa+HKOibIWcjIHHjL
KoSKheoIjkxSMXDYWBTFwm0yWatKjYPXYATFMf5a7JjFbY5R60a1zFcdoUH2YR2u
SA5r+6h0VJhssTebfJviw1qREZAEmaCSj26plsGhduv3KM1ksAeyjJp3zIfXwBd4
RtPdpx2dM2rGEhnwk1I++7xG8jBQqUvg9DAr8ADnMeuclZGwQA/+tOU+ELTXTzb3
4z7WUcCsKX7MHq88C5wI2c9UBAbK17kfAzu7W3lpYd27Jsvx175Pa5rdNkFQMD4=
=HsuA
-----END PGP SIGNATURE-----
Reply to: