cbishop
09-06-2005 08:41:13
i've never used any antivirus on a linux server before, and have been
required to do so recently by my boss. does anyone have any
suggestions on a package, or a good way to tell him to shove off?
WhyDoubt
09-06-2005 11:22:23
I have looked at this before. If you search for Linux + Antivirus anywhere, most of the serious products you find focus on using Linux to protect Windows against viruses. I don't use Linux in that capacity, so I cannot offer recommendations, though I doubt this is what you meant.
I believe the demand for protecting Linux from viruses comes primarily from uninformed (or stubborn) people who believe that antivirus is a way of life, as opposed to to a way of Windows life. There are products that play to that market, but last I checked few if any seemed worthy of serious consideration.
I haven't seen much press on this in quite some time. I think many in the tech media are in a holding pattern, just waiting for 'the big one.'
robertngreen
09-06-2005 12:20:02
This depends on what you are trying to protect. The linux box itself or windows boxes.
I have anti-virus scanners running at one customer under linux. These are primarily to protect the windows boxes. One sits on the mail server, the other on the files server.
There are viruii (viruses) out there for Linux/unix but they usually don't spread very far due to file perimssion and ownership issues unless it was run as root. Add to the fact that most of them have been proof of concept.
The main threat on a linux system is trojan horses, rootkits, and outside worms (there are some that do hit linux boxes). But these are rare or need shell access to work right.
If you are going the linux protecting windows route I use Sophos. They are pricey but they do have a good product that has an api interface and is easily scriptable. I have yet to find a anti virus company that makes a good suite of apps. You will usually wind up scripting it to get it doing what you want.
cbishop
09-06-2005 14:33:37
they're not worried about their windoze boxen. they think
my linux server is going to be infected, and then infect other
machines on the network. i am working with neanderthals btw.
yes they are dellusional. no i don't have a choice or say on the issue.
you would think that mentally incompetant management would take
the advice of the guy they hired to do the job, but it doesn't seem to
be the case. they continually disregard my suggestions since i'm
"just a kid".
i've found some freeware called 'clam antivirus'. it installed rather
easily, and was quite easy to configure and run as well. (of course
all the scans came up empty!)
any knowledge or thoughts about this product?
jaeger
09-06-2005 14:34:49
If you must scan, clamav is the way to go... Though, ironically, its best use in my experience is to scan windows files that pass through the linux server. :) Like samba shares, email, etc.
robertngreen
10-06-2005 15:20:35
The most likely senario is that linux is a carrier but will not get infected itself. Just pass the infected file onto the machine it can infect.
I have not used clamav but it does seem like they try to keep the definition file current with new viruii (viruses).
I know how you feal working with people who don't listen. I have a few customers that are like that.
TheDanMan
10-06-2005 16:33:24
I experience this kind of thing with my family. We have an online newsletter that my whole family can use. Well my grandmother was on and posting in a DAY! While I've got cousins that complain its too hard, that are my age. The difference? My grandmother actually listens and tries to learn what I tell her.
wolfie
11-06-2005 15:58:46
I use clamav and like it, course that said I haven't caught a single virus. :) That is mainly because the box I run it on doesn't get much email traffic. That might change but for now it won't. Clamav is very configurable and works really well with qmail.
my 2.5 cents.