[colug-432] Linux virus scan
richardjhornsby at gmail.com
Sat Mar 24 17:23:16 EDT 2012
On Mar 24, 2012, at 15:12 PM, Bernie Clear wrote:
> Ok I know some of the big companies have been pushing their Linux Virus scan agents but haven't heard of anyone really using them. I want to hear fellow colugers thoughts on running virus scan agents to protect the Linux OS.
I have used ClamAV once maybe in the past on linux desktop systems, but the reality is that I mostly don't bother. Setting the argument over why aside for a moment, most of the viruses target and attack Windows. One of the popular vectors is drive-by downloads via Internet Explorer. There are some really simple, basic steps you can do to harden your Linux boxen:
- Turn off services you're not using and don't need (nfs, portmap, etc)
- Firewall off services you're using but don't need to be exposed to the interweb (nfs, portmap, etc)
- Don't use telnet or other unsecured protocols for connecting remotely, use ssh. (Is it really necessary to mention this?)
- Use secure passwords, and don't use the same password for your Facebook account that you use for your system login, or for your bank.
- If the link looks suspicious, don't click on it - or at least investigate it before you click on it.
- If you're really paranoid, use SELinux. I personally do not do this, mostly because I haven't taken the time to understand how the infernal thing works.
One place I suppose I would recommend using a virus scanner is if you're running a mail server, to scan smtp traffic. I can't recommend a specific solution over another. My personal feeling is that most commercial "Linux Virus scan agents" are going to be snake oil.
More information about the colug-432