Why running clamav ?

[maigret]

Hi Gentooers,

Is there any reason to use clamav in an Linux-only, little home network ? It seems to me it makes only sense while running a Linux mail or SMB server with Win clients... It is right ?
Has anyone ever had problem with viruses on Linux, and if yes what would be the best solution to adopt ?

Just have the impression my weekly clamscans are very time- and resource-consuming, maybe I could avoid it.

[mahdi1234]

u can still find virus on friend's cd or hdd when connected ... though i never had really any issues on linux - not scanning thoroughly, just monthly and on access.

[Q-collective]

Hi Gentooers

Hey

It seems to me it makes only sense while running a Linux mail or SMB server with Win clients... It is right ?

Yes, that's right

Has anyone ever had problem with viruses on Linux, and if yes what would be the best solution to adopt ?

There are no problems, because there are no Linux viruses.

Just have the impression my weekly clamscans are very time- and resource-consuming, maybe I could avoid it.

Sure, no reason for installing it at all.

[metalifloyd]

Actually there are viruses for Linux. They just aren't nearly as common and are generally harder to install. I've been running Linux exclusively for many years and have never run into any virus problems (That I know of ). Ohh and here is the obligatory reference link...
http://www.viruslibrary.com/virusinfo/Linux.htm

[Q-collective]

Actually there are viruses for Linux. They just aren't nearly as common and are generally harder to install. I've been running Linux exclusively for many years and have never run into any virus problems (That I know of ). Ohh and here is the obligatory reference link...
http://www.viruslibrary.com/virusinfo/Linux.htm

These viruses only work in laboratory conditions, they don't exist in 'the wild'.

[quex]

Actually there are viruses for Linux. They just aren't nearly as common and are generally harder to install. I've been running Linux exclusively for many years and have never run into any virus problems (That I know of ). Ohh and here is the obligatory reference link...
http://www.viruslibrary.com/virusinfo/Linux.htm

These viruses only work in laboratory conditions, they don't exist in 'the wild'.

How about the trojan that was infecting an Asian version of Firefox (can't remember the nationality, sorry)?

[Decibels]

Korean

[Q-collective]

How about the trojan that was infecting an Asian version of Firefox (can't remember the nationality, sorry)?

Well, that would actually be a first real life example, so my point still stands. I'll reject it if you can find another 10.

[mnxAlpha]

How about the trojan that was infecting an Asian version of Firefox (can't remember the nationality, sorry)?

A version of Firefox distributed on an unofficial site not associated in any way with Mozilla. It was infected with a virus that was three years old, and had never been seen in the wild. Somehow, I don't think it was an accident. It seems far more likely that it was deliberately infected.

[yakapiece]

I occassionally run clamav, it just takes so long to run. But I use rkhunter and chkrootkit quite often. I would suggest clamav for two reasons, if you keep any email on your machine and as firefox exploits are becoming news-worthy (if you want to call it that)

[CorpseOfMystic]

How about the trojan that was infecting an Asian version of Firefox (can't remember the nationality, sorry)?

Well, that would actually be a first real life example, so my point still stands. I'll reject it if you can find another 10.

How about another 3294? Because Symantech lists 3295 Linux viruses in the wild.

Edit: There being nearly 3300 Linux viruses does not mean you necessarily need to use clamav for your own desktop. If you stick to using portage or other package management for other distributions there shouldn't be a problem. They provide features like hash checking or digital signing that ensure the program has not been modified.

[i92guboj]

There are no problems, because there are no Linux viruses.

How about another 3294? Because Symantech lists 3295 Linux viruses in the wild.

Yes, and there are more for sure. The fact that linux is inherently more secure, does not mean that it is invulnerable at all. There are hackers that hack into linux/unix/bsd machines, why do you think that this work cant be automated to be done by a bot, a worm or whatever other lovely digital being?

Linux has a more secure architecture, but all the days are discovered new buffer overflows in many programs, famous are sendmail and mozilla, and zlib, and many more Are you sure you are indestructible now?

I am convinced that there have been more issues with viruses in linux than we all think (of course nothing compare to windows), the nice part is that, if a user is attacked, usually is only the user's problem, while the rest of the system remains invulnerable. Most times he even will not notice, and if the virus is installed into his account, it can virtually use the box as a launching point to the net.

Sure, no reason for installing it at all.

So, yes, there is a reason to have an av installed, because that way you avoid to contribute to the virus propagation, but I preffer a good firewall though.

Edit: There being nearly 3300 Linux viruses does not mean you necessarily need to use clamav for your own desktop. If you stick to using portage or other package management for other distributions there shouldn't be a problem. They provide features like hash checking or digital signing that ensure the program has not been modified.

As I said before, you can still receive malicious code in the user account, that will not affect you system wide, but can be launched from your box to the net. If you feel no solidarity for the rest of the net, then let your box be a nest for little spawns. If you do, set a firewall, there is no need for an av in a domestic net if you can configure a good firewall and you keep your system up to date with the security updates.

EDIT: I forgot one of my favourite things: some people (some=thousands) still operates in home nets with root priviledges all the time w/o any protection. What makes that linux different of windows in that case? The answer is: only one thing, that it is less popular. More popularity and more virus will come with the time, when all the win-lamers come to linux one day.

Old linuxers are too busy for such annoyances, but while linux become easier to use and more popular, the winlamerish troops are coming towards us, and one day there will be such amount of lamers in the linux world that linux viruses will become a daily issue.

[yakapiece]

Sad, but theoretically true. I wouldn't blame it on windows users coming to linux, rather virus authors' intentions have change more towards money rather than destruction - so they will go towards the larger user base (naturally).

[Q-collective]

How about the trojan that was infecting an Asian version of Firefox (can't remember the nationality, sorry)?

Well, that would actually be a first real life example, so my point still stands. I'll reject it if you can find another 10.

How about another 3294? Because Symantech lists 3295 Linux viruses in the wild.

Edit: There being nearly 3300 Linux viruses does not mean you necessarily need to use clamav for your own desktop. If you stick to using portage or other package management for other distributions there shouldn't be a problem. They provide features like hash checking or digital signing that ensure the program has not been modified.

Hmm, odd, according to this there are 'only' 105 viruses, and it doesn say that are lab experiments or "wild" ones.
Please, if you quote virus stats, use the stats from the program discussed, Symantec doesn even run on Linux.

[CorpseOfMystic]

Hmm, odd, according to this there are 'only' 105 viruses, and it doesn say that are lab experiments or "wild" ones.
Please, if you quote virus stats, use the stats from the program discussed, Symantec doesn even run on Linux.

Symantec doesn't run on anything. Symantec is not a product, its a company. A company who happens to keep a highly respected and complete virus database. Somehow I doubt the any claim that Symantec maintains fake databases for the purpose of subverting Linux just because its flagship antivirus product does not run on it (especially considering that the product supports ICAP for scanning Linux installations from Windows, a service their customers certainly need).

[i92guboj]

Hmm, odd, according to this there are 'only' 105 viruses, and it doesn say that are lab experiments or "wild" ones.

I would trust much more the Symantec database than the Clamav one. No offense intended, but Symantec is much older. Anyway, that is a search with the keyword "linux", and not all the linux viruses. Not all the win/dos viruses have the string "win" in their names, and not all the linux viruses are cataloged with the "linux" string in their names.

Please, if you quote virus stats, use the stats from the program discussed

We were clarifying a question about numbers that we consider false. Read the post title, the question is if we need security to prevent virus attacks in linux. We are argumenting. And as argument, that is a valid number.

Symantec doesn even run on Linux.

As stated avove, Symantec doesn't run in anything but in money But that is not the question, "Symantec doesn even run on Linux." is not a valid excuse for two simple reasons: there is not a separated internet for linux machines and windows machines, and, second, Symantec products can scan linux installations from a windows machine, so, what do you say????? I think that we have no reason at all not to trust the Symantec information about the number of known linux viruses.