Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux has several partitioning schemes to isolate system files from the user - UID/GID/ACLs SELinux... and it is rather rigidly enforced.
There CAN be privilege escalation bugs, and/or vulnerable services, but they are rather quickly dealt with, with the result that any virus created for them get flushed out of general use.
Spyware usually requires the system administrator to install them - thus they don't usually work. User mode spyware (attacks on browsers) are possible, but here, they must be installed by the user. Such spyware is usually targeted at a specific browser, and don't work well if at all in multiple. Linux has many browsers, thus it is not that common attemped. Changes in browsers/updates also tend to flush these out as well.
The best current use of an anti-virus application is to scan files for Windows problems. Especially if the Linux server is providing files to Windows clients.
Email issues are usually handled by spam filtering - and that catches most things. Again, there are lots of different mail readers, so attacking one specific one is not all that useful. Regular patching/updates also tend to flush these out as well.
Since Linux doesn't run network based services by default, external attacks are also not seen by basic desktops.
There's no harm in installing an anti-virus package. It's a lower method of defense compared to Windows and Mac, since Linux is less targeted for viruses and has more of a problem with exploits and more.
But if you're using a platform that will go to an end-user, such as a mail server, an anti-virus package becomes very valuable since it enables you to scan the files and messages that will be sent to the end-user, providing another layer of defense.
A server admin always uses as many best practices as they can. Installing apps like av and such are a basic part of security. That and many other admin tasks secure your system.
A server admin always uses as many best practices as they can. Installing apps like av and such are a basic part of security. That and many other admin tasks secure your system.
first sentence is ok. Last sentence ok.
Anti-virus only works where a virus can thrive and the vendor is not responsive to bugs. Your second sentence is true for Windows, but nowhere else.
The only use an anti-virus has on UNIX/Linux is to try to protect the unprotectable - Windows.
You can use something like Maldet to run scans on your system to find anything that can cause issues with your server such as malicious scripts. Malicious scripts can assist in someone gaining access to your server or creating a spam headache. Maldet is free and easy to use. For more information, you can visit the following link:
if its in-scope for PCI you need an AV product. today most products by the big vendors call their crud "anto-malware" and/or license you pieces of their anti-malware "suite", etc.
and for me personally, no scheme, be it partitioning or SElinux or the like is 100%, thus having extra layers is not a bad thing. you do however have to evaluate the cost model (how good is the product vs what it costs and how much effort to support it, etc?)
clamAV is free, but how good is it is a question that is full of metrics and when you squish all of those metrics up you get an appropriate answer for the system in question, etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.