LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-14-2006, 10:38 PM   #1
wincrk
Member
 
Registered: Feb 2003
Distribution: Redhat 9.0
Posts: 104

Rep: Reputation: 15
Antivirus for linux


i've used linux as file server at my office, i'm not good in linux but i have no option since it was an order. now my concern is that there seem to be some virus detected in this server from windows client. is there a possibilities that the virus will infect the server as well?
is it really necessary for me to install one antivirus in the server? if yes, then what would be the ideal one?
 
Old 05-14-2006, 10:44 PM   #2
Jerre Cope
Member
 
Registered: Oct 2003
Location: Texas (central)
Distribution: ubuntu,Slackware,knoppix
Posts: 323

Rep: Reputation: 37
If client has write access to the samba share, then it should be able to clean the virus itself.

If you want a linux daemon to monitor for virus' on the samba server, look at grisoft.com
 
Old 05-14-2006, 10:55 PM   #3
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Quote:
my concern is that there seem to be some virus detected in this server from windows client.
Now this is important - we need to know which virus this is. Sometimes windows detects linux (or some linux utilities) as a virus

It is unlikely that a windows client machine can properly scan linux filesystems for viruses - so it may just be telling you that it dosn't recognise anything there and suspects some virus has been corrupting the file systems it assumes to be windows types.

However: it is also possible for windows files to be cached on the server (or otherwise stored there for some reason). In this case it is entirely possible for infected files to be present there.

Quote:
is there a possibilities that the virus will infect the server as well?
You should be aware that linux is not affected by win32 viruses - at all. Even if it could be, someone would actually have to manually change permissions on the file to make it executable and then actually execute the file. So it is difficult even for linux viruses to infect linux machines.

However - there is a trend towards quite smart people writing viruses - and it really depends on which virus we are talking about.

[quote]is it really necessary for me to install one antivirus in the server?[quote]Nope. If all the windows hosts have good AV scanners, then those should be fine. However, if you want to provide an extra layer of protection, it cannot hurt.

Quote:
then what would be the ideal one?
ClamAV is a free virus scanner for linux - which many of us use to help protect windows users. A commercial one is f-prot ... which has linux and windows versions.

There are other commercial and free AV suites around. There are no "ideal" solutions.

However: you should be aware that RH9 is legacy and unsupported - there are probably unpatched security holes too ... unless it has been carefully updated. You may also have trouble running the latest software on this machine. OTOH: RH9 has a very good rep for security and stability, especially for servers. Presumably there is a reason you don't want RHEL?

Last edited by Simon Bridge; 05-14-2006 at 10:58 PM.
 
Old 05-14-2006, 11:12 PM   #4
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
An example of a linux virus:
http://www.symantec.com/avcenter/ven...pper.worm.html

Note: this affects Apache servers running on an intel machine where the sh shell is also installed and it listenes to port 443 for SSL (and, presumably, insecure login to ssh has been enabled).

Amusingly, it is an open source virus: it sends you its source code!

Symantecs instructions are kinda interesting:
Quote:
Run a full system scan using the ICAP Savcls.exe scanner that is included with Symantec Scan Engine 4.06 or later, and delete any files detected as Linux.Slapper.Worm.
Does savcls.exe run under linux now? Or do they suggest using a windows machine on the network to run security scans on linux? (Anyone know?)
 
Old 05-14-2006, 11:23 PM   #5
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
An example of a (recent) cross-platform virus: capable of infecting both windows and linux:
http://securityresponse.symantec.com...ux.simile.html

This dosn't seem to actually do any damage apart from announce itself. Symantec don't say what the actual infectin path is in this case ... it looks like the usualy: change permissions and execute method is needed. It's behavior depends on the host system, so it dosn't look like damage is possible over a network (i.e. from the virus executing on a windows host).

You may be getting the impression here that linux users view windows machines as vulnerable and dangerous...
 
Old 06-05-2006, 05:34 AM   #6
LzW-x
Member
 
Registered: Jun 2006
Distribution: SuSe
Posts: 66

Rep: Reputation: 15
I also have antivirus questions but being a newbie here, I read the post guidlines and searched for existing antivirus topics... My question is not exactly the same but fits the topic.

Is it advisable to have antivirus on a desktop linux?

I'm using suse 10 and plan to be downloading plenty of games to play on it aswell as various utilities so new stuff will be added constantly!

Which linux antirus is most suitable for SuSe in a Gnome enviroment with a GUI?

I'm not real good with linux command line programs yet... I'm still figuring out stuff like ./configure
 
Old 06-05-2006, 05:48 AM   #7
LzW-x
Member
 
Registered: Jun 2006
Distribution: SuSe
Posts: 66

Rep: Reputation: 15
Maybe I should install KDE?

Then I could get ClamAV and KlamAV, the ClamAV GUI frontend for KDE!

err, sorry for posting a question and then attempting to answer it myself!
 
Old 06-05-2006, 06:27 AM   #8
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
ClamAV is fine for gnome.
I have used Fisk software F-Prot to good effect also.
You could see if symantec have a product for linux - I havn't found one, though they issue linux security alerts.

Basically, you only need AV to protect windows users. If you are not doing anything with windows files, you needen't bother.

Basically, I have been using linux for the best part of a decade now, and I have experienced only two viruses under linux (both worms, both windows only) which were caught by FProt each time.

Under windows I'd encounter dozens a month. Though almost all were very low risk ... I never saw such scurges as mydoom because I'd switched 100% to linux by then.

Your main trouble with malware will be from downloading auto-installing software from shady sources.

Whenever possible, use only rpms from reputable sources (preferably SUSE approved). There are many.

When it is some one-man-band developer, you should probably google the product before installing.

Otherwise build from source.
 
Old 06-05-2006, 07:18 AM   #9
Michael_aust
Member
 
Registered: Aug 2005
Location: Lancashire (United Kingdom)
Distribution: Debian Etch, on 686 machine.
Posts: 509

Rep: Reputation: 31
if you plan on games just to be safe read the reviews for the game on www.happypenguin.org, if there was the chance it has something hiddne in there nasty, then someone before you will more then likely have noticed it.
 
Old 06-05-2006, 07:38 AM   #10
ethics
Senior Member
 
Registered: Apr 2005
Location: London
Distribution: Arch - Latest
Posts: 1,522

Rep: Reputation: 45
Symantec has no good products... it buys up other good ones then runs them into the ground.

Clamav is an excellent scanner (currently playing around with it) it has all sorts of extra bits you can configure in such as on access scanning and mail filters etc.

As mentioned, klamav is the KDE frontend

http://www.clamav.net/

The docs are quite good, covers instalation etc, you should be able to get it from your distros repo (not sure RH9 has any left,) but look at the docs, if you need any special features you're better off compiling it with them in.
 
Old 06-05-2006, 08:45 AM   #11
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 1,960

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Quote:
Originally Posted by LzW-x
Is it advisable to have antivirus on a desktop linux?
There are two schools of thought on this:

1. Yes

2. No

lol

Seriously though, I can honestly say that I've been running Linux with no protection (except for the fact that my computer is behind a firewall) for almost 7 years. In all that time I've not seen a Linux virus.

If it'll make you feel safer, there are a few AV programs for Linux. Personally, I reckon that they're a waste of money. Linux is a stone in the shoe of the AV companies. Try as they might, they simply cannot come up with a self-propagating Linux virus. All their efforts to date amount to "download this file and run it with root privileges." Pffft.

Now that Microsoft is going to cut off their air supply when Vista is released, they'll be working even harder on the Linux 'problem' in order to try and maintain at least one corner of the market. I wonder how far they'll get.
Quote:
Originally Posted by LzW-x
I'm using suse 10 and plan to be downloading plenty of games to play on it aswell as various utilities so new stuff will be added constantly!
This is the exact same environment my PC is in. I mess around a lot on the internet and download heaps of stuff. As I said earlier, I've yet to see a Linux virus.
 
Old 06-05-2006, 10:14 AM   #12
brainiac
Member
 
Registered: Jan 2005
Location: middle of a cornfield, IL
Distribution: Kanotix HD Install, Debian Testing, XP Pro,Vista RC1
Posts: 145

Rep: Reputation: 15
I have messed with Linux antivirus some as I use a "Linux" box at home for all my internet uses. I like to prescan downloads before I transfer them to one of my daughters game machines or to a work machine. Why dump an infected file to a Windows box and then let it fend for itself. If I scan it first I feel a little better about turning it loose on a machine where it could possibly do some harm. If it is a bad file it is downloaded, checked, and then deleted on a machine that it can't run on or do any harm. My 2 cents.
 
Old 06-05-2006, 05:05 PM   #13
LzW-x
Member
 
Registered: Jun 2006
Distribution: SuSe
Posts: 66

Rep: Reputation: 15
Thanks for everyone the help! Your replies have alleviated my fears...
 
Old 07-24-2006, 11:14 AM   #14
bxb32001
Member
 
Registered: May 2001
Location: Beijing
Distribution: Fedora, Knoppix
Posts: 204

Rep: Reputation: 30
Quote:
Originally Posted by rkelsen
There are two schools of thought on this:

1. Yes

2. No

lol

Seriously though, I can honestly say that I've been running Linux with no protection (except for the fact that my computer is behind a firewall) for almost 7 years. In all that time I've not seen a Linux virus.

If it'll make you feel safer, there are a few AV programs for Linux. Personally, I reckon that they're a waste of money. Linux is a stone in the shoe of the AV companies. Try as they might, they simply cannot come up with a self-propagating Linux virus. All their efforts to date amount to "download this file and run it with root privileges." Pffft.

Now that Microsoft is going to cut off their air supply when Vista is released, they'll be working even harder on the Linux 'problem' in order to try and maintain at least one corner of the market. I wonder how far they'll get.

This is the exact same environment my PC is in. I mess around a lot on the internet and download heaps of stuff. As I said earlier, I've yet to see a Linux virus.
This seems to be the common trend in thinking among *nix users. Let me ask, how about other computer users you interact with? I mean, the infected file may not affect you but what about files that you recieve and pass on to other people. Say you recieved a file that, while infected, did diddly squat and you didn't even notice. How can you be sure that your siblings, parents, co-workers, or friends will not get an infected file if you passed it on to them?
 
Old 07-24-2006, 12:23 PM   #15
ethics
Senior Member
 
Registered: Apr 2005
Location: London
Distribution: Arch - Latest
Posts: 1,522

Rep: Reputation: 45
Quote:
Originally Posted by bxb32001
This seems to be the common trend in thinking among *nix users. Let me ask, how about other computer users you interact with? I mean, the infected file may not affect you but what about files that you recieve and pass on to other people. Say you recieved a file that, while infected, did diddly squat and you didn't even notice. How can you be sure that your siblings, parents, co-workers, or friends will not get an infected file if you passed it on to them?
Yeah, when you pass on that pwnzj00comp_winME.exe.scr to your grandma, think twice.

Seriously though, i do agree, in such a digital age people need to be more responsible with data. I mention using PGP etc at work and people look at me like i've got the plague. I gather that some ISPs do scan files these days, which i suppose saves the user the hassle but then what do they do with this information?.

I always make a point of using trusted sources and checking any files i send
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Antivirus survey: Do you run an antivirus program on linux? atom Linux - General 29 09-03-2009 04:22 PM
Antivirus for Lunix similar Norton Antivirus for Windows Chivozertsev Linux - Software 1 03-31-2005 08:56 AM
What's the #1 AntiVirus for Linux? WarlockofVirgo Linux - Security 9 11-06-2004 01:46 PM
Linux Antivirus rudy152 Linux - Software 9 08-03-2004 09:48 PM
antivirus for linux yenonn Linux - Newbie 6 03-11-2003 09:16 AM


All times are GMT -5. The time now is 02:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration