Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: Virus protection Clamav HOWTO

  1. #21
    Carlos E. R. NNTP User

    Default Re: Virus protection Clamav HOWTO

    On 2010-08-03 18:06, spokesinger wrote:
    >
    > DenverD;2196282 Wrote:



    > Lots of references there. Henk is right when he says that Linux is an
    > AV environment by itself - but it is not immune. For those of us who
    > believe that it is "better safe than sorry", and who don't mind wasting
    > a few cpu cycles, ClamAV is a reputable product. I do like your point
    > about rootkits, as they have been more "successful" on the Linux
    > platform (or at least, I think they have been). There are plenty of
    > examples of rights escalation by web page scripts now - even on Linux -
    > that we should all keep this in mind. Having some software to "look over
    > my shoulder" is welcome in my office.


    Ok, I know that there are some linux viruses out there.

    Ok.

    Now, how can they enter my machine?

    All software is installed "from reputable sources", ie YaST, the repos, etc. Clamav doesn't check
    that port of entry.


    Mail? Well, in this machine I haven't configured it, in another I do use amavis. Why? I have to
    confess that I want to know who sends me a virus and what virus. I'm that curious. So, am I in
    danger of a virus in email? No, impossible. I never run attachments, not automatically, not manually.


    Then, how can a virus get run in my system?

    No way I'm aware of. If there were any, yes, I would put an antivirus there.


    Now, a javascript virus in a webserver I browse to? Well, that would be possible. Now, does clamav
    check those? Not that I know.


    A macro virus in a word document? Possible. But openoffice warns of macros in documents, and as I
    get those via email, so amavis should check them.

    PDFs in acrobat? Possible, they can contain a kind of javascript, which is enabled by default in
    acroread.


    An attack via a network vulnerability, like in windows? Well, there is a firewall, and further than
    that, antivirus in linux doesn't analyze connections, AFAIK.


    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" GM (Elessar))

  2. #22
    Join Date
    May 2009
    Location
    Australia
    Posts
    326

    Default Re: Virus protection Clamav HOWTO

    Hi

    A virus can enter your system eg by saving a pic from your browser. The Firefox addon Fireclam will handle that.

    For other downloads, depending on the file type the option of open this file with clamav is displayed.

    On the following website you can download a firefox profile for (relative) secure surfing. JAP -- ANONYMITY & PRIVACY

    cheers
    Desktop: CPU: AMD Ryzan 4 core, RAM: 32 GB, SSD 120 GB OS, SSD 480 GB Raid, HD 500 GB , OS: 15.1
    Laptop: Toshiba, AMD 4 core, 8 GB RAM, SSD 500 GB, OS 15.1
    Printer: Brother Color laser , Scanner Epson V370. Main application: Ardour, Jack

  3. #23
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: Virus protection Clamav HOWTO

    otto oz wrote:
    > On the following website you can download a firefox profile for
    > (relative) secure surfing.


    relative to what?

    i have *relatively* secure surfing with a default installed of
    openSUSE already..

    *relatively* secure when compared to anything MS fortified with the
    best AV on the market--so why should i need to improve that, today?

    the easiest way to actually get a relatively better security than the
    default install of openSUSE is to *learn* and act responsibly and
    securely as a user/administrator, not add on unneeded AV so there is a
    warm and fuzzy 'feeling' of security..

    ymmv, and times may change in the future...that is, i suppose as the
    Linux share of the desktop 'market' increases we will see more and
    more folks trying to knock on our door, break in and sell us
    anti-malware..

    --
    DenverD
    CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

  4. #24
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: Virus protection Clamav HOWTO

    This is getting quite interesting, all this seems to be a FUD attack. Yes there are rootkits out there. chances are good that, if you are running a OpenSUSE linux server, 24h online, you might be subject to port scans and hacker attacks.
    If you are running Linux on a desktop:
    are you REALLY afraid of a virus risk in Linux? I am not. The only risk that you encountered recently is that you use proprietary software with rights escalations, like adobe acrobat reader. But if you use 11.3 do you have to install it? No, there is Okular and it works now amazingly good. And in 11.1 you have KPdf that does not have the integrated bloatware and therefore also is not subject to the continuous security problems of the reader.
    Flash might be a problem....for the userland only. And there has been reportedly for what I remember quite a trouble with dazuko, an application that comes together with ClamAv and ClamAv itself that had several security flaws. You begin to notice I guess what I mean. All you folks so nervous about virus, the remedy might well be riskier that the "no antivirus". AppArmour will be soon in the kernel as it seems, SElinux seems also to work fine and Tomoyo mandatory access control is also there. If one wants she can use it. So what is all that discussion about? ClamAV was designed to be a filter to help to avoid infection of .... Windows clients behind the server.
    Particularly closed source software is often horribly written. Samsung Printer Drivers are trying hard to "invade the desktop" with unwanted functionality and putting at risk you system (because who did write the software had not enough experience in Linux programming ...... or simply did not care).
    All this is perfectly avoidable.
    And if some of you think their system is particularly badly set up, that they may have a rootkit, then they shall install rkhunter from the repos and run it, regularly. You will find out to you big surprise that
    • you do not have any root kit
    • you are more paranoid then you thought

    I think I can second DenverD's irritation. There is a limit where these threads begin to be real FUD and seem to be VERY interested. And to who was asking to install "secure settings" in Firefox: who tells you that the add-ons in the (very approximately controlled) Firefox repository are safe? Every time I use these, and every time I use KDE look-org, I know to run a (minor) risk. That is why I am for the inclusion of a lot of well checked artwork and personalization in the original DVD and repository packs containing a vast variety of screen savers. So people would mess around less (especially noops subject to PEPKAK problems).
    Have a nice Linux day.

    PS. I would bet that 90% of the people so busy about security and virus here are not even encrypting and digitally signing their mail, nor will they insist with their correspondents to use these easy cheap and valuable measures. Proof me wrong.

  5. #25
    Join Date
    May 2009
    Location
    Australia
    Posts
    326

    Talking Re: Virus protection Clamav HOWTO

    Indeed it is getting quite interesting. "FUD" was never my intention when I started this thread. Just awareness !
    As to Firefox add-ons, the website I posted above JAP -- ANONYMITY & PRIVACY gives some recommendations, firefox add-ons can be a security problem too.
    More to the practical side of it, Whenever I close firefox , all cookies, LSO cookies, history is going to be deleted.
    Desktop: CPU: AMD Ryzan 4 core, RAM: 32 GB, SSD 120 GB OS, SSD 480 GB Raid, HD 500 GB , OS: 15.1
    Laptop: Toshiba, AMD 4 core, 8 GB RAM, SSD 500 GB, OS 15.1
    Printer: Brother Color laser , Scanner Epson V370. Main application: Ardour, Jack

  6. #26
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: Virus protection Clamav HOWTO

    ? Awareness of a problem that exists: raising of awareness.
    ! Awareness of a problem that does not exist ad giving it a wrong dimension: FUD
    It is honorable that you would like to raise awareness. But needing an add-on to get better privacy in FF is wrong. Setting up FF in a way that it behaves like you described. does need nothing but brain and a mouse click. Using an add-on for this is transferring the brain to someone else, in the belief that these choices are "the right ones". One has to understand what one is really doing. Otherwise the remedy is worse than the problem (if it exists).
    If you look in local security in yast, control your file permissions, setting them to secure, avoiding scripts....... AV software is the last thing to think of for you local security. Thousands of things come first:
    • using only the repositories that are proven save
    • using only necessary packages and installing not whatsoever (so far to the AV packages)
    • updating regularly
    • if possible not to use software to personalize from unknown sources
    • avoiding software with unwanted and unused function (as adobe reader)

    All this comes far before the use of AV packages for an OS that may well be less secure WITH the packages then without. The fact that we suppose you are posting FUD is related to HOW you post and what kind of impression (call it awareness!) this postings raise.
    So if much more than one user has the doubt about this being a FUD thread ..... maybe there is space for improvement.
    As I told you, there is a lot of improvement in order to harden the box, you may do, but this does not begin surely with an potentially risky use of AV software (especially proprietary closed source one). What makes you think these programmers are trustworthy since you cannot control their code? That you PAY? LOL.
    Finally ClamAv has been programmed for scanning to protect Windows clients, so, provided that protection from future, hypothetical malware designed for Linux, what would it be good for protecting your system?

    To recall here the definition of FUD in Wikipedia:
    Fear, uncertainty, and doubt (FUD) is a tactic of rhetoric and fallacy used in sales, marketing, public relations,[1][2] politics and propaganda. FUD is generally a strategic attempt to influence public perception by disseminating negative and dubious/false information designed to undermine the credibility of their beliefs.
    So how could we ever speak of FUD here...... I have some idea, to say the minor.

  7. #27
    Carlos E. R. NNTP User

    Default Re: Virus protection Clamav HOWTO

    On 2010-08-05 14:36, stakanov wrote:



    > If you are running Linux on a desktop:
    > are you REALLY afraid of a virus risk in Linux? I am not. The only risk
    > that you encountered recently is that you use proprietary software with
    > rights escalations, like adobe acrobat reader. But if you use 11.3 do
    > you have to install it? No, there is Okular and it works now amazingly
    > good. And in 11.1 you have KPdf that does not have the integrated
    > bloatware and therefore also is not subject to the continuous security
    > problems of the reader.


    That's true but arguable. I have to use some pf files that don't work with kpdf, okular, nor evince:
    they only display well with acroread. Worse, some of them have _code_ inside. You see them when you
    have to fill forms, in my case, from my government.

    For example, the invoices from the utilities, in electronic form, are usually digitally signed pdfs,
    at least here (Spain). Last time I looked, you can only verify the signature with acroread.


    > Flash might be a problem....for the userland only.


    Well, a malware compromising my userland is to me worse than my system. The system I can rebuild
    with some time. The data, is a lot of work, it is more valuable than the system.

    Which does not mean I'm going to integrate an antivirus with FF. Not for the time being, at least -
    but I watch. Maybe one day.


    > And there has been
    > reportedly for what I remember quite a trouble with dazuko, an
    > application that comes together with ClamAv and ClamAv itself that had
    > several security flaws.


    The kernel module, yes. I think it is used for those needing on access scan, for example on a samba
    server shares - to protect the windows clients, of course, not linux. It is a problematic module.


    > PS. I would bet that 90% of the people so busy about security and virus
    > here are not even encrypting and digitally signing their mail, nor will
    > they insist with their correspondents to use these easy cheap and
    > valuable measures. Proof me wrong.


    Ha! I do sign my email. That's another can of worms, and a different aspect of security, unrelated
    to viruses. Except if you consider that the PGP signatures of the entire opensuse buildservice has
    been broken for three or four months, so perhaps somebody could have tried to subvert the system
    somehow.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" GM (Elessar))

  8. #28
    Carlos E. R. NNTP User

    Default Re: Virus protection Clamav HOWTO

    On 2010-08-05 00:06, otto oz wrote:
    >
    > Hi
    >
    > A virus can enter your system eg by saving a pic from your browser.


    And do what? It is data, it can do nothing. You can display data. I have viruses stored in my
    machine. I can "open" them. Am I in danger? Nope. There is a difference between "opening" and
    "running". The only danger would be if I tried to run them - which I won't.


    > On the following website you can download a firefox profile for
    > (relative) secure surfing. 'JAP -- ANONYMITY & PRIVACY'


    Anonymity and privacy is not about virus protection.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" GM (Elessar))

  9. #29
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: Virus protection Clamav HOWTO

    Carlos E. R. wrote:
    > The only danger would be if I tried to run them - which I won't.


    i can't find it now, but i read a piece a couple of years ago where a
    guy set out to run some viruses....of course he had to specifically
    and deliberately run them in WINE to have any chance of doing
    damage...so he did that and still was quite disappointed at how really
    difficult it was to do any damage and certainly the little bugs had no
    idea how to replicate themselves since they couldn't crack win-email
    programs to pump out millions of infected emails..

    anyone have a link to that??

    it was kinda funny how much work it was to give those bugs _any_
    noticeable affect, even it you were *trying* to make them grow..

    oh, here it is http://www.linux.com/archive/feed/42031

    i do see that that article is FIVE years old, so maybe things have
    changed and "otto oz" is right....oh no! maybe i should be all afraid
    to surf without ClamAV (or other) running full speed..

    nah, i'll not install it today....and most likely not tomorrow...or
    next week..

    Have a lot of fun!

    --
    DenverD
    CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

  10. #30
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: Virus protection Clamav HOWTO

    Hola Carlos! Que tal estas?


    Quote Originally Posted by Carlos E. R. View Post
    On 2010-08-05 14:36, stakanov wrote:



    > If you are running Linux on a desktop:
    > are you REALLY afraid of a virus risk in Linux? I am not. The only risk
    > that you encountered recently is that you use proprietary software with
    > rights escalations, like adobe acrobat reader. But if you use 11.3 do
    > you have to install it? No, there is Okular and it works now amazingly
    > good. And in 11.1 you have KPdf that does not have the integrated
    > bloatware and therefore also is not subject to the continuous security
    > problems of the reader.


    That's true but arguable. I have to use some pf files that don't work with kpdf, okular, nor evince:
    they only display well with acroread. Worse, some of them have _code_ inside. You see them when you
    have to fill forms, in my case, from my government.

    For example, the invoices from the utilities, in electronic form, are usually digitally signed pdfs,
    at least here (Spain). Last time I looked, you can only verify the signature with acroread.
    I then could argue that it is possible to manually deactivate the functions that require code like embedded flash that generally cause the problem. On the long run I think this is going to change because you will probably see vanish the reputation of Adobe day by day like ice in the sun. PDF came to such a position it has today because it has the reputation to be safe. Now, in the meanwhile because of the bloat functions integrated it is getting insecure. For what I know all flaws "claimed" to be a problem also on Linux systems did NOT have the ability to cause problems further than user-land.

    Quote Originally Posted by Carlos E. R. View Post

    > Flash might be a problem....for the userland only.


    Well, a malware compromising my userland is to me worse than my system. The system I can rebuild
    with some time. The data, is a lot of work, it is more valuable than the system.
    Carlos, you are not going to tell me that a professional person as you are will proceed to mingle a user account for governmental documents with a private one, with the photos of the last summer and the other activities / mails. When it comes to governmental docs, they do require on whatsoever system a separate account. You should require only the attachment of your government being signed but also the very email, no? They should have learned by the experience of their hacked website during the Madrid - EU lead, last summer. At lest I would expect a tendency to come to better IT security practice overall now, not only with their websites. Malware in Userland will not compromise your new install as long as you do not overtake the settings of the programs.
    Quote Originally Posted by Carlos E. R. View Post
    Which does not mean I'm going to integrate an antivirus with FF. Not for the time being, at least -
    but I watch. Maybe one day.
    I do acknowledge that Linux one day may have a problem (probably not with the GNU/Linux kernel but with the implementation of some distribution or with a desktop function). That said, you position is acceptable, what is not acceptable is to "raise awareness of an imminent problem that would require a virus scanner", which IMHO is FUD. Let's play the "hypothetical game". So there would be a virus for let's say KDE. It will not run on gnome, neither on any other desktop. It will run for one distribution (OpenSUSE) but not e.g. on Mandriva with KDE. It would be a very isolated phenomenon even in a future "optimist" scenario.
    Problems WILL come however if we continue to incentive to "wave" the user to give the same password for root and user. But telling this is info, telling "install an antivirus to protect your Linux is currently FUD, because a false argument. And the latter is the object of the discussion, not the hypothetical "one day there may be a malware that works"
    Quote Originally Posted by Carlos E. R. View Post

    > PS. I would bet that 90% of the people so busy about security and virus
    > here are not even encrypting and digitally signing their mail, nor will
    > they insist with their correspondents to use these easy cheap and
    > valuable measures. Proof me wrong.


    Ha! I do sign my email. That's another can of worms, and a different aspect of security, unrelated
    to viruses. Except if you consider that the PGP signatures of the entire opensuse buildservice has
    been broken for three or four months, so perhaps somebody could have tried to subvert the system
    somehow.
    Hum, I am worried that you took this on you. I would have expected signing email from a person with your skills (he leido atentamente tus contribucines, sabes :-) ). But the absolute majority doesn't, not even when using Linux, especially noobs. (It is enough to try to send a whatsoever encrypted email to a person and you will find that she doesn't possess a signature on the public server. If you tell them to put it they answer that "they have nothing to hide"). So far about "WHERE" awareness has to be risen without being FUD.

    The signatures of the repos are an open point of discussion. That they where broken is not a problem, it means that they did not pay attention during the update of the repositories. But that does not mean the server was compromised, and you know that. It means, that if people are intelligent they did NOT update with the message that the software coming in is not conveniently signed. And awareness should be risen that this is the thing to do and that users shall report these messages to the mailing list of OpenSUSE. Am I wrong? This also is not FUD. But it would be FUD to say: install ClamAv antivirus and FF module to protect yourself and scan compromised packages that you did install on your own responsibility and intentionally disregarding the respective warnings.

    KDE-look org / gnome-look.org would be instead a problem, on this I do agree (as happened recently if I am not mistaken). Although this info would be awareness, but it would be FUD to say, install an AV on your system to protect you from this. They would not have revealed anything.

    The argument is therefore about the WHAT to be discussed and the FUD aspects of this thread, being them intentional or not. The critique is then of course not about raising security awareness and correct IT behavioral skills, which is a very positive thing to do.

    Saludos ;-)

    BTW, time ago I raised a proposal to put a group "security issues" on the forum. The consequent poll set up, at the end showed interest. Nothing happened. I then think maybe (if it is not there) one should create a WIKI section about hardening the box. What do you think about this?

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •