i've used linux as file server at my office, i'm not good in linux but i have no option since it was an order. now my concern is that there seem to be some virus detected in this server from windows client. is there a possibilities that the virus will infect the server as well?
is it really necessary for me to install one antivirus in the server? if yes, then what would be the ideal one?

If client has write access to the samba share, then it should be able to clean the virus itself.

If you want a linux daemon to monitor for virus' on the samba server, look at grisoft.com

Now this is important - we need to know which virus this is. Sometimes windows detects linux (or some linux utilities) as a virus

It is unlikely that a windows client machine can properly scan linux filesystems for viruses - so it may just be telling you that it dosn't recognise anything there and suspects some virus has been corrupting the file systems it assumes to be windows types.

However: it is also possible for windows files to be cached on the server (or otherwise stored there for some reason). In this case it is entirely possible for infected files to be present there.

You should be aware that linux is not affected by win32 viruses - at all. Even if it could be, someone would actually have to manually change permissions on the file to make it executable and then actually execute the file. So it is difficult even for linux viruses to infect linux machines.

However - there is a trend towards quite smart people writing viruses - and it really depends on which virus we are talking about.

[quote]is it really necessary for me to install one antivirus in the server?[quote]Nope. If all the windows hosts have good AV scanners, then those should be fine. However, if you want to provide an extra layer of protection, it cannot hurt.

ClamAV is a free virus scanner for linux - which many of us use to help protect windows users. A commercial one is f-prot ... which has linux and windows versions.

There are other commercial and free AV suites around. There are no "ideal" solutions.

However: you should be aware that RH9 is legacy and unsupported - there are probably unpatched security holes too ... unless it has been carefully updated. You may also have trouble running the latest software on this machine. OTOH: RH9 has a very good rep for security and stability, especially for servers. Presumably there is a reason you don't want RHEL?

An example of a linux virus:
http://www.symantec.com/avcenter/ven...pper.worm.html

Note: this affects Apache servers running on an intel machine where the sh shell is also installed and it listenes to port 443 for SSL (and, presumably, insecure login to ssh has been enabled).

Amusingly, it is an open source virus: it sends you its source code!

Symantecs instructions are kinda interesting:Does savcls.exe run under linux now? Or do they suggest using a windows machine on the network to run security scans on linux? (Anyone know?)

An example of a (recent) cross-platform virus: capable of infecting both windows and linux:
http://securityresponse.symantec.com...ux.simile.html

This dosn't seem to actually do any damage apart from announce itself. Symantec don't say what the actual infectin path is in this case ... it looks like the usualy: change permissions and execute method is needed. It's behavior depends on the host system, so it dosn't look like damage is possible over a network (i.e. from the virus executing on a windows host).

You may be getting the impression here that linux users view windows machines as vulnerable and dangerous...

I also have antivirus questions but being a newbie here, I read the post guidlines and searched for existing antivirus topics... My question is not exactly the same but fits the topic.

Is it advisable to have antivirus on a desktop linux?

I'm using suse 10 and plan to be downloading plenty of games to play on it aswell as various utilities so new stuff will be added constantly!

Which linux antirus is most suitable for SuSe in a Gnome enviroment with a GUI?

I'm not real good with linux command line programs yet... I'm still figuring out stuff like ./configure

Maybe I should install KDE?

Then I could get ClamAV and KlamAV, the ClamAV GUI frontend for KDE!

err, sorry for posting a question and then attempting to answer it myself!

ClamAV is fine for gnome.
I have used Fisk software F-Prot to good effect also.
You could see if symantec have a product for linux - I havn't found one, though they issue linux security alerts.

Basically, you only need AV to protect windows users. If you are not doing anything with windows files, you needen't bother.

Basically, I have been using linux for the best part of a decade now, and I have experienced only two viruses under linux (both worms, both windows only) which were caught by FProt each time.

Under windows I'd encounter dozens a month. Though almost all were very low risk ... I never saw such scurges as mydoom because I'd switched 100% to linux by then.

Your main trouble with malware will be from downloading auto-installing software from shady sources.

Whenever possible, use only rpms from reputable sources (preferably SUSE approved). There are many.

When it is some one-man-band developer, you should probably google the product before installing.

Otherwise build from source.

if you plan on games just to be safe read the reviews for the game on www.happypenguin.org, if there was the chance it has something hiddne in there nasty, then someone before you will more then likely have noticed it.

Symantec has no good products... it buys up other good ones then runs them into the ground.

Clamav is an excellent scanner (currently playing around with it) it has all sorts of extra bits you can configure in such as on access scanning and mail filters etc.

As mentioned, klamav is the KDE frontend

http://www.clamav.net/

The docs are quite good, covers instalation etc, you should be able to get it from your distros repo (not sure RH9 has any left,) but look at the docs, if you need any special features you're better off compiling it with them in.

There are two schools of thought on this:

1. Yes

2. No

lol

Seriously though, I can honestly say that I've been running Linux with no protection (except for the fact that my computer is behind a firewall) for almost 7 years. In all that time I've not seen a Linux virus.

If it'll make you feel safer, there are a few AV programs for Linux. Personally, I reckon that they're a waste of money. Linux is a stone in the shoe of the AV companies. Try as they might, they simply cannot come up with a self-propagating Linux virus. All their efforts to date amount to "download this file and run it with root privileges." Pffft.

Now that Microsoft is going to cut off their air supply when Vista is released, they'll be working even harder on the Linux 'problem' in order to try and maintain at least one corner of the market. I wonder how far they'll get.
This is the exact same environment my PC is in. I mess around a lot on the internet and download heaps of stuff. As I said earlier, I've yet to see a Linux virus.

I have messed with Linux antivirus some as I use a "Linux" box at home for all my internet uses. I like to prescan downloads before I transfer them to one of my daughters game machines or to a work machine. Why dump an infected file to a Windows box and then let it fend for itself. If I scan it first I feel a little better about turning it loose on a machine where it could possibly do some harm. If it is a bad file it is downloaded, checked, and then deleted on a machine that it can't run on or do any harm. My 2 cents.

Thanks for everyone the help! Your replies have alleviated my fears...

This seems to be the common trend in thinking among *nix users. Let me ask, how about other computer users you interact with? I mean, the infected file may not affect you but what about files that you recieve and pass on to other people. Say you recieved a file that, while infected, did diddly squat and you didn't even notice. How can you be sure that your siblings, parents, co-workers, or friends will not get an infected file if you passed it on to them?

Yeah, when you pass on that pwnzj00comp_winME.exe.scr to your grandma, think twice.

Seriously though, i do agree, in such a digital age people need to be more responsible with data. I mention using PGP etc at work and people look at me like i've got the plague. I gather that some ISPs do scan files these days, which i suppose saves the user the hassle but then what do they do with this information?.

I always make a point of using trusted sources and checking any files i send