[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-linux
Subject:    Re: Begs a question: AV in Linux //  Re: MDKSA-2006:016
From:       Joachim Schipper <j.schipper () math ! uu ! nl>
Date:       2006-01-18 9:55:31
Message-ID: 20060118095530.GA4681 () melpomene ! jschipper ! dynalias ! net
[Download RAW message or body]

On Tue, Jan 17, 2006 at 01:45:34PM -0600, Benson, Sean M wrote:
> Anti-Virus in Linux.
> Should I/you or shouldn't I/you and why?
> 
> With this (ClamAV) being an anti-virus program, running on Linux,
> creating a possible exploit:
> 
> Should you run an anti-virus on linux for non-work issues?
> (Just home Workstations, Laptops, etc.. not mail servers.)
> 
> IMHO:
> I've heard the "Keep from passing windows virus' from NTuserA --- you
> --- NTuserB."
> But I don't think that's a good enough reason to eat up my cycles, plus
> I'm a huge fan of least apps/services running.
> 
> I Don't buy the "Market Share targeting" jazz either. It's more a design
> issue based on least/most priviledge in my thinking.

No, ClamAV catches almost nothing that is relevant to a *nix machine.
Far better to run something like chkrootkit, or, if you want a solution
that works against someone who is able to do more than compile a
standard exploit, something like AIDE/tripwire/samhain.

		Joachim
[prev in list] [next in list] [prev in thread] [next in thread]