Is a Virus Scanner Necessary with Linux?

I have a broadband connection to the Internet. I dual boot to Linux and
WinXP. With XP I use a firewall and a virus scanner. When I'm in Linux I
use just a firewall with no virus scanner. Since almost all viruses affect
the Windows Os and not Linux is there any reason to use a virus scanner
under Linux? Does just a firewall and the necessary caution with e-mail
attachments provide enough security? My system is a home system and not
part of a network. If a virus scanner is recommended which products are the
ones to use with Linux? Thanks.

On Sun, 9 May 2004 15:47:06 -0700, Stephen Zilliox wrote:

> Since almost all viruses affect
> the Windows Os and not Linux is there any reason to use a virus scanner
> under Linux? Does just a firewall and the necessary caution with e-mail
> attachments provide enough security? My system is a home system and not
> part of a network. If a virus scanner is recommended which products are the
> ones to use with Linux? Thanks.



Not much use for spending manhours for making a virus scanner for linux.

I think there are less than 300 (virus,worms, trojans) total for Unix
in the last 30 years and those have been closed out with recent
software updates.

The OS is virus resistant unless you are running as root
instead of using a regular account.
http://www.linuxmafia.com/~rick/faq/#virus

Check your linux vendor for updates *regularly*.

For some light reading:
http://www.claws-and-paws.com/virus/..._viruses.shtml
http://librenix.com/?inode=21

Now if you need linux to scan email passed through for Micro$not
then see if your Micro$oft virus scanner vendor has one for linux.
You might need other vendors if you are using linux as a file server
for Bill'$ code.

More answers at
http://groups.google.com/advanced_group_search
good virus scanner in the first box
*linux* in Newsgroup, U need 2 use *, pick English

returns over 9,000 hits, change to best virus scanner
returns over 400 hits

Five minutes of just looking for links in the text gets me,
in no order of importance:

http://www.centralcommand.com
http://www.symantec.com/product
http://mcafee.com
http://www.openantivirus.org
http://freshmeat.net/search/?q=virus&section=projects
http://www.f-secure.com/
http://sourceforge.net/projects/openantivirus
http://www.sophos.com
http://www.kaspersky.com
http://www.pspl.com
http://www.hbedv.com
http://www.ravantivirus.com
http://www.antivirus.com
http://clamav.elektrapro.com/
http://www.openantivirus.org

Use http://groups.google.com/advanced_group_search again to
check responses for the product you think about using.

Bit Twister wrote:

> On Sun, 9 May 2004 15:47:06 -0700, Stephen Zilliox wrote:
>
>> Since almost all viruses affect
>> the Windows Os and not Linux is there any reason to use a virus
>> scanner
>> under Linux? Does just a firewall and the necessary caution with
>> e-mail
>> attachments provide enough security? My system is a home system and
>> not
>> part of a network. If a virus scanner is recommended which products
>> are the
>> ones to use with Linux? Thanks.
>
>
>
> Not much use for spending manhours for making a virus scanner for
> linux.
>
> I think there are less than 300 (virus,worms, trojans) total for Unix
> in the last 30 years and those have been closed out with recent
> software updates.
>
> The OS is virus resistant unless you are running as root
> instead of using a regular account.
> http://www.linuxmafia.com/~rick/faq/#virus
>
> Check your linux vendor for updates *regularly*.
>
> For some light reading:
> http://www.claws-and-paws.com/virus/..._viruses.shtml
> http://librenix.com/?inode=21
>
> Now if you need linux to scan email passed through for Micro$not
> then see if your Micro$oft virus scanner vendor has one for linux.
> You might need other vendors if you are using linux as a file server
> for Bill'$ code.
>
> More answers at
> http://groups.google.com/advanced_group_search
> good virus scanner in the first box
> *linux* in Newsgroup, U need 2 use *, pick English
>
> returns over 9,000 hits, change to best virus scanner
> returns over 400 hits
>
> Five minutes of just looking for links in the text gets me,
> in no order of importance:
>
> http://www.centralcommand.com
> http://www.symantec.com/product
> http://mcafee.com
> http://www.openantivirus.org
> http://freshmeat.net/search/?q=virus&section=projects
> http://www.f-secure.com/
> http://sourceforge.net/projects/openantivirus
> http://www.sophos.com
> http://www.kaspersky.com
> http://www.pspl.com
> http://www.hbedv.com
> http://www.ravantivirus.com
> http://www.antivirus.com
> http://clamav.elektrapro.com/
> http://www.openantivirus.org
>
> Use http://groups.google.com/advanced_group_search again to
> check responses for the product you think about using.


There is clamav which is in the Mandrake distro disks and probably in
other distros as well. It can be piped through a procmail recipe for
email being handled by a linux mailserver but bound for microsoft
boxes. I would install it only if the mail server has microsoft
clients. Clamav runs a daily cron job at 0400 hrs to update its virus
database.

The only reason that I am aware of this is that my son insists on using
Windows (where did i go wrong?) and I am planning on routing his mail
through my system as I am getting sick of periodically having to clean
out his system. Malicious code has not been an issue in my linux boxes
so far.


Clive



Clive



--

Either at home or at work, I've never had or heard of any problems w/ any
system other than Windoze where at least minimal precautions were taken.
Personally, I wouldn't spend much time or money on it.

The only virus I've ever seen work on any OS other than Windoze is this:

--- begin virus email ---
This is a multiplatform virus. Because Bill is the only one who manages to
distribute vulnerable systems, this is based on the honor system. Please do
something bad to your system, then forward this on to every address in your
inbox, saved messages and contact list. Thank you.
--- end virus email ---

This one spread like wildfire through HP-UX systems a few years back at a
previous employer. We never did find a way to stop it, but fortunately it
died out on its own after a few months.

Robert

Stephen Zilliox wrote:
> I have a broadband connection to the Internet. I dual boot to Linux and
> WinXP. With XP I use a firewall and a virus scanner. When I'm in Linux I
> use just a firewall with no virus scanner. Since almost all viruses affect
> the Windows Os and not Linux is there any reason to use a virus scanner
> under Linux? Does just a firewall and the necessary caution with e-mail
> attachments provide enough security? My system is a home system and not
> part of a network. If a virus scanner is recommended which products are the
> ones to use with Linux? Thanks.
>
>

For right now, it probably is enough protection. Let's face it, the
variety of Windows viruses still rely on human engineering in order to
spread. That is, they use the old attachment in email trick to get the
victim to run it.

If (and when) Linux becomes more mainstream on the desktop, then you'll
see the same types of attacks happen under Linux. Ostensibly, the sane
permissions and security structure of Linux should make the impact of
this type of attack minimal. Nevertheless, I'm sure some shrewd virus
author will manage to get a couple notches in their bedpost so to speak
and gain entry into machines. It's inevitable.

For things like Sasser, Linux has had a few of those and really all you
can do is make sure you're firewalled (which you are) and up to date on
your system patches.

As far as running a virus scanner under Linux, I do not run one and I
don't see it as a requirement. Yet.






--

WWJD? JWRTFM
Rot13 for email address: yvfgf @ ehqa.pbz

In article <(E-Mail Removed)>,
"Stephen Zilliox" <(E-Mail Removed)> writes:
>
> I have a broadband connection to the Internet. I dual boot to Linux and
> WinXP. With XP I use a firewall and a virus scanner. When I'm in Linux I
> use just a firewall with no virus scanner. Since almost all viruses affect
> the Windows Os and not Linux is there any reason to use a virus scanner
> under Linux?

Few or no viruses affect Linux. (A few have been documented, but AFAIK
none are common "in the wild." Also, some Windows viruses might run
successfully under Linux using WINE -- say, Word macro viruses. I don't
have specifics on this, though.) Thus, virus scanners to protect Linux
are pretty pointless. There ARE virus scanners for Linux, but mostly
they're intended to block e-mail worms intended for Windows clients of
Linux mail servers or to scan files on Samba shares, again for the
benefit of Windows clients.

That said, Linux isn't without its security problems, but they come in
different forms. The closest things to virus scanners for Linux are
intrusion detection kits, like Tripwire or chkrootkit. Tripwire records a
checksum for all the files in directories you specify, and you can
compare that checksum whenever you like (say, daily in a cron job). That
should detect intruders. The chkrootkit program is more like Windows
virus scanners, in that it scans your hard disk for known intrusion
"signatures." You might run it periodically, much as you'd run a virus
scanner.

Because of the way Linux systems tend to be compromised (namely, by
intruders who take advantage of bugs in common Linux servers), the
greatest risk is when the system is connected directly to the Internet.
If you've got a broadband (NAT) router, the risk is greatly reduced. If
you're careful to run no servers on your Linux system, the risk is also
very low -- but it's easy to overlook a server or accidentally run one.
Also, some common programs, like Linux's mail queues, function as
servers, so if they're not configured to ignore network access and if
they have bugs, that's a potential way in. A local iptables firewall can
provide good protection if it's properly configured, but that's a
potentially big "if." Overall, if you're not an expert (and if you were,
you wouldn't have posted your question), I recommend you get yourself a
broadband NAT router and connect to the Internet through it, if you don't
already have one. It'll help protect both Windows and Linux, as well as
multiple computers if you've got more than one.

--
Rod Smith, (E-Mail Removed)
http://www.rodsbooks.com
Author of books on Linux, FreeBSD, and networking

Martha Stewart called it a Good Thing when Jeff Breitner <(E-Mail Removed)> wrote:
> For right now, it probably is enough protection. Let's face it, the
> variety of Windows viruses still rely on human engineering in order to
> spread. That is, they use the old attachment in email trick to get
> the victim to run it.
>
> If (and when) Linux becomes more mainstream on the desktop, then
> you'll see the same types of attacks happen under Linux. Ostensibly,
> the sane permissions and security structure of Linux should make the
> impact of this type of attack minimal. Nevertheless, I'm sure some
> shrewd virus author will manage to get a couple notches in their
> bedpost so to speak and gain entry into machines. It's inevitable.

What is required is a "vector" for transmission and re-transmission.

With "LookOut!", the vector is that the email client has the default
of executing whatever programs get transmitted to it.

There isn't an Unix-oriented email client that does this. What the
"shrewd virus author" needs is twofold:

a) For someone to write an email client that is designed to be as
insecure as Microsoft's, and

b) For that blatantly insecure software to be adopted by "everyone."

I don't see this happening. The one email client that most nearly
emulates "OutHouse Express" is Evolution, and even they aren't so
stupid as to try to do a). They surely know that if they did, it
would be universally panned due to the security hole.
--
"cbbrowne","@","ntlug.org"
http://www.ntlug.org/~cbbrowne/security.html
"I develop for Linux for a living, I used to develop for DOS. Going
from DOS to Linux is like trading a glider for an F117."
-- <(E-Mail Removed)> Lawrence Foard

In article <(E-Mail Removed)>,
Christopher Browne <(E-Mail Removed)> writes:
>
> Martha Stewart called it a Good Thing when Jeff Breitner <(E-Mail Removed)> wrote:
>>
>> If (and when) Linux becomes more mainstream on the desktop, then
>> you'll see the same types of attacks happen under Linux.
>
> What is required is a "vector" for transmission and re-transmission.

Correct.

> With "LookOut!", the vector is that the email client has the default
> of executing whatever programs get transmitted to it.
>
> There isn't an Unix-oriented email client that does this. What the
> "shrewd virus author" needs is twofold:
>
> a) For someone to write an email client that is designed to be as
> insecure as Microsoft's, and
>
> b) For that blatantly insecure software to be adopted by "everyone."

That's *ONE POSSIBLE* vector for hypothetical future Linux viruses or
worms. Others might exist, but we might all be blithely unaware of them.
In fact, security holes are discovered in Linux all the time. (The same
is true of Windows; I'm certainly not trying to Linux-bash.) A Linux
virus must merely be written to take advantage of one of them. Of course,
chances are that hole would be quickly closed and so become useless for
future viruses. That hasn't happened with the fundamental problems in
Outlook, which makes it ideal for worm authors.

--
Rod Smith, (E-Mail Removed)
http://www.rodsbooks.com
Author of books on Linux, FreeBSD, and networking

Hi,

generally it's not too bad about *nix viruses.
So the use of a virus scanner (if there is any
good one available...) seems unneccessary.

Well, this is ok, but the best think you can do,
is to _know_ _exactly_, what you are doing;-)
Guess i have to explain that a bit deeper.

When i first set up my internet gateway box with linux,
i did a lot of beginner faults.
I had SSH and FTP and stuff running (which was enabled by default
during distro install) and was not aware, that those daemons
also listened at the ppp-interface, when i went online.

Cruel enough, i even set up an anonymouse ftp-account with
write permission to some sensible data.
Anyone could have deleted or stolen this:-)
Another bad thing was me using an older distro (cause the box is old, too)
and not knowing, that the sshd running on it had 12 (or even more) known
security leaks.....a later port scan done by a friend told me that.

Well someday by night, the power supply was interrupted and the box
didn't start after it returned (an old HDD died because of this instant-off).
I used the CD to boot the system and to repair things.

I was really surprised to see some folders, i hadn't noticed before.
Someone hacked the box and implanted some ROOT-KIT spy ware.
I found a log file with all my mail passwords and so on.

Since then i did some effort to protect my (newly set up) gateway box.
So you should care for some things:

* check for patches (e.g. new ssh with fixed leaks)
* do not run any daemons/services you do not need
* check what services are running and to which interfaces they bind
....unless you need not remote control/access your box, restrict all
daemons to your internal interfaces
* use a firwall :-)

The firewall thing is really important if you have Windows-Clients
connected and/or if you forward some ports to internal machines.

Guess until *nix/linux becomes as widespread as Windoze, the need for
a virus scanning tool will not be too big.

Ralf

> The only reason that I am aware of this is that my son insists on using
> Windows (where did i go wrong?) and I am planning on routing his mail
> through my system as I am getting sick of periodically having to clean
> out his system. Malicious code has not been an issue in my linux boxes
> so far.

Well then you might want to consider something different; might as well use
your Linux server to help protect his mailbox against wors etc. Unless your
ISP already does your filtering, check out any of:

http://www.pc-tools.net/unix/renattach/
http://mailtools.anomy.net/
http://www.roaringpenguin.ca/product...fang/index.php

Of these, I believe renattach (my own creation) has the lowest overhead.
It's easy enough to add as, say, a procmailrc rule.

--
Jem Berkes
http://www.sysdesign.ca/