Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, this is going to be about ClamAV in order to protect desktops.
Recently I bumped into opinions that ClamAV is not effective any more as it was in the past. This guy, thinks its because Cisco took over ClamAV group.
I don't use it or recommend it for "users" IT DOESN'T CLEAN infections.
They get careless if they think there's an "undo" button for Stupid.
Scan / with PUA, it's like a noobie disease.
No antivirus can catch all viruses. Major antivirus software providers agree about 1/3 of badwares is not detected. The whole idea of antivirus as a reliable protection is nonsense. If your OS has thousands of exploitable security holes you should not connect it to the internet.
@Emerson - probably guys from av-test.org would disagree with your measurement about 1/3 "badwares" not detected.
But anyway, question is rather what do u use, not what u dont use
In fact, "anti-virus software" is often a vector because it is very pervasive. (It needs to be able to read and maybe write everything.) All you need to do, then, is to insert your malware into it!)
Anti-virus software is quite useless, even for Windows machines, because computers are not biological organisms. They are machines which execute software programs, according to rules set by the operating system. If you exercise reasonable care, e.g. by not using a login with administrative or "sudo" privileges, then rogue software cannot do anything.
You could get Ebola by walking into the wrong elevator unless your body's immune system pro-actively and successfully fought it off. The same is not true of computers.
I run ClamAV on all of my Linux servers, but I only run it on a couple of my Linux desktops. The major use is to filter traffic passing THROUGH (email, as one example: sftp server another) to provide some protection for the desktops BEHIND the server. ClamAV on Linux is more protection for any attached Windows machines than for the Linux desktops. SELINUX, FireWire (and it's children), even change detection using GIT provide all of the security Linux normally needs without explicit AV.
While I have used MalwareBytes to 'clean' an infected system, I normally do not expect AV to 'UNDO" an infection. I expect to purge and destroy to get the system clean, then restore clean files from the last clean backup. I prefer a total reinstall to daily fighting recurring infections because your AV package missed something.
ClamAV is not as good as it once was, but it is still far better than nothing. Just understand what you are getting, and use the tool for what it does best. Do not expect your software to make Julienne fries unless you play in Robotics (and cooking).
10 years ago this would have caused the linux community's eyes to BULGE.
Still waiting for that.
I no longer download programs from my web browser since apt-get handles effectively everything.
I routinely got viruses during normal(?) usage of windows.
I've yet to get one in linux.
I can't beat rkelsen (4 years myself) but linux hasn't avoided viruses simply because it's a small desktop market, it's because things are done fundamentally more secure then other OS's.
___
Feel free to start downloading random programs from the internet from shady sites while running linux (make sure to make the program executable!) - windows style, I'm sure you'll find a use for ClamAV soon enough.
I have KlamAV which is part of ClamAV I click on scan and click boxes I want to scan. I have found some malware in downloads. I usually just delete these otherwise quarntine them. I have around 14 problems.
I usually scan downloads,mozilla,opera and home folder.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.