Clam Av. Scan?

I guess that it is not necessary to scan the entire root system? At least not all the time.

Which directories should I select for regular scans, I guess I mean, the ones which are most likely to pick up viruses or trojans?

The ones with Windows files!
The dodgy files YOU install as root!
http://www.viruslibrary.com/virusinfo/Linux.htm
http://www.theregister.co.uk/2003/10/06/li...indows_viruses/
http://librenix.com/?inode=21
Welcome to a virus free world. Think you'd have to be mighty unlucky or running web services for most exploits.
http://www.google.co.uk/search?q=linux+vir...-8&oe=UTF-8
Edit:
This article for clarity
http://linuxmafia.com/~rick/faq/index.php?page=virus

Quote:

The ones with Windows files!
The dodgy files YOU install as root!
http://www.viruslibrary.com/virusinfo/Linux.htm
http://www.theregister.co.uk/2003/10/06/li...indows_viruses/
http://librenix.com/?inode=21
Welcome to a virus free world. Think you'd have to be mighty unlucky or running web services for most exploits.
http://www.google.co.uk/search?q=linux+vir...-8&oe=UTF-8
Edit:
This article for clarity
http://linuxmafia.com/~rick/faq/index.php?page=virus
[/b]

thanks for that advice feather M

No problem
If you do think you're at risk for true security something like Tripwire(A modified file checker) with rkhunter(A rootkit hunter).

Think the last article clarifies it quite a bit, as root we can do more damage than any virus could.

I ended up interested so had a little look (rkhunter)but some do bring back errors that are of no concern, normally google will bring back an explanation.

Just be careful with root and it's only the user that can be damaged., no exe's here.

are you using clam through command line? I suppose you are, but just in case I'll add my two bits for anyone else wondering who is using klam, if you are using klam (the gui interface) you'll need to point it to the defs file in user, if not it'll set up a folder in root and you would have to either download them (don't you dare do that) or manually copy them from user to the root folder. as long as you don't install anything from an unknown source with root permissions then nothing should be in root worth scanning.
I had to add some mirrors to smart for the ftp.suse.com (the update channel) 'cause it was so darn slow on dial up, and though those mirrors were selected from the list at opensuse, I'm so paranoid I ran a scan just in case.


happy thanksgiving! I have to go now, the bird is burning.......told her not to smoke in bed! :lol: :lol: :lol:

Tuxedo you do realise that the main reason for running clam-av is for the benefit of Windows. On a mixed network I understand and to stop propagation between the 2 Os's. Then you're better off using it as an email scanner.

The bottom article is quite a good article, explains the differences between the systems. Calls them superfluous, says it all really.

May be several years old but I doubt this has changed much. Though from reading stuff today seems that vista 64bit may finally be catching up, no kernel modification allowed without signature signing.

No auto-exec even if you received an attachment on an email it wouldn't auto-execute, this the main difference plus the lack of system wide install.

Seen proof of concept for macros on OO but as far as I know it's yet to happen.

I doubt you saw much when you ran windows and I reckon you'd never see one on a Linux machine, even without a virus engine.
Unless you're running a web server then these exploits aren't related to OS and only made possible by root.

that's correct I only use it for email, I was just commenting on my own paranoia to use it with new mirrors. I have only scanned twice since being on Linux whereas with windows it was practically a nightly gig.



The linuxmafia article is the best one, oldcpu gave me that way back and it helped me relax.....just a bit. the main danger as you said is mail, especially if your serving to MS machines, linux can only act as a host.


I was just addressing the klam issue for anyone who stumbles into this thread wondering about scanning in root. sorry if a made things worse.

You can never make it worse Security is always a good thing

Just a shame it takes Linux to teach us the basics. I run a rootkit checker every now and again mainly out curiosity one day it may find something, though hopefully not.

After Windows it's like stepping from Suburbia to a Desert.

What about root kits should we be concerned about root kits on your linux box? If the answer is yes, which program would you recommend for it?
I laugh at windows users, I remember hearing two programmers tell me they format their windows box every 2 to 3 months. The reason they said because they never would really know if they were infected by something or not.

the one i use is rkhunter http://www.rootkit.nl/projects/rootkit_hunter.html run it about once a month

andy