Good antivirus for linux

[baldman]

Hi All,


Great to see the birth of Sentora, I'm not sure I could have gone on without you... lol 
 
I have loved using Zpanel over the years on Windows.  I can work my way around Linux but I’m way more comfortable in Windows. Since Sentora won’t be released for Windows I’m now left with only one option.  I’m keen on jumping into Linux but one of my main concerns is email spam & virus protection for the server and clients. I have been running Xeams Firewall and passing all mail through it for scanning before forwarding it to Zpanel.  Because Xeams can run on Windows I’m able to install additional virus protection such as AVG which is also really great cleaning emails. I have tried using Xeams with ClamAV on Ubuntu but I just don’t get the same results.

Can anyone suggest a good easy way/application to combat viruses on Linux/Ubuntu?...  I’d like to keep using Xeams for my spam protection as it’s amazingly good (Yes I’ve tried SpamAssassin)

Cheers, Baldman

[Me.B]

1. Sentora 1.0 runs technically on Windows. It's sentora 2.0 that "will" drop windows support.

2. I see Xeems runs on Linux already. Is the issue antivirus?

AVG avaible on linux too:
http://free.avg.com/fr-fr/129024

Strange had been using clamAV on windows server and it's been not bad at all.

3. You can already plug clamAV in postfix directly why adding another layer? ClamAV is not bad at all.

See postfix + AVG how to:
http://www.howtoforge.com/avg-antivirus-...ail-server

Will require some admin experience and you can add this layer the same in sentora/zpanel.

M B

[baldman]

ClamAv ran fine for the server but some of the clients still received infected emails that were undetected by ClamAV. I cant remember the infection name, it was root something. It seamed to make the client PC send spam out or something like that. So I reverted back to Windows and everything was fine after that.

Xeams does a pretty good job on its own detecting spam & viruses but it doesn't hurt to have an added layer of protection from viruses. I would feel pretty embarrassed if a client rang me angry because their computer got a virus and it was my fault.

I didn't configure AVG to work with Xeams on windows either, it just scanned all files coming in automatically.

I didn't even think to try AVG on Linux...lol... I'll do a little more research, thanks for the links Me.B.

Cheers, Baldman

[Nigel]

Avast also has linux support now.

As far as I've been lead to believe, Linux (except Android) doesn't need antivirus??
I run no antivirus on any of my machines.

To effectively have antivirus do it's thing, you need to run regular scans (half hourly if you're concerned that much), but this would likely put undue stress on your system.

Shouldn't it be up-to your clients to scan their emails before opening them?

[Me.B]

As far as I've been lead to believe, Linux (except Android) doesn't need antivirus??

This is a false idea, as we have on linux a lot of bots & rootkits. Android have a lot of malware & rootkit you can find mainly with stolen software.

The myth that set that linux have no virus is technically irrelevant. As linux have flaws and can be infected with self replicating/ propagating software. The main difference is linux market share in desktop or overall PC market. Same apply for mac OS while it was hit recently with many worms targeting java flaws.

See:

http://www.linux.com/learn/tutorials/284...to-viruses

M B

[5050]

About antivirus, I am used to consider 3 main cases:

1) The machine is dedicated to work by itself with (usualy) no human user and minimal config, like a server with no graphic interface and only known software executed.
-> for a such computer, I will not install an antivirus that will eat performances and memory. I will only ensure regular updates and do regular survey that nothing unusual happens (no extra unknown dir, etc).

2) The computer is used regularly by an "advanced" user who is paranoiac (or have knowlegde) enough to not launch any exectable "to see what it does", to not go without prudence on crack or forbiden websites, to not use inconsiderately torrent download, etc.
-> on such computer I will not install antivirus. I will only do time to time survey and eventually do a scan of all files from another computer or better, from bootable usb key or CD.

Note : I place myself in this category. I have no antivirus on my computer for at least 10 year and never got anything wrong. Each time I have something which make me to suspect a virus, I did a scan and never found any. Instead I found obsolete drivers, hardware failure, sometime unwanted software installed with another product, etc., (and even one time a cat which had peed on the back corner -and airing- of my tower. Dirty beast ! :-( )

3) In all other cases (when I cannot trust enough users' knowledge or paranoia), I install an antivirus BUT I enable scan only for incoming files (as much as possible according to possible config, often on write operation), but not on read or execute operation except for amovible mass storage like usb key or disk.


And finally, I am regularly anoyed by users who complains about some complaint of antivirus (most time licence renewal or false positive), but I do not remember to have to clean an infected computer for many years for close family or friends, only for more far-off friends or relations.

[Me.B]

I'm installing antivirus on servers mainly to scan users files for php rootkits that could cause a lot of mess with spam/cpu use.

Also We need antivirus in email gateways despite we are getting less virus in email (attachment) while facing more phishing attacks (AV can't do a lot here as it's links).

I have many severs running without antivirus as most of the websites if not all are mine and no one other have access beside Web front end (Windows & linux), but on shared hosting server I have set AV on both windows/linux.

Also if you are experienced once you had fought rootkit you will smell it quickly that something is wrong in the server. I remeber I was unable once to kill a rootkit but managed to jail it so it was almost frozen and gained time until I moved my data, as it was a production server.

M B

[Nigel]

This is a false idea, as we have on linux a lot of bots & rootkits. Android have a lot of malware & rootkit you can find mainly with stolen software.

The myth that set that linux have no virus is technically irrelevant. As linux have flaws and can be infected with self replicating/ propagating software. The main difference is linux market share in desktop or overall PC market. Same apply for mac OS while it was hit recently with many worms targeting java flaws.

See:

http://www.linux.com/learn/tutorials/284...to-viruses

M B

You basically just shot down your own argument.

I said Android needs Antivirus.

Root kits target software (such as PHP), so an attacker has to get into your server before they can apply such a device to your machine.
If you have taken ALL precautions (such as a strong password, mod_evasive, mod_security and so forth) and an attacker still gets in, then there was nothing that could have been done to stop them.

Now as I said above, it's the responsibility of the client to check their emails before they open them, do we blame Google or Microsoft for nasties that creep in our free email accounts? No.

About antivirus, I am used to consider 3 main cases:

2) The computer is used regularly by an "advanced" user who is paranoiac (or have knowlegde) enough to not launch any exectable "to see what it does", to not go without prudence on crack or forbiden websites, to not use inconsiderately torrent download, etc.
-> on such computer I will not install antivirus. I will only do time to time survey and eventually do a scan of all files from another computer or better, from bootable usb key or CD.

Note : I place myself in this category. I have no antivirus on my computer for at least 10 year and never got anything wrong. Each time I have something which make me to suspect a virus, I did a scan and never found any. Instead I found obsolete drivers, hardware failure, sometime unwanted software installed with another product, etc., (and even one time a cat which had peed on the back corner -and airing- of my tower. Dirty beast ! :-( )

3) In all other cases (when I cannot trust enough users' knowledge or paranoia), I install an antivirus BUT I enable scan only for incoming files (as much as possible according to possible config, often on write operation), but not on read or execute operation except for amovible mass storage like usb key or disk.


And finally, I am regularly anoyed by users who complains about some complaint of antivirus (most time licence renewal or false positive), but I do not remember to have to clean an infected computer for many years for close family or friends, only for more far-off friends or relations.

I too don't run any antivirus on any of my Linux machines (except maybe Spamassassin, which isn't really antivirus), but I do on Windows machines (my partners, my daughters & customers) because Microsoft leaves itself vulnerable on purpose so it can make more money.

[baldman]

I think most email services would scan for viruses wouldn't they?.... I've seen emails before that say they have been scanned by the server's etc... It always seems to cost me more of my time to go out and clean these infected computers...lol.. Surly you would agree that removing the virus from the infected email before it reaches the clients computer would be the best solution for everyone?

[5050]

Surly you would agree that removing the virus from the infected email before it reaches the clients computer would be the best solution for everyone?

Yes it is ! (AMHO)


In my last post, I though only to the protection of the computer itself, but in case of a server, it is better to also filter spams and virus. (and I have to tell I never implementd such because of I'm the only user of my server!)

But if any email content is removed, the recipent must be always be warned of the removal and not leaved without any news that a mail have been changed or even worse deleted. (I do not know how spamassin and similar can be configured).

And slso, I think that the process must be as light as possible while remaining efficient, because it is too much boring to fail to send an attached file to a customer because it only may be indesirable because it is an exe, a dll or any sort of executable (like gmail does).