LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 10-12-2006, 02:38 PM   #1
Cambren
LQ Newbie
 
Registered: Oct 2006
Posts: 8

Rep: Reputation: 0
Question Antivirus Software for RHEL4


Any suggestions out there for a good anti-virus solution for RHEL4? I've seen CLAM, but am not convinced it is the answer.
 
Old 10-12-2006, 03:13 PM   #2
rjwilmsi
Member
 
Registered: Mar 2005
Location: UK
Distribution: opensuse 12.2 x86_64
Posts: 563

Rep: Reputation: 38
AVG do a free Linux version. www.grisoft.com
 
Old 10-12-2006, 03:18 PM   #3
Gato Azul
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: CentOS, Ubuntu
Posts: 128

Rep: Reputation: 16
Question

Since you're using RHEL, I'll assume that you're wanting A/V solutions for a server environment. In that case, it really depends on what purpose you're intending to use the antivirus software for -- email server, file server, etc.

There are plenty of alternative antivirus solutions out there, but you'll have to pay for most of them (and especially for servers they're not cheap). May I ask though why you don't think Clam will fit your needs? I've used Clam on my servers for scanning Samba shares and incoming/outgoing email for the past 3 years now and it's always performed wonderfully. Not that I'm doubting you at all, I'm just curious what makes you leery of it...

Once we know that information, we can help you make an informed decision!
 
Old 10-13-2006, 07:15 AM   #4
Cambren
LQ Newbie
 
Registered: Oct 2006
Posts: 8

Original Poster
Rep: Reputation: 0
They're using it as a web server (Apache) and for mail (Sendmail). They also have MySQL loaded. I wasn't knocking Clam. I just said I wasn't convinced

I need to hear your experiences with Clam!!

Last edited by Cambren; 10-13-2006 at 07:16 AM.
 
Old 10-13-2006, 09:10 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
I wasn't knocking Clam. I just said I wasn't convinced
Convinced about what?


I need to hear your experiences with Clam!
I ran some AV tests (granted, time ago) against my mixed collection of *NIX and W32 goodies and IIRC at the top of my list where Uvscan (the old McAffee *NIX engine), NOD32 and RAV (gone, sadly) while F-prot, AVG (freeware version) and ClamAV underperformed constantly measured by hitrate. I don't have my regular test set at hand but here's a quick report of running NOD32 and ClamAV on another stash containing all sorts of Rootkits, LKM's, flooders and other w32 goodies. Quality of detection engine and databases is what matters, IMHO:
Files scanned: NOD32: 11000, ClamAV: 9280.
"Threats / "Infected files" found: NOD32: 421, ClamAV: 150.


Edit: if you decide to go for commercial AV then by paying them you acknowledge the AV market is a monopoly and you condone it to exist as such. Apart from true value like the quality of the detection engine you're basically paying ransom because they hold the data (signatures) hostage. If you don't play by their rules you get zilch. That's the reason ClamAV is what it is today, I think.

Last edited by unSpawn; 10-13-2006 at 09:25 AM.
 
Old 10-13-2006, 12:30 PM   #6
Cambren
LQ Newbie
 
Registered: Oct 2006
Posts: 8

Original Poster
Rep: Reputation: 0
O_O

Wow, unSpawn.
 
Old 10-14-2006, 04:37 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Just in case I'll add BitDefender and F-prot as well:
Files scanned: BDC: 12113, F-prot: 9375.
Infected+suspected found: BDC: 537, F-prot: 366.

Product and engine versions (all db's updated before scan) and CLI args used:
NOD32 (commercial, 1.1800/20061012 NT): (all detection options on)
ClamAV (0.88.4/2025): "--infected --recursive --detect-broken --block-encrypted --max-recursion=100 --max-dir-recursion=100"
BDC (console v7.1 build 2559): "--arc --mail --alev=100 --flev=100"
F-prot (4.6.6/3.16.14): "-ai -archive=100 -dumb -packed"

Some arbitrarily picked results:
sauber (LRK logcleaner): BDC: YES, ClamAV: YES, F-prot: YES, NOD32: YES.
modhide.o (Knark): BDC: YES, ClamAV: NO, F-prot: NO, NOD32: YES.
raptor_prctl (kernel 2.6 local root exploit): BDC: NO, ClamAV: NO, F-prot: NO, NOD32: NO.
du (FreeBSD rootkit) BDC: YES, ClamAV: NO, F-prot: YES, NOD32: YES.
Nestea (prev millennium flooder): BDC: YES, ClamAV: NO, F-prot: YES, NOD32: YES.

First of all these results should not be mistaken as a qualitative measurement of the products engine and sig db's. Apparently anyone can detect well known logcleaners and flooders, which is expected. Failing to detect a well known, old Linux LKM is not good, since these products (apart from my NOD32) are specifically meant for GNU/Linux and Knark is still used. The raptor kernel exploit isn't detected at all. What do you think? Wouldn't you like to know when there's a local root exploit found in your accessable temp dir?..
 
Old 10-16-2006, 08:03 AM   #8
Cambren
LQ Newbie
 
Registered: Oct 2006
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn
Some arbitrarily picked results:
sauber (LRK logcleaner): BDC: YES, ClamAV: YES, F-prot: YES, NOD32: YES.
modhide.o (Knark): BDC: YES, ClamAV: NO, F-prot: NO, NOD32: YES.
raptor_prctl (kernel 2.6 local root exploit): BDC: NO, ClamAV: NO, F-prot: NO, NOD32: NO.
du (FreeBSD rootkit) BDC: YES, ClamAV: NO, F-prot: YES, NOD32: YES.
Nestea (prev millennium flooder): BDC: YES, ClamAV: NO, F-prot: YES, NOD32: YES.

What do you think? Wouldn't you like to know when there's a local root exploit found in your accessable temp dir?..
Absolutely and it looks like they all fail on that front...hmmmm. Still and all NOD32 is looking like a good candidate.
 
  


Reply

Tags
antivirus, avg, rhel4


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
is there any antivirus software ....? zameer_india Linux - Newbie 10 01-03-2005 04:56 AM
Antivirus Software Help Me Please!!! snapper64 Linux - Software 9 12-27-2004 08:04 PM
Antivirus Software ozlinux Linux - Software 8 10-24-2004 05:54 AM
any software for antivirus??? yenonn Linux - Software 4 08-02-2004 12:28 AM
antivirus software cdl00 Linux - Security 3 05-20-2004 03:26 PM


All times are GMT -5. The time now is 08:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration