Hi Friends,

I always wonder whether a Linux server need an antivirus protection?

Or you need anti-spyware?

thanks,
Jagdish

Not really.

Linux has several partitioning schemes to isolate system files from the user - UID/GID/ACLs SELinux... and it is rather rigidly enforced.

There CAN be privilege escalation bugs, and/or vulnerable services, but they are rather quickly dealt with, with the result that any virus created for them get flushed out of general use.

Spyware usually requires the system administrator to install them - thus they don't usually work. User mode spyware (attacks on browsers) are possible, but here, they must be installed by the user. Such spyware is usually targeted at a specific browser, and don't work well if at all in multiple. Linux has many browsers, thus it is not that common attemped. Changes in browsers/updates also tend to flush these out as well.

The best current use of an anti-virus application is to scan files for Windows problems. Especially if the Linux server is providing files to Windows clients.

Email issues are usually handled by spam filtering - and that catches most things. Again, there are lots of different mail readers, so attacking one specific one is not all that useful. Regular patching/updates also tend to flush these out as well.

Since Linux doesn't run network based services by default, external attacks are also not seen by basic desktops.

There's no harm in installing an anti-virus package. It's a lower method of defense compared to Windows and Mac, since Linux is less targeted for viruses and has more of a problem with exploits and more.

But if you're using a platform that will go to an end-user, such as a mail server, an anti-virus package becomes very valuable since it enables you to scan the files and messages that will be sent to the end-user, providing another layer of defense.

A server admin always uses as many best practices as they can. Installing apps like av and such are a basic part of security. That and many other admin tasks secure your system.

first sentence is ok. Last sentence ok.

Anti-virus only works where a virus can thrive and the vendor is not responsive to bugs. Your second sentence is true for Windows, but nowhere else.

The only use an anti-virus has on UNIX/Linux is to try to protect the unprotectable - Windows.

Hey,

You can use something like Maldet to run scans on your system to find anything that can cause issues with your server such as malicious scripts. Malicious scripts can assist in someone gaining access to your server or creating a spam headache. Maldet is free and easy to use. For more information, you can visit the following link:

http://www.rfxn.com/projects/linux-malware-detect/

in what context is the Q?

if its in-scope for PCI you need an AV product. today most products by the big vendors call their crud "anto-malware" and/or license you pieces of their anti-malware "suite", etc.

and for me personally, no scheme, be it partitioning or SElinux or the like is 100%, thus having extra layers is not a bad thing. you do however have to evaluate the cost model (how good is the product vs what it costs and how much effort to support it, etc?)

clamAV is free, but how good is it is a question that is full of metrics and when you squish all of those metrics up you get an appropriate answer for the system in question, etc.