Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: OpenSuSE 11.1 On-Access Virus Scanning

  1. #1

    Default OpenSuSE 11.1 On-Access Virus Scanning

    I realise that many people dont see the need for anti-virus protection on UNIX-based systems such as Mac OSX and Linux. However, it seems to me bad form, to be in a situation where you might unknowingly pass on a file containing a virus to friends running Windows.

    Although a new comer to Linux, I have installed SuSE 11.1 (KDE 4.1.3) on a computer for myself and also on one for my parents. I have spent some time without success trying to get the on-access virus scanning to run.

    KlamAV 0.46 (using ClamAV 0.95.2) almost always comes up with the following message "The auto-scan process died unexpectedly!" I have tried adjusting the settings in freshclam.conf and clamd.conf but this has made no difference.

    Please could someone walk me though the process of setting up on-access scanning or point me to a clearly explained solution already published on the web?

    I note that there are other free Linux anti-virus products from AVG and Avast but it is not clear whether either of these provide on-access scanning. Any help or information would be most welcome.

  2. #2

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    Quote Originally Posted by AKIDNER1 View Post
    I realise that many people don’t see the need for anti-virus protection on UNIX-based systems such as Mac OSX and Linux. However, it seems to me bad form, to be in a situation where you might unknowingly pass on a file containing a virus to friends running Windows.
    Well, I have a very simple way on handling this.

    I _never_ send executable code (no matter if "exe", "pif" or documents containing macros, why/how should I download them to my system in the first place? I also _never_download attachments from sources I don't know, so where's the "attack vector" here?) to anybody nor do I use HTML email.

    What ways of "sending other people bad files" do you have in mind?

    In any way, why allocating unnecessary resources for an "on Access scanner" when you would possibly (if you don't send any of the stuff I mentioned above via Email, then why even needing that?) only need it on demand, scanning your Email attachments before you send them?

  3. #3

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    Thanks for your suggestion. My parents are nearly 80 years old and have just switched from Windows 98! I am looking for a solution I can implement on their computer and forget about.

  4. #4

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    This type of solution does not exist, no matter what "security software experts" may tell you.

    If your parents use linux and you configure their system _simple_ and _secure_, they will have high protection against virii/worms/trojans, the more complex you make the system (i.e. by installing an IMHO completely unnecessary "on access" scanner) the less you won't be able to "just forget".

    Not more code makes a system more secure, less code does, especially if you install more code with the idea of then having to care less.

    This conception is always flawed.

  5. #5

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    Okay it sounds like my approach may be over the top. Perhaps this is because of the time I spend working with Windows. What does "system _simple_ and _secure_" mean? Is it a predefined set of configuration options?

    Kmail would not work with my parents ISP so I ended up installing Thunderbird. Do you know if it is possible to setup automatic scanning of outgoing email attachments or am I missing your point about simplicity by asking this?

  6. #6

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    Quote Originally Posted by AKIDNER1 View Post
    What does "system _simple_ and _secure_" mean? Is it a predefined set of configuration options?
    No, it is excessive use of "common sense" (aka. "brian 1.0 or higher").

    There is no predefined set, just don't install more than needed, don't activate stuff you don't need (or don't know what it does/how it is working) and configure software with the "whitelist" (aka "anything which is not explicitly allowed should be forbidden") concept, take care of regularly updating the machine (security updates), etc. ....

    Vendors of "Security Software" (mostly known in the Windows world) like "Personal Firewalls" or "Virus Scanners" or "Spyware Removal Tools" tell you that their tools "make you secure by default", this is a blatant (but very lucrative) lie.

    Tools you don't know what they do and how they work will only give you false sense of security, in most cases using common sense is much easier and a very often more effective.

    Example:

    Typical statement of "Security software vendors":

    "Your Windows system has a lot of services running which most people don't need."

    => True

    "Your system will show lots of open ports exposed to the internet, this is a security risk"

    => True

    "Use our Personal Firewall product to block these ports and you will be secure".

    => False

    1) If the extra code installed (Personal Firewall) has a bug, it will open _new_ attack vectors, and believe me, there are lots of examples where you were more vulnerable _because_ you installed "security software". software is written by humans, humans make mistakes. The more software, the more potential mistakes, the more possible security holes.

    2) And for the "more effective common sense" part.

    If I have services I don't need running, which will put me at risk, why should I use another program denying access to those services?

    Wouldn't it be more logic to _deactivate_ the services I don't need so they won't be accessible at all?

    This is also even more secure, because even if the service has a security hole, my machine won't be vulnerable, because a non running service can not be attacked (not mentioning that this will also save system resources).

    I think you get the idea.

  7. #7
    Join Date
    Jun 2008
    Location
    Mallow, Ireland
    Posts
    1,031
    Blog Entries
    1

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    Are they likely to send windows virusses to people? Are they likely to receive Linux virusses?

    I personally wouldn't bother with any virus scanner for the same reason as explained by Akoellh

    I also had a bad experience with a virus scanner under Linux. Partly due to my own stupidity AVG noted I had a windows virus in my email box. Since this was a legacy email box from a windows machine this was very likely. I told AVG to heal the file but when it couldn't I told it to remove the email.. at least I thought I did. Turns out it deleted my whole email box. Thunderbird stored it as one file and since the file could not be cleaned it got deleted. Thank god for backups

    Since then I do not bother with antivirus on my Linux pc.
    "To err is human... to really foul up requires the root password."

  8. #8
    Join Date
    Jun 2008
    Location
    Mallow, Ireland
    Posts
    1,031
    Blog Entries
    1

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    Also, you would likely get phonecalls saying that the antivirus caught something, it can't update, it's broken, etc.. Less is more!
    "To err is human... to really foul up requires the root password."

  9. #9

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    Quote Originally Posted by Dexter1979 View Post
    Also, you would likely get phonecalls saying that the antivirus caught something, it can't update, it's broken, etc.. Less is more!
    Not mentioning those lovely "false positives" ......

    P.S.

    Lord Flasheart: Always treat your plane like you treat your woman.
    Lieutenant George: Take her home at the weekend to meet your mother?
    Lord Flasheart: No, get inside her five times a day and take her to heaven and back!
    Lord Flashheart: Woof!

    "20 minuters" class: Woof!

    Baldrick: Bark!

  10. #10

    Default Re: OpenSuSE 11.1 On-Access Virus Scanning

    Not much in this discussion i would disagree with, but it begs the question "why does klamav/dazuko/on-access scanning crash?"

    this is one of those chicken/egg questions but it identifies that "if" we needed it, we would be disappointed.

    good thing we are a small target, eh?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •