| View previous topic :: View next topic |
| Author |
Message |
YPenguin
Apprentice
Joined: 26 Apr 2014
Posts: 278
Location: Kenzingen, Germany
|
 Posted: Tue Feb 16, 2016 11:08 am Post subject: Virustotal |
 |
|
| How is Gentoo's recommendation on using this service?: https://www.virustotal.com/ |
|
| Back to top |
|
 |
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Feb 16, 2016 11:46 am Post subject: Re: Virustotal |
|
|
YPenguin ... that recommendation would probably read "such things are left entirely to the skill and ingenuity of the user", or (more likely) "why would you want to do that? ... this isn't windows".
best ... khay |
|
| Back to top |
|
|
YPenguin
Apprentice
Joined: 26 Apr 2014
Posts: 278
Location: Kenzingen, Germany
|
| Posted: Tue Feb 16, 2016 1:14 pm Post subject: |
|
|
Virustotal distributes malware samples to the AV-companies they cooperate with (52 currently).
As a result detected malware gets removed from the wild quicker. |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Feb 16, 2016 10:56 pm Post subject: |
|
|
| YPenguin wrote: | | Virustotal distributes malware samples to the AV-companies they cooperate with (52 currently). As a result detected malware gets removed from the wild quicker. |
YPenguin ... ok, but such AV-companies don't produce software to detect "malware" on machines running linux, so it's pointless they recieve samples, as there is no method for them to act on it, and/or make money from doing so.
best ... khay |
|
| Back to top |
|
|
dataking
Apprentice
Joined: 20 Apr 2005
Posts: 251
|
| Posted: Tue Feb 16, 2016 11:40 pm Post subject: Re: Virustotal |
|
|
This is a very open ended question. Khay's points are great and valid. However, VT also has APIs available which are handy for research, much of which can be done on linux. Some might argue it's safer to collect/store/submit samples to VT from linux. As a matter of fact, I have a small collection of tools wrapped around that very concept.
Taken more literally, I doubt Gentoo, as a product offering, and/or as a community, probably has very little to say in regards to VT, for the very points made above. Only a small subset of malware actually affects linux targets, and even fewer are significant enough to gain any popularity.
Disclaimer: I am by no means an expert in malware, its development, intent, or targets. And I am by no means speaking for Gentoo, VirusTotal, or their respective communities. The comments above are strictly my opinion and may or may not be based on facts, empirical or otherwise.
_________________
-= the D@7@k|n& =- |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Wed Feb 17, 2016 9:06 am Post subject: |
|
|
| If you _really_ want to use an antivirus (but why do you ?), you should consider clamav, which is free (open-source). You can use it as a one-shot command. |
|
| Back to top |
|
|
YPenguin
Apprentice
Joined: 26 Apr 2014
Posts: 278
Location: Kenzingen, Germany
|
| Posted: Wed Feb 17, 2016 7:34 pm Post subject: |
|
|
| What about email-viruses? |
|
| Back to top |
|
|
dataking
Apprentice
Joined: 20 Apr 2005
Posts: 251
|
| Posted: Wed Feb 17, 2016 7:53 pm Post subject: |
|
|
| YPenguin wrote: | | What about email-viruses? |
What about them? Again, linux isn't the typical target. And clamav can be used to intercept *some* malware midstream (email or otherwise).
_________________
-= the D@7@k|n& =- |
|
| Back to top |
|
|
YPenguin
Apprentice
Joined: 26 Apr 2014
Posts: 278
Location: Kenzingen, Germany
|
| Posted: Thu Feb 18, 2016 5:52 pm Post subject: Infectability of Wine |
|
|
| I don't have Wine installed because I have separate Windows harddisks but I would like to know how dangerous Windows-viruses might be to Wine. |
|
| Back to top |
|
|
Chiitoo
Administrator
Joined: 28 Feb 2010
Posts: 2575
Location: Here and Away Again
|
| Posted: Fri Feb 19, 2016 10:59 am Post subject: Re: Infectability of Wine |
|
|
| YPenguin wrote: | | I don't have Wine installed because I have separate Windows harddisks but I would like to know how dangerous Windows-viruses might be to Wine. |
They could potentially mess with anything and everything a Windows applications via Wine sees, or anything the user running it can see. I don't think I've ever read of one that would have been specially made to detect that it's actually on Linux/Unix\Other, however. (See also FAQ: 11.1 Wine is malware-compatible)
Wine definitely shouldn't be thought of a sandbox. (See also FAQ: 11.2 How good is Wine at sandboxing Windows apps?)
_________________
Kindest of regardses. |
|
| Back to top |
|
|
Fitzcarraldo
Advocate
Joined: 30 Aug 2008
Posts: 2034
Location: United Kingdom
|
| Posted: Fri Feb 19, 2016 12:28 pm Post subject: |
|
|
| YPenguin wrote: | | What about email-viruses? |
I don't know your situation, but all the publicly-available e-mail account providers I use (i.e. accounts such as hotmail.com, msn.com, outlook.com, yahoo.com, and so on), and the work e-mail account providers I use, all scan incoming and outgoing e-mails on their e-mail servers before you even see the e-mails. It's standard practice these days. So receiving a virus via e-mail is the least of your worries.
As it happens, just yesterday I used the e-mail client (Thunderbird) on my laptop to send an e-mail with the EICAR virus test file attached, to a different e-mail account with another service provider. The results were as follows:
a) The first provider blocked the attachment when I looked in the Sent folder of that account via WebMail, informing me that "We have blocked some attachments in this message because they appear to be unsafe."
b) I received an automated e-mail from the receiving e-mail account provider informing me that:
| Quote: | A virus was detected in the following e-mail!:
From: "AAAAA" <aaaaa@nnnnn.com>
To: "BBBBB" <bbbbb@xxxxx.com>
Date: Wed, 17 Feb 2016 10:45:55 +0000
Subject: A test to see what happens
The concerned e-mail has been handled according to your Virus Protection Settings.
Sincerely,
Your e-mail account team
[ This is an automatically generated email, do not reply to this sender. You may find more information in the online help of your e-mail client. ] |
Then I used the e-mail client on my laptop to send an e-mail with the EICAR virus test file attached, from the second account to the first account. The sending e-mail account then received the following automated e-mail message:
| Quote: | Subject: Mail delivery failed: returning message to sender
Date: Wed, 17 Feb 2016 11:30:10 +0100
From: Mail Delivery System <mailer-daemon@ddddd.com>
To: BBBBB <bbbbb@xxxxx.com>
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:
<aaaaa@nnnnn.com>
Reason:
virus/suspect content found
--- The header of the original message is following. --- |
So I don't worry about e-mail. The more likely vectors for importing and exporting virus-infected files are USB pen drives and downloads from the Internet.
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC udev elogind & KDE on both.
Fitzcarraldo's blog |
|
| Back to top |
|
|
|
Networking & Security
