Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Since you're using RHEL, I'll assume that you're wanting A/V solutions for a server environment. In that case, it really depends on what purpose you're intending to use the antivirus software for -- email server, file server, etc.
There are plenty of alternative antivirus solutions out there, but you'll have to pay for most of them (and especially for servers they're not cheap). May I ask though why you don't think Clam will fit your needs? I've used Clam on my servers for scanning Samba shares and incoming/outgoing email for the past 3 years now and it's always performed wonderfully. Not that I'm doubting you at all, I'm just curious what makes you leery of it...
Once we know that information, we can help you make an informed decision!
I wasn't knocking Clam. I just said I wasn't convinced
Convinced about what?
I need to hear your experiences with Clam!
I ran some AV tests (granted, time ago) against my mixed collection of *NIX and W32 goodies and IIRC at the top of my list where Uvscan (the old McAffee *NIX engine), NOD32 and RAV (gone, sadly) while F-prot, AVG (freeware version) and ClamAV underperformed constantly measured by hitrate. I don't have my regular test set at hand but here's a quick report of running NOD32 and ClamAV on another stash containing all sorts of Rootkits, LKM's, flooders and other w32 goodies. Quality of detection engine and databases is what matters, IMHO:
Files scanned: NOD32: 11000, ClamAV: 9280.
"Threats / "Infected files" found: NOD32: 421, ClamAV: 150.
Edit: if you decide to go for commercial AV then by paying them you acknowledge the AV market is a monopoly and you condone it to exist as such. Apart from true value like the quality of the detection engine you're basically paying ransom because they hold the data (signatures) hostage. If you don't play by their rules you get zilch. That's the reason ClamAV is what it is today, I think.
Some arbitrarily picked results:
sauber (LRK logcleaner): BDC: YES, ClamAV: YES, F-prot: YES, NOD32: YES.
modhide.o (Knark): BDC: YES, ClamAV: NO, F-prot: NO, NOD32: YES.
raptor_prctl (kernel 2.6 local root exploit): BDC: NO, ClamAV: NO, F-prot: NO, NOD32: NO.
du (FreeBSD rootkit) BDC: YES, ClamAV: NO, F-prot: YES, NOD32: YES.
Nestea (prev millennium flooder): BDC: YES, ClamAV: NO, F-prot: YES, NOD32: YES.
First of all these results should not be mistaken as a qualitative measurement of the products engine and sig db's. Apparently anyone can detect well known logcleaners and flooders, which is expected. Failing to detect a well known, old Linux LKM is not good, since these products (apart from my NOD32) are specifically meant for GNU/Linux and Knark is still used. The raptor kernel exploit isn't detected at all. What do you think? Wouldn't you like to know when there's a local root exploit found in your accessable temp dir?..