Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus Scanning LINUX Systems

Status
Not open for further replies.

Michael42

Programmer
Oct 8, 2001
1,454
US
How can I Virus Scan my LINUX system?

Are there any open source virus scanning software available?

Thanks,

Michael42
 
Viruses are a problem of the Windows world. There aren't many viruses for Linux systems. I've never seen one or heard of anybody being infected by one. As Linux grows more popular, this may change unfortunately. But for now, I wouldn't even bother with any AV software on Linux.

ChrisP
 
Ouch!
I "in part" agree with fluid11, and that is that in general viri are aimed at the Win32 world but that is no reason to become complacent.

I have been running file system AV in my servers now for 4+ years and never trapped anything BUT in the case of my mail servers I can quarantine anything up to 5-6 infected mails per week and I'm only a very very small VISP.

Plus in conjunction with mail AV you can activate something like Sophos to protect your clients from SPAM .... Opps can't say that word that upsets "Fray Bentos" .. unsolicited mail.

Never assume anything, and protect against everything!

(If you have the time and resource that is)!

Good Luck.
Lauie.
 
Thanks very much for all your comments.

They are very useful! :)
 
IMO, the only time you need AV software on Linux is if your scanning for Windows virii for Windows clients. For example, if your running a Samba server that Windows clients use as a file server, then it would be a good idea to have AV running on the Linux server scanning for Windows virii. The same goes if your running a mail server. As far as virus scanning for Linux machines, I wouldn't even bother because they're almost non-existent.

ChrisP
 
To add to the open source antivirus list, I've been running messagewall on my servers. It listens on the SMTP port and rejects infected mail before it hits my MDA... helpful given that most of my lusers are running windows.

It can be a bit tricky to install, but the end results are worth it:



 
"As far as virus scanning for Linux machines, I wouldn't even bother because they're almost non-existent."

????????????


Maybe far fewer, but certainly not almost non-existent.

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
What happens if you're running a Pop3 or Imap server that Microsoft mail clients access?

I think it's a gross oversight to make that statement about not needing to scan Linux hosts.

I haven't seen a true virus to date "infect" a Linux machine. I have, however, seen many a virus come through a Linux machine without affecting it, but infect every Windows machine accessing that Linux box...and not just with Samba shares.
 
This issue has been covered recently in this forum and I will reiterate basically what bwilliam13 is saying:

If you are providing a service (gateway) through a Linux server then you "should" be offering some form of protection to your users/client machines.

This is basic "Good Practice"

Other link:

Good Luck
Laurie.
 
I'm still not convinced. In Windows, when a new virus is introduced, you *need* a virus scanner with updated virus definitions in order to protect yourself from the virus. In Linux, in the rare occasion that a virus is introduced, you have to upgrade a piece of software in order to protect yourself. This is something that you should be doing anyway, as security updates are always being released.

Newposter, your list of 27 viruses dates back to 1998 (or earlier). 27 viruses in 5 years, with a good amount of those viruses being completely harmless, I'm not worried. If your machine actually got infected by any of those viruses, excluding maybe 5 of them, you deserve it and shouldn't be a Linux admin.

bwilliam, why don't you read my post again. I specifically said that you *should* run a Windows virus scanner on a mail or file server if you have Windows clients.

The Slapper worm, which infected an older version of OpenSSL, is the only Linux virus that infected machines on a widescale basis. A virus scanner wouldn't have done anything to stop it when it first came out. The scanner would stop it now, but if your running an old version of OpenSSL, then you probably deserve to be infected.

I've spoken with many Linux admins who manage large Linux networks and not one person has ever been infected with a virus or uses any kind of Linux virus scanners.

On top of all that, in order for a Linux virus do to any damage, the virus would have to attain root privs. A lot of these viruses attack services, kind of how a hacker would. If that service doesn't run as root, then there's a good chance the virus won't do much damage.

Chris
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top