AV/Malware protectoin and maintanence?

Hello,

I have been using Opensuse 13.1~13.2 for a while now. Before, I spent the majority of time with Linux Mint 16~17, in Debian family.

I recall using Clamtk/ClamAV, and a few other apps available for Ubuntu Derivatives. I asked a naive question in their forum a while back.
http://forums.linuxmint.com/viewtopic.php?f=6&t=177654

Someone directed me to this link:
http://forums.linuxmint.com/viewtopic.php?f=90&t=171740#p884536

important part:

You would be surprised! There are a few situations were virus protection on a Linux system is needed or required:

  • When a (internal) network is shared with Windows systems
  • When a Linux system is connected to a Windows-based network
  • When files are being shared between Windows systems and Linux systems
  • When a Linux system acts as a file server for Windows systems

In these cases it can be recommended to use an anti-virus application on Linux systems as protection to avoid infecting Windows systems, which are more vulnerable to viruses than Linux systems. You must not forget that any virus, malware, spyware or other malicious software written for Windows remains untouched or altered on Linux systems. There’s a huge difference between the Windows file system (NTFS) and Linux file system (ext2, ext3, ext4, etc.) but any file will be stored to both file systems as it is, they will not be altered in any way. So this means that a Windows virus is still present in an infected file but cannot be activated on a Linux system. When that file gets transferred to a Windows system, the virus can be activated and infect the windows system.

If a Linux system is connected to a network which is Windows-based and is sharing the same network drives which are NTFS formatted, there’s a huge risk of downloading a potential infected file, iso-image or any other type of file, with that Linux system and spreading, unknowingly/unaware, an infected file over the Windows-based network infecting the connected Windows systems if that malicious software or infected file stays undetected.

I do share my wifi network with Windows computers at home, and I’m almost certain my school network is Windows based.

I would like to ask if someone could help me how to set up a somewhat decent protection routine on OpenSuse13.2 KDE OS.

I did not read that whole story extensive, but I think it i clear.

  • When you want to use your Linux system to check/find/destroy Windows oriented viruses, you can try these AV products on Linux. But it is of course only useful on data that is shared by (e.g. using Samba), of intended to go to (e.g. when you are a mail server), Windows systems. And take care: do not check the system part of your Linux systems, that is useless and will give you al lot of false alerts.
  • When you have no intention to do the work that the Windows systems should do themselves and are just worried about your Linux system, then using those AV programs is useless because, even if there exist Linux viruses, the tool will not recognize them.

Oh yes, and your network is TCP/IP based. It is not Windows based or Linux based.

On 2015-05-16 05:56, SJLPHI wrote:

> important part:
>>
>> You would be surprised! There are a few situations were virus protection
>> on a Linux system is needed or required:
>>
>>> > >
> - When a (internal) network is shared with Windows systems
> - When a Linux system is connected to a Windows-based network
> - When files are being shared between Windows systems and Linux
> > systems
> - When a Linux system acts as a file server for Windows systems
> > > >
>> In these cases it can be recommended to use an anti-virus application
>> on Linux systems as protection to avoid infecting Windows systems,
>> which are more vulnerable to viruses than Linux systems.

The important thing is that antivirii in Linux are used to protect
Windows, not Linux.

And those viruses that you find in Linux are inactive: they are inside
files, like files in a shared folder where Windows machines can write,
or sent via email, or downloaded.

On the other hand, the antivirii in Windows are often better than what
you find in Linux. Clamav is not very good, it misses a lot of the
things I get on the email, for instance.

If you have on your machine a samba share used by other Windows machines
(ie, it is a file server) then you might consider some kind of on access
scan. I don’t know how exactly to do it.

Or if you have a mail server, you can do it with amavis.

If you have a laptop that you move around, don’t bother. Let the windows
machines do the scanning.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Clamav is not very good, it misses a lot of the
things I get on the email, for instance.

odd, i have had clam find things that Norton and McAfee missed

but in emails you also have bobby trapped files that just go to a url and grab that software
so no virus until it is ran .
so attachments are ???

On 2015-05-18 06:26, JohnVV wrote:
>
>>
>> Clamav is not very good, it misses a lot of the
>> things I get on the email, for instance.
> odd, i have had clam find things that Norton and McAfee missed

Might happen.

> but in emails you also have bobby trapped files that just go to a url
> and grab that software
> so no virus until it is ran .

Nothing is downloaded unless you click somewhere.

On Thunderbird, for instance, remote content (images) are not downloaded
by default till you say otherwise, either for the current mail or for
that correspondent. Other MUAs behave similarly.

Other types of files in links, if they are not images that display, have
no reason to download automatically.

The email might contain javascript, but again, it should be disabled
from running — that’s the default in Thunderbird.

As far as I know, no antivirus in Linux would detect any of those.

> so attachments are ???

Yes, that’s what is scanned in Linux.

It can be done via amavis, or perhaps triggered by filters in your MUA.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))