[NTLUG:Discuss] linux antivirus

MadHat madhat at unspecific.com
Thu Jun 19 13:21:13 CDT 2003 

On Thu, 2003-06-19 at 12:59, MontyS at videopost.com wrote:
> Just looking to protect a sendmail server, a few apache servers, and a
> couple of desktops at this point.  Probably a file server in the
> not-to-distant future.  I may be showing my ignorance, (this isn't
> difficult) but I have always been under the impression that linux-based
> antivirus is not a real need.
> 
> I was just reading the rootkit conversation, and Kenneth Loafman's
> chkrootkit suggestion and wondered if it was time to look into a anti-virus
> solution as well.
> 

Virii for Linux are very rare.  They are starting to show up more with
mailers like Evolution and such being used, but nothing like the Windows
world.

Most of the AV software for Linux will check the file for known virii,
but mostly to protect the Windows boxes that may be using the files, or
checking mail from the mail server (as in scanning the attachments and
content of the mail messages).  If you are worried about being hacked,
you should look more into firewalls, patch management, and something
like Tripwire (http://sourceforge.net/projects/tripwire/ - Free Linux
Version) or Aide (http://www.cs.tut.fi/~rammer/aide.html) which are
basically Host based IDSs, and maybe a Network based IDS
(http://www.snort.org/).  Its also good to know your box and its
vulnerabilities by running a scanner against it, like nmap
(http://www.insecure.org/nmap) to see the open ports and nessus
(http://www.nessus.org) to see any vulnerabilities.  Though beware of
false positives with some of these tools *cou*nessus*ough*.

The best thing you can really do is to keep your system patched and up
to date and turn off everything you don't need.  I have found that an AV
scanner for a Linux box is useful if you have a file server or are
scanning mail as it moves through a server, but doesn't help much to
protect the Linux box itself.  

This is just personal experience and opinion.
YMMV

-- 
MadHat at Unspecific.com
`But I don't want to go among mad people,' Alice remarked.
`Oh, you can't help that,' said the Cat: `we're all mad here...'
   -- Lewis Carroll - _Alice's_Adventures_in_Wonderland_

More information about the Discuss mailing list