RE: antivirus for linux

• Previous message: Timothy Schwimer: "Re: Strange pings from 127.0.0.1"
• In reply to: Bruno França dos Reis: "antivirus for linux"
• Next in thread: Ansgar -59cobalt- Wiechers: "Re: antivirus for linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Bruno Franca dos Reis <brunoreis@terra.com.br>, <security-basics@securityfocus.com>
Date: Thu, 17 Jun 2004 21:01:11 -0500

        I use ClamAV (http://www.clamav.net/) and Exiscan
(http://duncanthrax.net/exiscan-acl/) to scan emails as they are received
and sent via my mail server. I have users accessing email via Windows
clients such as Outlook and Outlook Express, and therefore like to scan for
virii at the MTA level. I have found ClamAV to be pretty easy to install and
configure. You don't need to use it in the above capacity; you can use it to
scan files and folders from the command line.
        I have tested it pretty extensively and have not seen (or heard from
anyone) any virii that have gotten through; although I cannot vouch for any
heuristic scanning features within it. There is an auto-updater called
freshclam that comes along with it, which you can schedule updates to happen
at pretty much any interval you like. The signature database is kept very
up-to-date.
        All in all, I would think it couldn't hurt you to install anti-virus on a
linux box, especially if you are providing email services to users on
Windows. There is, of course, a small performance hit with having
Exiscan/ClamAV scan each email, but it is small and doesn't impact overall
performance in my experience.

Hope this helps,
Jason

-----Original Message-----
From: Bruno Franca dos Reis [mailto:brunoreis@terra.com.br]
Sent: Tuesday, June 15, 2004 6:25 PM
To: security-basics@securityfocus.com
Subject: antivirus for linux

Hello guys

I'm kinda new to linux, and getting more and more worried about security. I
was wondering: is it necessary for me to have an anti-virus application? If
so, is it a "live scanner", like the ones I know for windows?

Do you recommend using an anti-virus software? If so, which?

Moreover, I have a linux firewall. Is there any way for me to detect virus
activity trying either to break into a computer (like Sasser or others like
it) or to detect incoming mail with virus? Note: my firewall isn't my mail
server. I was wondering if it could sniff connections to pop mail servers
and
detect virus code.

Thanks in advance.

Bruno Reis

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Timothy Schwimer: "Re: Strange pings from 127.0.0.1"
• In reply to: Bruno França dos Reis: "antivirus for linux"
• Next in thread: Ansgar -59cobalt- Wiechers: "Re: antivirus for linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]