hey all
I am wondering what you use, if anything, for your anti-virus software for your linux systems?

Check out - http://www.avast.com/eng/avast-for-l...rkstation.html


Linux Archive

If it is a totally linux system run rkhunter.
And if you windows to use clamav or something like that to prevent viruses
coming with the email infected youŕe windows

A combination of:
clamav, clamassassin, spamassassin, razor, procmail

When I think about it, I run rkhunter and chkrootkit. I've never found anything in the 3 years I've been running Linux, though. For Windows, I run trendmicro's free scanner when I think of it. It's never found anything on my Windows system. Mostly I attribute my "good luck" to staying away from porn sites and using my.yahoo.com to access all my email.

i guess if i had better luck i wouldnt need to check out porn sites :-) marrage is a wonderful thing!

Because my systems get exposed more than average and even where I use virtualization I like a complete layout: SE Linux, Auditd, Samhain, Aide, Tiger, Chkrootkit, Lsat, Rootkit Hunter, Snort, scrubbing proxies and then some. For me AV is for making sure I ship stuff cleanly and for second opinion when determining the state of shipped goods. I don't like SPOF's so I run Bitdefender next to F-Prot and ClamAV. A recent run (all current sigs and engines) of over +3K of Linux goodies (contents from compromised systems, LKM's, trojaned binaries, hiders, flooders, bots) shows:
- Bitdefender leading with 243 hits (7.2%),
- F-Prot in second place with 123 hits (3.6%) but
- ClamAV loses badly with only 63 hits (1.9%).
I'm sure you can make up your own mind about AV companies and what GNU/Linux means to them in terms of money...

Are you running any kind of IDS ?? lol O.o

So if this isnt the case and you're not so paranoic, I would never get woried about using any kind of antivirus (virus on linux?) talking about that, a rootkit isnt a virus so linux is virus free, and when come to rootkits its more supposed to happen on exposed servers then at your local machine and even so this is mostly caused by some dumb configuration or an unupdated system ... are you running anykind of Mail/File server for Windows Boxes, not ? Them why worry about virus?


PS: unSpan btw your configuration seens very interesting for my IDS Im going to configure

because they exist?
Take a look at
http://en.wikipedia.org/wiki/List_of...mputer_viruses


QUOTE
"The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system ... The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS."
/QUOTE

So "Snort" doesn't ring a bell?..


Unlike you I don't deal with those things in terms of "worries" I just make certain my systems remain clean. I don't need to be paranoid, being cautious pays off well enough for me.


Sorry but your reasoning is flawed. There's about ten Linux viruses that I know of. And while nine of them remain in the Proof of Concept state you can easily find the tenth In the Wild. Stuff I (am asked to) look at may be contaminated with whatever and even if it wouldn't be I'd still take precautions. So for me AV serves as just a layer of filtering, an indication, of what may be there.

Got any names?

Worrying about viruses on a Linux desktop is silly. People who will tell you otherwise will often have an agenda to push. I'll believe that there's a self-propagating virus that attacks the Linux desktop in the wild when I see one.

That isn't to say that there aren't Linux server viruses... but then your average home desktop isn't likely to be running a BIND server, is it?

I've been running Linux (of various flavours) on my broadband connected desktop for over 9 years - without any AV software at all, and am yet to see a single virus.

Look up Silvio Cesare and take it from there. Easy enough.


...or are just misinformed.


Now that's daft. Since when does that kind of soft make distinctions ROTFL!


Good for you.

Yes. Take a look at that page. Note that all the articles referenced are very old - 2003 or earlier. Why is this? Because viruses in Linux are not a major consideration, even 5 or 6 years after those article were written, when Linux is much more polished and becoming much more widespread.

Further, follow those links and read those articles. Note that all of those articles talk about how the virus doesn't do anything or can't spread.

Finally, note that most of those articles were picked up and added to the wikipedia article within the last year. This rather strongly suggests that no newer articles exist. Why not? Perhaps because viruses are not a significant consideration in Linux?

Yes. Note this quote. One quote. By one person. Working for a company that does what? Produce anti-virus software.

Do the math.

While following wikipedia links from this thread, I found and read this paper, which is really quite interesting.

Linux will display a certain amount of vulnerability to this technique, at least if the payload is - say - java to a system that has java installed (and that will be most of us).

However, it is easily blocked. By default, disable all scripting and only enable scripting on a per-site basis - and then, only if you HAVE to have it. I personally run privoxy which automatically blocks IFrames from getting through, and I also run script defender on Firefox, which won't run scripts without my permission. I routinely refuse that permission unless not running the script keeps the site from working AND I decide I need to view the site.

Just be smart, and recognize that the web is a dangerous place, then you'll be fine.

I'm not going to bother doing that. Either name the viruses, or they don't exist. Simple really.
So you're telling me servers aren't easier for viruses to attack/exploit? Well, I personally wasn't running any AV software when Linux.L10n worm was running rampant. Of course, it exploited a vulnerability in BIND DNS server, so...