[colug-432] Linux virus scan

[Rick Hornsby]

On Mar 24, 2012, at 15:12 PM, Bernie Clear wrote:

> Ok I know some of the big companies have been pushing their Linux Virus scan agents but haven't heard of anyone really using them. I want to hear fellow colugers thoughts on running virus scan agents to protect the Linux OS. 

I have used ClamAV once maybe in the past on linux desktop systems, but the reality is that I mostly don't bother.  Setting the argument over why aside for a moment, most of the viruses target and attack Windows.  One of the popular vectors is drive-by downloads via Internet Explorer.  There are some really simple, basic steps you can do to harden your Linux boxen:

- Turn off services you're not using and don't need (nfs, portmap, etc)
- Firewall off services you're using but don't need to be exposed to the interweb (nfs, portmap, etc)
- Don't use telnet or other unsecured protocols for connecting remotely, use ssh. (Is it really necessary to mention this?)
- Use secure passwords, and don't use the same password for your Facebook account that you use for your system login, or for your bank.
- If the link looks suspicious, don't click on it - or at least investigate it before you click on it.
- If you're really paranoid, use SELinux.  I personally do not do this, mostly because I haven't taken the time to understand how the infernal thing works.

One place I suppose I would recommend using a virus scanner is if you're running a mail server, to scan smtp traffic.  I can't recommend a specific solution over another.  My personal feeling is that most commercial "Linux Virus scan agents" are going to be snake oil.