LinuxQuestions.org - best anti virus

- Mandriva (https://www.linuxquestions.org/questions/mandriva-30/)

- - best anti virus (https://www.linuxquestions.org/questions/mandriva-30/best-anti-virus-331105/)

Hello,
I want to install anti virus on Mandriva 2005.
Which is the best ?

Thanks

Varun

an antivirus??? why? you don't need that...

The short answer is there is none and you don't need it.

There is an open-source virus scanner called clamav but its for scanning for Windows viruses in emails (for people who run mail servers that have Windows clients).

There are some companies that claim to have a 'Linux virus scanner' but mostly they are just mail gateway scanners with a nice GUI.

Remember Linux is not Windows and will have different solutions to problems which affect it in different ways.

Basically I am running a proxy server on this
system. So I have windows client.
If I install ClamAV on the server will it help ?

Thanks

Varun

Yes. I think you can setup squid and clamav to work together and intercept any viruses the user tries to download through WWW. This probably isn't completely foolproof (ie. unless they get mail off your mail server only and you've got clamav setup on that) but it should stop most virii.

No idea how to do it though ;) Have a google for 'squid and clamav'

I ran into a problem with virus on my Mandriva system. My wife received a email from one of her friends (A windows user) that contained a virus. Even though it didn't have any effect on the system unknowingly she forward it to one of here other friend. My service provider sent a email to us about the virus she was sending out. SO my question is should I/We install a virus scanner to protect others from their dumb mistake. Another friend of mine (linux User) had the service turned off for forwarding emails with virus. She had to clean out her Mailbox to get rid of it before her service provider would turn it back on.

It would do you no harm to get an antivirus program if you deal with a lot of Windows users. I recieve a lot of mail from windows users, but I scrutinize every email I recieve with an attachmnent so I have never had the problem of forwarding emails containing viruses.

You could setup the mail system on your Linux box (postfix) with Clamav. You would then need to setup fetchmail to download your wife's email from her ISP and then deliver it to herusername@localhost. This will have the affect of passing it through your local postfix server and thereby filtering it for viruses.

Sample /etc/fetchmailrc:

Code:

set syslog

set postmaster "postmaster"

set bouncemail

set no spambounce

set properties ""

set daemon 3600

poll mail.myisp.com with proto IMAP port 993

      user 'ispusername' there with password 'password' is 'localusername' here ssl keep

sample of lines to add to /etc/postfix/main.cf after the existing stuff:

Code:

#......... existing stuff above

mydomain = localdomain

myorigin = $myhostname



#mydestination is the list of domains that will be considered to mean the local server. In this case it

#includes the server's internal and external domain names and

#the localhost (so that email can be sent to tim@localhost for example)

mydestination = $myhostname, localhost.$mydomain



mynetworks = 192.168.1.0/24, 127.0.0.0/8



#deliver all mail through procmail (if there's no procmail rules file it should just go into the default /var/spool/mail/whatever file

mailbox_command = /usr/bin/procmail

#By default postfix has a stupid ~50MB limit on the size of the mailbox it will deliver to (even if going through postfix or whatever). Zero means infinite size.

mailbox_size_limit = 0

Then all you need to do is get clamav and postfix working together.

Quote:

She had to clean out her Mailbox to get rid of it before her service provider would turn it back on

If the ISP is so whingey about viruses (most people get several every day in their inbox) then they should probably be the one's providing server-side virus filtering. Quite a lot of ISPs use clamav or an equivalent to do this.

You could also maybe try:

http://www.f-prot.com/products/home_use/linux/
http://www.pandasoftware.com/download/linux/linux.asp
http://www.nod32.com/home/home.htm

If you're really worried about passing on viruses to Windows users. Although maybe you could just tell them to get a real OS ;)

best anti-virus (for *nix)
http://www.drweb.com/

I still use Peter Norton's under Windows. ;)

To be honest with you, varun_saa, the actual existence of a *nix virus is so rare that the need for an anti-viral on your system is almost pointless. By comparison, Win based operating systems have such a large number of viruses. When you evaluate the amount of *nix-based viruses, the percentage by comparison doesn't even make a pin-poke on my pinky finger. However, I would recommend using an anti-virus on a system housing a large database, or something very important (for safety). You can never be too careful.

I am sure that there is someone out there that would disagree with me or see this issue from a slightly different angle. Please feel free to respond.

Good luck on your decision. http://www.linuxquestions.org/questi...eadid=331105&#
http://www.linuxquestions.org/questi...eadid=331105&#

Quote:

However, I would recommend using an anti-virus on a system housing a large database, or something very important (for safety)

IMHO this is unnecesary, I've never heard of any company that actually runs anti-virus software on their Linux servers. I'd be very interested to hear if there is any actual real-world examples of people using Linux anti-virus software and wether it actually stops Linux viruses or is just designed to catch Windows viruses on shared folders and through email servers.

The way that security-concious Linux admins protect their servers is using things such as firewalls, regular updates, Intrusion Detection Systems, Rootkit hunters and more. Those last 2 (IDS and Rootkit hunters) are sort of the equivalent of having good virus protection in Windows. Host-based IDS systems scan the local system for evidence of intrusions such as trojaning of files, hidden processes and so on. Rootkit hunters are more specific - they perform a scan for known rootkits (software that a cracker installs on your box to give them control over it and hide their traces from you), in a similar way to how anti-virus software performs a scan for known viruses on Windows.

The difference is that IDS and rootkits are more geared towards detecting manual hacking - ie. someone who exploits a flaw in your system to gain shell access to it and then starts trying to rootkit it. In Windows the threat is from automated hacking - ie. viruses, which are by definition 'self-replicating' and therefore automated. The automated threat on Linux is nothing like that on Windows and can be protected from simply by setting up the firewall properly and keeping your applications updated and patched.

Very interesting point TK. I have to respect that. And the statement:

I'd be very interested to hear if there is any actual real-world examples of people using Linux anti-virus software and wether it actually stops Linux viruses or is just designed to catch Windows viruses on shared folders and through email servers.

I have to re-evaluate my statement. However, I have seen companies using AVs on Unix systems. This was back in the '80s. They had scripted their own from what they had said.

I cannot prove as such, however. But I'm positive there is some out there.

Very interesting and resourceful reply, TK.

I've recently spent more time on Fedora Core 3 due to Windoze problems but have noticed that my modem-lights flash merrily away, despite no browser or email app being open.

I've tried Chkrootkit looking for an intrusion but it doesn't seem to find anything, similarly I've got F-Prot & Bitdefender installed but nothing found,

Any ideas? All answers gratefully accepted

Tom

aviceda my cable modem at home does the same thing. You can check what's happening by running the ethereal program on the machine connected directly to the internet. However I know in my case the lights were flashing mostly because of ARP/RARP packets. This is a perfectly normal thing as its part of the lower-level functioning of your ISPs network. The amount of data that they use is so insignificant that it won't eat into any data quotas you have at all. See http://en.wikipedia.org/wiki/Address...tion_Protocol.