I haven't tracked Linux-related sigs (I should) so I'd say to some small extent, and chiefly because other platforms display more problems. The LMD (Linux Malware Detect) ClamAV signatures for example focus mostly (IIRC) on malicious PHP scripts and such, so if you're running a web server that would be a good addition. Don't expect all root kits and such to be added and when obfuscated malware runs in memory only things are even harder to pinpoint. *Also note Sanesecurity, SecuriteInfo and MalwarePatrol each provide their own signature databases you can add.
|