LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-08-2016, 05:27 AM   #1
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 879

Rep: Reputation: 41
ClamAV effectiveness / Desktop antivir


Hi, this is going to be about ClamAV in order to protect desktops.
Recently I bumped into opinions that ClamAV is not effective any more as it was in the past.
This guy, thinks its because Cisco took over ClamAV group.

av-test.org seems to confirm poor effectiveness too: https://www.av-test.org/en/news/news...t-to-the-test/

and system-rescue-cd.org dropped ClamAV from the software list due to poor effectiveness.

I want to ask you all: what do u think about ClamAV nowadays and what antivir do u use on yours Linux boxes?
 
Old 09-08-2016, 07:36 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
I don't use it or recommend it for "users"
IT DOESN'T CLEAN infections.
They get careless if they think there's an "undo" button for Stupid.
Scan / with PUA, it's like a noobie disease.

W.O.M.B.A.T.
 
Old 09-08-2016, 07:48 AM   #3
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 7,130

Rep: Reputation: Disabled
No antivirus can catch all viruses. Major antivirus software providers agree about 1/3 of badwares is not detected. The whole idea of antivirus as a reliable protection is nonsense. If your OS has thousands of exploitable security holes you should not connect it to the internet.
 
1 members found this post helpful.
Old 09-08-2016, 08:21 AM   #4
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 879

Original Poster
Rep: Reputation: 41
@Emerson - probably guys from av-test.org would disagree with your measurement about 1/3 "badwares" not detected.
But anyway, question is rather what do u use, not what u dont use
 
Old 09-08-2016, 08:37 AM   #5
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 2,829

Rep: Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005
ClamAV effectiveness / Desktop antivir

On a Linux desktop? Nothing. There is no need... Been running Linux desktops without any AV software since 1999. :-)
 
Old 09-08-2016, 11:04 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
In fact, "anti-virus software" is often a vector because it is very pervasive. (It needs to be able to read and maybe write everything.) All you need to do, then, is to insert your malware into it!)

Anti-virus software is quite useless, even for Windows machines, because computers are not biological organisms. They are machines which execute software programs, according to rules set by the operating system. If you exercise reasonable care, e.g. by not using a login with administrative or "sudo" privileges, then rogue software cannot do anything.

You could get Ebola by walking into the wrong elevator unless your body's immune system pro-actively and successfully fought it off. The same is not true of computers.
 
Old 09-12-2016, 04:41 AM   #7
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 879

Original Poster
Rep: Reputation: 41
Ya, but did u guys hear about this?
http://thehackernews.com/2016/09/cro...m-malware.html
 
Old 09-12-2016, 05:11 AM   #8
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,767

Rep: Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578Reputation: 578
You'ld be better served spending your time looking for a clickbait filter for your browser
 
Old 09-12-2016, 05:23 AM   #9
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by czezz View Post
Ya, but did u guys hear about this?
http://thehackernews.com/2016/09/cro...m-malware.html
Currently targeting OSX...
backdoor. Not a virus.
ClamAV probably wouldn't find it.
 
Old 09-12-2016, 06:07 AM   #10
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,699

Rep: Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677
I run ClamAV on all of my Linux servers, but I only run it on a couple of my Linux desktops. The major use is to filter traffic passing THROUGH (email, as one example: sftp server another) to provide some protection for the desktops BEHIND the server. ClamAV on Linux is more protection for any attached Windows machines than for the Linux desktops. SELINUX, FireWire (and it's children), even change detection using GIT provide all of the security Linux normally needs without explicit AV.

While I have used MalwareBytes to 'clean' an infected system, I normally do not expect AV to 'UNDO" an infection. I expect to purge and destroy to get the system clean, then restore clean files from the last clean backup. I prefer a total reinstall to daily fighting recurring infections because your AV package missed something.

ClamAV is not as good as it once was, but it is still far better than nothing. Just understand what you are getting, and use the tool for what it does best. Do not expect your software to make Julienne fries unless you play in Robotics (and cooking).
 
Old 09-13-2016, 12:24 AM   #11
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,939
Blog Entries: 10

Rep: Reputation: 5043Reputation: 5043Reputation: 5043Reputation: 5043Reputation: 5043Reputation: 5043Reputation: 5043Reputation: 5043Reputation: 5043Reputation: 5043Reputation: 5043
clamav or not, this is actually interesting:
https://securelist.com/blog/research...rs-discovered/
i particularly enjoyed:
Quote:
To achieve persistence, it uses this not very stealthy method: it just creates a .desktop-file in $HOME/.config/autostart
i'm safe, since my env doesn't even execute those files

but joking aside, no false sense of security!
10 years ago this would have caused the linux community's eyes to BULGE.
...they're homing in...

edit:
also interesting to notice that this completely relies on linux non-native apps and toolkits: dropbox, firefox, Qt.

Last edited by ondoho; 09-13-2016 at 12:27 AM.
 
Old 09-14-2016, 06:53 PM   #12
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 2,829

Rep: Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005Reputation: 1005
Quote:
Originally Posted by czezz View Post
Ya, but did u guys hear about this?
http://thehackernews.com/2016/09/cro...m-malware.html
Couple of questions for you:

1. How does the executable file get onto your machine?

2. Who sponsored that article?

I'll repeat myself... I've been running Linux on the Desktop without any AV software since 1999 and have never once had an issue.
 
Old 09-14-2016, 08:40 PM   #13
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 633

Rep: Reputation: 316Reputation: 316Reputation: 316Reputation: 316
Quote:
10 years ago this would have caused the linux community's eyes to BULGE.
Still waiting for that.

I no longer download programs from my web browser since apt-get handles effectively everything.
I routinely got viruses during normal(?) usage of windows.
I've yet to get one in linux.

I can't beat rkelsen (4 years myself) but linux hasn't avoided viruses simply because it's a small desktop market, it's because things are done fundamentally more secure then other OS's.

___

Feel free to start downloading random programs from the internet from shady sites while running linux (make sure to make the program executable!) - windows style, I'm sure you'll find a use for ClamAV soon enough.
 
Old 09-14-2016, 10:05 PM   #14
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by descendant_command View Post
You'ld be better served spending your time looking for a clickbait filter for your browser
Amen. There's no signature.dat file for bad habits either.
 
Old 09-19-2016, 06:15 AM   #15
rhandwor
Member
 
Registered: Oct 2005
Posts: 125

Rep: Reputation: 16
I have KlamAV which is part of ClamAV I click on scan and click boxes I want to scan. I have found some malware in downloads. I usually just delete these otherwise quarntine them. I have around 14 problems.
I usually scan downloads,mozilla,opera and home folder.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] effectiveness of spam filtering anctop Linux - Server 2 06-22-2016 06:43 PM
[SOLVED] Lubuntu effectiveness Aivis Linux - Newbie 20 08-31-2015 05:02 AM
clamav vs. antivir saavik Linux - Security 2 01-09-2007 07:21 PM
ClamAV & AntiVir in Kmail AvatarofVirgo Linux - Security 5 02-06-2005 11:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration