On Saturday 22 Oct 2011 15:22:20 Jonas de Buhr wrote: > Am Sat, 22 Oct 2011 13:43:53 +0200 > > schrieb Florian Philipp <li...@binarywings.net>: > > Am 22.10.2011 13:29, schrieb Nilesh Govindarajan: > > > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote: > > >> Hi All, > > >> > > >> I'm asked for a desktop antivirus (the box is running KDE) but I > > >> have never used an antivirus on Linux. This page that I googled > > >> > > >> up shows a number of them: > > >> http://www.makeuseof.com/tag/free-linux-antivirus-programs/ > > >> > > >> Meanwhile, portage only lists clamav under app-antivirus/. > > >> > > >> The machine in question is running kmail to receive/send messages > > >> from ISP mail servers and ssmtp to send log messages for relaying > > >> via said ISP. > > >> > > >> What have you tried and what would you recommend for such a > > >> desktop setup? > > > > > > IMHO, you don't need antivirus on a Linux box, unless you're going > > > to run a mail relay, where you are responsible for saving recipents > > > from viruses. > > > > I agree. Check that your ISP performs virus checks. If not or if you > > want to be extra sure, I think kmail can work with clamav -- at least > > it could in the old 3.x days when I still used it. > > > > > The simplest reason of all is, Linux doesn't know how to execute > > > Windows binaries. > > > > Well, this is an oversimplification. > > 1) Any box running Wine is possibly as exposed to your classic > > pretty-women.exe mail attachments as any windows systems. > > 2) You should also be worried about Open/LibreOffice macro viruses as > > well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla > > based exploits. > > or image rendering library bugs. or mono. or tricky multi-platform > viruses/worms. saying that linux based viruses don't exist is simply > wrong. there may not be much in the wild, but they definitely are out > there. > > it is probably more difficult to write a successful virus for linux > than for windows for a number or reasons but in principle the problem is > the same as on windows. > i think the main technical reason is the heterogeneity of the > installations. one or two local exploits and you can hit almost any > windows XP installation. in linux you have to deal with n combinations > of kernel-version, glibc-version, etc. and there is very little you can > depend on to be in a fixed location in memory since different compiler > options may already change that. there are ways around all this of > course[1], but its a lot of work. too much for the limited impact. > also, a lot of malware seems to depend on social engineering for > infection these days. i think thats going to work less good on a lot of > linux users because the system conditions you to think before you act. > > that aside, i predict that we will see some linux viruses or worms with > larger infections in the future. i guess the first ones will be for > ubuntu because it has a large base of rather consistent base > installations. > > /jonas > > -- > > [1] fun idea: something exploiting bugs in the usb storage subsystem or > file system handling code spreading to usb sticks. you could probably > even make that multi-platform if you find the needed bugs for different > OSes. > > > Still, keeping your system up-to-date and observing the freshly > > revived GLSA notifications is more likely to save your butt than > > clamav.
Thanks guys, good points. The USB vector reminds me of stuxnet, although this I understand was designed to infect Iranian MSWindows boxen. Anyway, the use case in point is to protect other MSWindows OS' when sending/forwarding office and pdf documents. So the user would like to be able to scan emails as they come in/sent out. Will clamav do this with KDE4? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.