[TCLUG] Linux virus protection

Wed Sep 24 09:13:29 CDT 2003

Rick Meyerhoff wrote:

> Ok, stop laughing. The company I'm consulting at has a client that 
> insists on putting virus protection on all their boxes.
>
> We've been trying to install and configure TrendMicro's ServerProtect 
> Linux product but continue to have problems. Also, I'm not personally 
> impressed with them in general.
>
> I found that Network Associates/Mcafee has a command-line product but 
> we have not evaluated it. There are several other companies that I 
> have never heard of that make products.
> http://www.kaspersky.com
> http://www.datafellows.com/
> http://www.ravantivirus.com/
>
> How do you know you can trust them? Of course, I searched sourceforge 
> but did not find anything that was sufficiently mature.
>
> We don't have a lot of time to evaluate various products so if anyone 
> has experience with virus protection software for Linux, I would like 
> to hear about it.

rav antivirus has worked great for me, but alas it's being discontinued 
due to it being purchased by Microsoft.

I've started moving to clamav, so far so good.  It's easy to setup and 
use.  As far as trusting them, they are open source so it would be hard 
to hide something there, and the virus database gets updated fairly 
often, it comes with test files (not real viruses) to make sure it's 
working properly, and its free as in beer.  It's been runing reliably on 
my server for about 2 months now, and it emails me it's results (a shell 
script + cron job I set up).  It's default setup runs as the clamav 
user/group so no root issues there.

Thats my $0.02 for advice, now for some questions...

Why do they need AV on the linux box?  Are they using it for a 
Samba/Email/Web server and just want something scanning there to protect 
the Win32 Clients? 

If it's not to protect a Win32 Client machine, then why worry about 
trusting the software?  All it will do is use up CPU cycles, scan 
through disks, and finally accomplish nothing of value.  My main reason 
for using clamav is to scan files that I would give to others or take to 
work, that way I won't be blamed for passing anything along to others.

If they insist on having AV on all their boxes then don't the Win32 
Clients already have an AV package protecting them?

Just curious...

Chris Frederick

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list