Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a openfiler (linux) domain member server on a win 2003 active directory domain. One of the ways I use this file server is for roaming profiles. The spyware hiding out in these profiles, of course, doesn't harm the file server in any way but sure causes a lot of havoc for the windows user who roams from computer to computer. Some of these users only pop in to their profiles from time to time and don't get a chance to have a local spyware removal. It would be wonderful if I could whack the crapware on the file server. This would also be a good thing for samba domain controllers.
I can't help wondering how many of these threads are generated by people with a vested interest in one or another of the commercial AV/Spyware companies. Not exactly spam, but intended to generate an undercurrent of low level interest in these products by Linux users.
I must be having trouble with the search function today. Please link me "these threads" regarding windows roaming profiles on a samba file server.
(Umm... hint, there aren't any)
For those who genuinely curious I do have a cron job that deletes temp files and runs clamav on the samba fileserver. This works reasonably well. However if spyware doesn't qualify for a clamav virus and is not in one of the various temp files than it doesn't get picked up.
To clarify what I said: the only platform that your definition of "spyware" and "malware" relates to is Windows. What need would there be for GNU/Linux F/OSS to invest precious time in keeping sigs up to date at the rate malware appears? Only commercial AV solutions have an interest in tweaking their engine and sigs for that definition of "spyware" and "malware". Wrt questions: they're welcome at LQ. They're welcome in this forum as long as they are about Linux Security (since that's what this forum is about), else I'll try and help by moving them to the appropriate forum. Since your question isn't really targetted at GNU/Linux but for the benefit of Windows clients I'd like to move this thread to /General.
I had a internet security class this semester and the teacher wanted us all to install and run anti-virus, anti-spyware, anti-everything on our computers. He mentioned that if you didn't have windows then do it with whatever operating system you used.
I was successful in running a majority of these "labs" with linux... but not the anti-spyware/malware lab.
There are many cases where Linux (or Unix in general) is used to host files that are not intended for other Linux systems. You need to think of it at a server level. Several examples would be a mail server that serves Windows clients, this could be a mailing list setup as well. If you ignore the malware in the files (email in this case), clients start complaining "can't something be done about ______ infecting the files?". This happened on the Full Disclosure list, you used to see viruses all the time. People complained, I believe they started to filter them because I no longer see any nor any complaints. FD is likely not hosted on a Windows machine. Likewise, many Linux servers will scan /var/spool/mail, because the mail might leave by POP3 or whatnot, and end up on someone's Win XP. If it's your job or duty to serve reliable, clean and safe email, you may end up running anti-malware and/or anti-virus. Samba is another case, as its shares can be made transparent parts of the Windows filesystem. If /home/users/whoever gets mapped to h:\ on a Windows system, whatever files (and whatever they contain) are going to end up in the Linux filesystem, and thus be there for the next connecting client. The OP's situation is just one more, of many.
As for the scanners themselves, I've not used AVG on Linux, but I know its Windows counterpart catches more than bonafide viruses. F-Prot I do run here (scanning mail that could be heading for various OS's) and it is concerned with more than viruses as well. Here's what it lists
Code:
DOS/Windows: 429555 viruses and 157229 Trojans
Word/Excel: 8733 viruses and Trojans
Java: 11 viruses and 687 Trojans
BAT: 4868 viruses and Trojans
IRC INI: 3145 viruses and Trojans
Script: 29783 viruses and Trojans
INF: 9 viruses and Trojans
Unix shell: 656 viruses and Trojans
Ami: 2 viruses and Trojans
WinBat: 4 viruses and Trojans
PIF: 30 viruses and Trojans
PalmOS: 4 viruses and Trojans
PHP: 132 viruses and Trojans
Unix: 620 viruses and Trojans
In addition, over 15750 viruses are identified using
generic identification, so the total number of viruses
and Trojans known to F-PROT is somewhere over 651200.
Today's environment is no longer all one machine, or all one format. Notice above F-Prot lists things like PHP, Java, and scripts, which run in more than one environment.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.