LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-27-2002, 08:21 PM   #1
MandrakeNewbie
LQ Newbie
 
Registered: Nov 2002
Posts: 12

Rep: Reputation: 0
Free Virus Protection


HI...
Is there any "free" antivirus software for Mandrake or Linux? If so, can someone let me know where I can get it?
Thanks. javascript:smilie('')
 
Old 11-27-2002, 08:24 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
linux has a neglible amount of virus, protection is very seldom needed. this ain't windows....
 
Old 11-27-2002, 08:33 PM   #3
MandrakeNewbie
LQ Newbie
 
Registered: Nov 2002
Posts: 12

Original Poster
Rep: Reputation: 0
I would respectfully like to say that "negligible" is in the eye of the beholder. In this case, I am the beholder.
Thanks anyway.
 
Old 11-27-2002, 08:57 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
i mean that it is negligible to the point that the software does not exist as it is simply not an issue.
 
Old 11-28-2002, 05:19 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Linux country is divided on the AV SW topic. Moderate factions saying Linux is invulnerable to virus attacks so it ain't no use having any, and the separatistas, those that have to live with (having to provide connectivity for) vulnerable or shoddy networked OSes, the paranoid and those knowing history will repeat itself.

Moderate factions long time ago have dug in stating privilege separation, absence of In The Wild viruses and discrepancies in handling between Linux/UNIX distibutions will cause any Linux virus outbreak to fail.

Separatista snipers try to take out moderate faction strongholds with classic pincer movements saying they should widen their POV looking at other incursions like the past trojan, rootkit and worm campaigns, risk due to increasing popularity of the platform as a whole, the fact Linux often provides services for vulnerable platforms and source poisoning as well.

Intelligence reports uncovered hostile incursions into moderate factions' territory have successfully been supported by vendors like Central Command, Sophos, Mcafee, Kaspersky, H+BEDV, Trend Micro, Frisk, RAV and Clam with help from at least Amavis, Spam Assassin, Renattach, Ripmime, Milter and Inflex.

As mercenary on the separatista side I agree we should not look at the past but to the future and always expect the unexpected. It's not just a scanner you need because you will not want your view to be narrowed to only look for viruses.
- Use (demand) source verification tru GPG or minimally md5sums (Sendmail/Tcpdump/OpenSSH),
- Watch system integrity (Aide, Samhain, Tripwire or any package mgr that can do verification: save those databases off-site),
- Harden your systems by not installing not needed SW, denying access where not needed and using tools like Bastille-linux, tips from Astaro, deny LD_PRELOAD's etc etc,
- Add intrusion detection like Snort (no comments needed I hope),
- Patch kernel to protect looking at/writing to crucial /proc and /dev entries and/or use ACL's (see Silvio Cesare's site, Grsecurity, LIDS)
- Watch general/distro security bulletins and don't delay taking action (Slapper, Li0n etc),
- Keep an eye on outgoing traffic (mail, irc, fw),
*If you're still not satisfied you've covered it all you could arm yourself with knowledge on forensics stuff like disassembly and honeypots.

If you want SW, Google the net for Central Command, Sophos, Mcafee, Kaspersky, H+BEDV, Trend Micro, Frisk, RAV, Clam, Amavis, Spam Assassin, Renattach, Ripmime, Milter or Inflex.
- Linux AV SW ain't free. //moderator note: please don't refer to SW as "free" (that is, between quotes). IMNSHO this means you're asking for warez, pirated software, rips or whatever you call it.
- AV SW is as good as it's signatures/heuristics. Some vendors don't update their Linux sig db's very well, or field SW with lacking capabilities. I've tested some (admittedly a long time ago) on my virus/trojan/LRK/malware libs. Bad (IMHO): Frisk's F-Prot (sigs), Clam (sigs), H+BEDV (libc version). Good (IMNSHO): Mcafee's uvscan (best) and RAV (2nd). Please do test yourself to form an opinion based on facts.
- AFAIK only RAV has a version free for personal use.
- AFAIK only KAV (Kaspersky) has a realtime scanner daemon. I'm in limbo about it's compatibility with recent kernels tho.

Other links to check out:
LAVP/Mini-FAQ Linux/Unix AV SW,
NIST (list of AV vendors),
Clam.

HTH

Last edited by unSpawn; 11-28-2002 at 05:21 AM.
 
Old 11-28-2002, 05:40 AM   #6
crashmeister
Senior Member
 
Registered: Feb 2002
Distribution: t2 - trying to anyway
Posts: 2,541

Rep: Reputation: 47
Antivir got a free version,too.Can be equipped with a scanner demon.But it's only free as in beer not as in open source and you have to register to get it to update the data base.That was the only halfway decent virus protection I managed to install.OAV is as per it's developers in an early stage and should not used as the only means of virus protection.It is i.e. unable to detect polymorph viruses.
If you have a M$ partition on your box you should be worried about this stuff because there are virii out there that can wreck your bios and last time I checked Linux didn't work without a bios.
BTW - the only scanner that detected a trojan I keep around was kaspersky.

Last edited by crashmeister; 11-28-2002 at 05:41 AM.
 
Old 11-28-2002, 09:05 AM   #7
MandrakeNewbie
LQ Newbie
 
Registered: Nov 2002
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks unSpawn and crashmeister. unSpawn your sociopolitical and ideological analysis of the Linux world is certainly helpful in understanding the issue of security and the complexity it represents--both in terms of ideology and in the effects of historical contexts. Certainly for a newbie to Linux (who has much to learn) you provide an interesting panorama which. I find to be of great heuristic value. crashmeister, you reflect the concerns I have. Having worked with Windows and DOS for 17 years, i know (and this is where I take a point made by unSpawn) the future is uncertain and the certain thing about it is that it will change most of what we think about it today. Your response is clear, helpful, and practical as well and I will make use of it. The thought occurs to me about how the Linux world could become like the Windows world: frought with viri, vulnerabilities, and vermin. I watched it happen to Windows. This is why I came to Linux, and I think that we must be vigilant that what we have in Linux is not overrun by the same causes.
Thank you both for your responses to my inquiry. I am going to print them and make them a part of my Linux help file.
All the best!
 
Old 12-03-2002, 09:53 PM   #8
Wolfie
LQ Newbie
 
Registered: Jul 2001
Location: Vancouver, Canada
Distribution: RH 9.0 MDK 9.2, 10 Knoppix 3.4 SW 9.1 Debian 3.0, Gentoo, Peanut 9.5, PCLOS 2k4r7, Mepis
Posts: 18

Rep: Reputation: 0
AntiVirus for Linux

Hi, I did a fair bit of searching for AntiVirus products for linux and found quite a few good ones, but the best free ones have been F-Prot & AntiVir (f-prot is a command line scanner, AntiVir is a command line scanner too but there is a GUI front end for it from tkAntivir)

Both work well and are fully configurable for auto updates
 
Old 12-04-2002, 03:02 AM   #9
MandrakeNewbie
LQ Newbie
 
Registered: Nov 2002
Posts: 12

Original Poster
Rep: Reputation: 0
Wolfie,
Thanks very much. I will follow up.
 
Old 12-04-2002, 04:02 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
I very much disagree with F-prot. I did a quick check a time ago and it didn't look too good. Here's some old results. Plz note the scan was done on Aug 13th 2002 with updated sig db's for all scanners.

F-Prot:
./f-prot XPLT -ai -append -archive -dumb -list -packed -report=logfile.fprot.sec
Virus scanning report - 13. August 2002 21:19
F-PROT 3.12a. DEF's created 13. August 2002
Results of virus scanning:
Files: 130, Objects scanned: 682, Infected: 6, Suspicious: 4
F-prot found: Unix/Admworm.A, "security risk or a "backdoor" program", "a destructive program", VBS/GMW.D, W32/Myparty.A@mm

RAV:
ravav XPLT -ALL -HEUR ON -UNZIP -REPORT logfile.rav.sec
RAV Antivirus for Linux 8.3
Scan engine 8.7 for i386.
Last update: Mon Jul 29 17:08:03 2002
Scanning for 70308 malwares (viruses, trojans and worms).
Scan started on Tue Aug 13 21:16:12 2002
Objects scanned: 753. Infected: 36.
RAV found: Trojan/Linux.Rootkit.T0rn, Worm/Linux.Lion, SH/Admworm.A*, SH/Ramen*, VBS/GMW.D*, Trojan/Backdoor.AB, Trojan/Win32.WCRAT.12B, Trojan/Constructor.TrojanRunner.EliteWrap, JS/Winbomb.A*, Trojan/Backdoor.FB

Mcafee's uvscan:
uvscan --analyse --macro-heuristics --data-directory /var/lib/uvscan --recursive --atime-preserve --panalyse --secure 2>&1 > logfile.uvs.sec
51 lines. (uvscan does not do status/statistics)
Mcafee's uvscan found: Linux/Exploit-Bind trojan, Linux/Rpcmountd, Linux/Exploit-Statdx, UNIX/Exploit-Crontab trojan, Linux/Adm.worm virus, Linux/Ramen.worm virus, VBS/GMW.gen virus, BackDoor-AB.svr trojan, BackDoor-FI trojan, FreeBSD/RootKit trojan, JS/Winbomb trojan, VBS/GMW.gen virus, BackDoor-FB.svr.gen trojan, JS/Winbomb, W32/Myparty.uue, UNIX/Exploit-Progres.

Even tho the names differ you should be able to see that the stuff I had been running it against was known for a reasonable time and still F-prot won't detect as much as RAV, and RAV not as much as Mcafee's uvscan.

//edit: OK, I should note both RAV and Mcafee's uvscan are commercial packages, tho RAV for Linux comes for free when buying the w32 package. Still F-prot results do not look promising.

Last edited by unSpawn; 12-04-2002 at 04:10 AM.
 
Old 12-04-2002, 04:26 AM   #11
crashmeister
Senior Member
 
Registered: Feb 2002
Distribution: t2 - trying to anyway
Posts: 2,541

Rep: Reputation: 47
It seems as of now there is no free software that does a good job at detecting viruses in Linux.I use antivir which doesn't cost anything but is also an commercial product.Don't know how good it is though.
I think the problem with virus scanners in Linux is that they are mostly used by companies and ISP's to protect their M$ clients and they have no problem with paying for the software.
If you are really concerned about this you should have a look around.Almost every antivirus program is available as a Linux version - for $$ of course.
 
Old 12-09-2002, 03:52 PM   #12
siagoblue
LQ Newbie
 
Registered: Dec 2002
Location: Eastern Shore USA
Posts: 1

Rep: Reputation: 0
Try here: http://www.f-prot.com/index2.html
Free for personal use.
 
Old 12-10-2002, 06:32 PM   #13
MandrakeNewbie
LQ Newbie
 
Registered: Nov 2002
Posts: 12

Original Poster
Rep: Reputation: 0
Thank you very much for this information. I just went to their website and downloaded the file. I appreciate your help.
Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus and Apache Protection. Mark007 Linux - Security 3 03-07-2005 09:19 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
Virus protection wmeler Linux - Security 1 02-23-2004 12:16 PM
need virus protection FLuff_Suit Linux - General 5 05-06-2002 01:08 AM
virus protection p_murugappan Linux - General 1 07-11-2001 09:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration