Results 1 to 5 of 5

Thread: AV/Malware protectoin and maintanence?

  1. #1
    Join Date
    Oct 2014
    Location
    Switzerland
    Posts
    425

    Default AV/Malware protectoin and maintanence?

    Hello,

    I have been using Opensuse 13.1~13.2 for a while now. Before, I spent the majority of time with Linux Mint 16~17, in Debian family.

    I recall using Clamtk/ClamAV, and a few other apps available for Ubuntu Derivatives. I asked a naive question in their forum a while back.
    http://forums.linuxmint.com/viewtopic.php?f=6&t=177654

    Someone directed me to this link:
    http://forums.linuxmint.com/viewtopi...171740#p884536

    important part:
    You would be surprised! There are a few situations were virus protection on a Linux system is needed or required:

    • When a (internal) network is shared with Windows systems
    • When a Linux system is connected to a Windows-based network
    • When files are being shared between Windows systems and Linux systems
    • When a Linux system acts as a file server for Windows systems

    In these cases it can be recommended to use an anti-virus application on Linux systems as protection to avoid infecting Windows systems, which are more vulnerable to viruses than Linux systems. You must not forget that any virus, malware, spyware or other malicious software written for Windows remains untouched or altered on Linux systems. There's a huge difference between the Windows file system (NTFS) and Linux file system (ext2, ext3, ext4, etc.) but any file will be stored to both file systems as it is, they will not be altered in any way. So this means that a Windows virus is still present in an infected file but cannot be activated on a Linux system. When that file gets transferred to a Windows system, the virus can be activated and infect the windows system.

    If a Linux system is connected to a network which is Windows-based and is sharing the same network drives which are NTFS formatted, there's a huge risk of downloading a potential infected file, iso-image or any other type of file, with that Linux system and spreading, unknowingly/unaware, an infected file over the Windows-based network infecting the connected Windows systems if that malicious software or infected file stays undetected.
    I do share my wifi network with Windows computers at home, and I'm almost certain my school network is Windows based.

    I would like to ask if someone could help me how to set up a somewhat decent protection routine on OpenSuse13.2 KDE OS.

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,369

    Default Re: AV/Malware protectoin and maintanence?

    I did not read that whole story extensive, but I think it i clear.

    • When you want to use your Linux system to check/find/destroy Windows oriented viruses, you can try these AV products on Linux. But it is of course only useful on data that is shared by (e.g. using Samba), of intended to go to (e.g. when you are a mail server), Windows systems. And take care: do not check the system part of your Linux systems, that is useless and will give you al lot of false alerts.
    • When you have no intention to do the work that the Windows systems should do themselves and are just worried about your Linux system, then using those AV programs is useless because, even if there exist Linux viruses, the tool will not recognize them.


    Oh yes, and your network is TCP/IP based. It is not Windows based or Linux based.
    Last edited by hcvv; 16-May-2015 at 01:03.
    Henk van Velden

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: AV/Malware protectoin and maintanence?

    On 2015-05-16 05:56, SJLPHI wrote:


    > important part:
    >>
    >> You would be surprised! There are a few situations were virus protection
    >> on a Linux system is needed or required:
    >>
    >>> > >

    > - When a (internal) network is shared with Windows systems
    > - When a Linux system is connected to a Windows-based network
    > - When files are being shared between Windows systems and Linux
    > > systems

    > - When a Linux system acts as a file server for Windows systems
    > > > >

    >> In these cases it can be recommended to use an anti-virus application
    >> on Linux systems as protection to avoid infecting Windows systems,
    >> which are more vulnerable to viruses than Linux systems.


    The important thing is that antivirii in Linux are used to protect
    Windows, not Linux.

    And those viruses that you find in Linux are inactive: they are inside
    files, like files in a shared folder where Windows machines can write,
    or sent via email, or downloaded.

    On the other hand, the antivirii in Windows are often better than what
    you find in Linux. Clamav is not very good, it misses a lot of the
    things I get on the email, for instance.


    If you have on your machine a samba share used by other Windows machines
    (ie, it is a file server) then you might consider some kind of on access
    scan. I don't know how exactly to do it.

    Or if you have a mail server, you can do it with amavis.

    If you have a laptop that you move around, don't bother. Let the windows
    machines do the scanning.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  4. #4

    Default Re: AV/Malware protectoin and maintanence?

    Clamav is not very good, it misses a lot of the
    things I get on the email, for instance.
    odd, i have had clam find things that Norton and McAfee missed

    but in emails you also have bobby trapped files that just go to a url and grab that software
    so no virus until it is ran .
    so attachments are ??????



  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: AV/Malware protectoin and maintanence?

    On 2015-05-18 06:26, JohnVV wrote:
    >
    >>
    >> Clamav is not very good, it misses a lot of the
    >> things I get on the email, for instance.

    > odd, i have had clam find things that Norton and McAfee missed


    Might happen.

    > but in emails you also have bobby trapped files that just go to a url
    > and grab that software
    > so no virus until it is ran .


    Nothing is downloaded unless you click somewhere.

    On Thunderbird, for instance, remote content (images) are not downloaded
    by default till you say otherwise, either for the current mail or for
    that correspondent. Other MUAs behave similarly.

    Other types of files in links, if they are not images that display, have
    no reason to download automatically.

    The email might contain javascript, but again, it should be disabled
    from running — that's the default in Thunderbird.


    As far as I know, no antivirus in Linux would detect any of those.


    > so attachments are ??????


    Yes, that's what is scanned in Linux.

    It can be done via amavis, or perhaps triggered by filters in your MUA.


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •