I knew that would get some attention.

I have a openfiler (linux) domain member server on a win 2003 active directory domain. One of the ways I use this file server is for roaming profiles. The spyware hiding out in these profiles, of course, doesn't harm the file server in any way but sure causes a lot of havoc for the windows user who roams from computer to computer. Some of these users only pop in to their profiles from time to time and don't get a chance to have a local spyware removal. It would be wonderful if I could whack the crapware on the file server. This would also be a good thing for samba domain controllers.

Anyone know of such a thing?

Your concept of "spyware" and "malware" does not concern GNU/Linux.
You're looking for a commercial AV scanner, not F/OSS.

I can't help wondering how many of these threads are generated by people with a vested interest in one or another of the commercial AV/Spyware companies. Not exactly spam, but intended to generate an undercurrent of low level interest in these products by Linux users.

So what you are saying is that we will see no more questions regarding postfix/clamav, samba/clam, various mta/clam? (almost identical situation)

Or are you saying that there will be no more questions about using FOSS software in a commercial environment?

Or are questions regarding linux/windows mixed environments no longer welcome here?


Just want to be clear...

@rickh

I must be having trouble with the search function today. Please link me "these threads" regarding windows roaming profiles on a samba file server.

(Umm... hint, there aren't any)

For those who genuinely curious I do have a cron job that deletes temp files and runs clamav on the samba fileserver. This works reasonably well. However if spyware doesn't qualify for a clamav virus and is not in one of the various temp files than it doesn't get picked up.


dan

None of the AV removes 100% of malware. Try different AV's (there are lots for Linux too (free but not F/OSS)) to be sure.

Thank you. Clam does seem to do a decent job on viruses. Do other anti-virus scanners do more for spyware? Avg/f-prot for example.

1 members found this post helpful.

To clarify what I said: the only platform that your definition of "spyware" and "malware" relates to is Windows. What need would there be for GNU/Linux F/OSS to invest precious time in keeping sigs up to date at the rate malware appears? Only commercial AV solutions have an interest in tweaking their engine and sigs for that definition of "spyware" and "malware". Wrt questions: they're welcome at LQ. They're welcome in this forum as long as they are about Linux Security (since that's what this forum is about), else I'll try and help by moving them to the appropriate forum. Since your question isn't really targetted at GNU/Linux but for the benefit of Windows clients I'd like to move this thread to /General.

0 members found this post helpful.

I could see why someone might ask this question.

I had a internet security class this semester and the teacher wanted us all to install and run anti-virus, anti-spyware, anti-everything on our computers. He mentioned that if you didn't have windows then do it with whatever operating system you used.

I was successful in running a majority of these "labs" with linux... but not the anti-spyware/malware lab.

There are many cases where Linux (or Unix in general) is used to host files that are not intended for other Linux systems. You need to think of it at a server level. Several examples would be a mail server that serves Windows clients, this could be a mailing list setup as well. If you ignore the malware in the files (email in this case), clients start complaining "can't something be done about ______ infecting the files?". This happened on the Full Disclosure list, you used to see viruses all the time. People complained, I believe they started to filter them because I no longer see any nor any complaints. FD is likely not hosted on a Windows machine. Likewise, many Linux servers will scan /var/spool/mail, because the mail might leave by POP3 or whatnot, and end up on someone's Win XP. If it's your job or duty to serve reliable, clean and safe email, you may end up running anti-malware and/or anti-virus. Samba is another case, as its shares can be made transparent parts of the Windows filesystem. If /home/users/whoever gets mapped to h:\ on a Windows system, whatever files (and whatever they contain) are going to end up in the Linux filesystem, and thus be there for the next connecting client. The OP's situation is just one more, of many.

As for the scanners themselves, I've not used AVG on Linux, but I know its Windows counterpart catches more than bonafide viruses. F-Prot I do run here (scanning mail that could be heading for various OS's) and it is concerned with more than viruses as well. Here's what it lists


Today's environment is no longer all one machine, or all one format. Notice above F-Prot lists things like PHP, Java, and scripts, which run in more than one environment.

1 members found this post helpful.