Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello.
It is true that Linux viruses are few but I like to use an antivirus like "ClamAV" but I guess it has not any real time protection like Windows Antiviruses!!! I guess "ClamAV" on Linux can detect Windows viruses too, Am I wrong?
It is true that Linux viruses are few but I like to use an antivirus like "ClamAV" but I guess it has not any real time protection like Windows Antiviruses!!!
ClamAV can be configured to provide real-time protection, it's quite recent:
Please note: depending on your Linux distribution and the ClamAV package that you are using, this may or may not be available out-of-the-box.
Quote:
Originally Posted by hack3rcon
I guess "ClamAV" on Linux can detect Windows viruses too, Am I wrong?
ClamAV can detect Linux malware (few), Windows malware (many) and also block other suspicious files (mostly if it's used as a filtering system on an email server).
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I tend to run rkhunter, chkrootkit and tiger and these give me (can't recall which one is responsible) a report when processes are listening. To me that's about as good as it gets -- I can't think of any other definition of malware that doesn't do something any used may want to do (which is why permissions exist).
If I see a process I don't know I check it out. A reinstall is not too difficult and data is not affected (nothing outside of / executes automatically).
Not going to suggest I have the best defense but I give it a little thought, sometimes.
I used to run Windows without active AV and never found anything in a scan. I've also gone against my own procedures and let adverts through on a Trusted website" at an old place of work to confirm a hijack.
Ah, yes, NoScript and uBlock and Privacy Badger and https everywhere -- the browser pretty much the only real way into most non-server systems unless you like to run random server processes for fun and open your home firewall to them.
Last edited by 273; 12-06-2016 at 12:45 PM.
Reason: Spell check.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by ardvark71
Hi all...
From what I see from post #2 here, except for OLE2 files down the road, there is no desire or plan to introduce this feature.
Regards...
I think the reason there is no option to clean is that it's dangerous and, largely, useless.
It could be argued that restoring everything running to pre-infection is enough, and it may well be, but even then that could leave the original vulnerability open. To protect either analyse, learn, work or simply reinstall then vulnerability-scan with the appropriate tools.
This whole "Anti-Vir-Pro killed this forever, you are now safe" is marketing rubbish -- you don't close a hole by removing a file, it's marketing nonsense.
This whole "Anti-Vir-Pro killed this forever, you are now safe" is marketing rubbish -- you don't close a hole by removing a file, it's marketing nonsense.
From my own personal experience, depending on the infection, there could be a lot of files removed (unable to be cleaned,) leaving the OS (and possibly other software) like swiss cheese and not any better off. The damage can't be repaired and the system runs no better than when it was infected. At that point, it's just better to reinstall.
Please note: depending on your Linux distribution and the ClamAV package that you are using, this may or may not be available out-of-the-box.
ClamAV can detect Linux malware (few), Windows malware (many) and also block other suspicious files (mostly if it's used as a filtering system on an email server).
Thank you.
According to your URL my result is:
Code:
$ cat /boot/config-3.16.0-4-amd64|grep FANOTIFY
CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
Thank you.
Some products like "F-Port", "Panda", "Bitdefender", "F-Port", "Dr.Web", "ESET NOD32 Antivirus", "Sophos" and... are commercial. I guess "ClamAV" and "Comodo Antivirus for Linux" are free but any experiences? I don't like to install any product that decrease my security.
And it all comes down to the (IMHO) general uselessness of all such tools.
"We just detected something that wanted to kill your prize race horse." Two immediate observations:
The mere fact that a malicious piece of software arrived (and it could have come, say, from an advertisement ...) does not mean that it will be able to do anything at all, particularly not "to the operating system." Furthermore, if you are properly using secure backups, it can't penetrate to reach all copies of anything that it might wish to damage.
There is no computer analog to your body's "immune system," which does constantly have to patrol for micro-organisms which can, indeed, "infect you." Software can do nothing at all unless it is executed, and in an environment that enables it to do what it came to do. It can only "penetrate" your system's defenses if those defenses were "penetrable," as they should of course never be.
The proper procedure is to make damn sure that your prize race horse is secured at all times in a properly locked barn, that no one who happens to be walking by outside has any opportunity to get into ... or, perhaps, even to see from the road. This requires: "configuration management discipline."
This type of software is sold to give you "a warm, fuzzy feeling." To make you feel like you must be doing the right thing as you keep shoveling money to these companies.
Anyone who is "on the outside" and who does not have authorized reason to connect to your system should encounter "a smooth, featureless wall." Although this wall contains a secret door, it is impossible to find, let alone enter.(Yet authorized users pass swiftly and easily through it, on their way to your next line of secure, also digital-certificate-based, defenses.)
Any "rogue software" that comes in a document or somesuch does not execute because, of course, you do not allow your mail-software or your word-processor or so on to execute attached scripts.
You block all web advertisements.
You run secure backup software that is running in the background all the time.
Last edited by sundialsvcs; 12-07-2016 at 09:31 AM.
Thank you.
Some products like "F-Port", "Panda", "Bitdefender", "F-Port", "Dr.Web", "ESET NOD32 Antivirus", "Sophos" and... are commercial. I guess "ClamAV" and "Comodo Antivirus for Linux" are free but any experiences? I don't like to install any product that decrease my security.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.