1 |
On 20:13 Fri 09 May , 7v5w7go9ub0o wrote: |
2 |
> I am extremely pleased with Antivir (aka Avira) and its realtime LKM, |
3 |
> Dazuko! |
4 |
> |
5 |
> 1. The Antivir database and heuristics contain dozens of Linux-specific |
6 |
> rootkits and Trojans. These in addition to Windows sigs. FWICT, the only |
7 |
> freeware AntiMalware that take Linux seriously (Kaspersky payware does). |
8 |
> |
9 |
> 2. With Dazuko - a LKM, developed by AntiVir/Avira which provides |
10 |
> real-time, on-access (read/write) scanning within directories you specify |
11 |
> in configuration. I scan mail (in a chroot jail), browser and downloads |
12 |
> (within a chroot jail, within RamDisk), Portage and portage work areas, and |
13 |
> /home. |
14 |
> |
15 |
> Given that emerges are done with Root privilege, this scanning for |
16 |
> signatures may keep your box from being borked, should someone hack a |
17 |
> distribution site, or poison the DNS system, or etc. |
18 |
> |
19 |
> 3. Recent testing by Windows testers indicate that Antivir is now one of |
20 |
> the better windows AV's, and that their heuristics are quite effective. I'd |
21 |
> guess the same to be true for 'ix. |
22 |
> |
23 |
> 4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left |
24 |
> unrepaired because I think it's so great: |
25 |
> |
26 |
> "ANTIVIR 2008-05-05_05:49:12.39449 Mon May 5 01:49:12 2008 WARNING: file |
27 |
> '/etc/openvpn/trustconnect/pwd' is group or others accessible" |
28 |
> |
29 |
> 5. its heuristics have notified me of XSS script attacks (at test sites) |
30 |
> after scanning scripts loaded into the browser cache, with "suspicious |
31 |
> script" warnings - and blocking that script from use by the browser. The |
32 |
> only other tool of similar function that I know of is "NoScript", an |
33 |
> extension for use in FireFox. |
34 |
> |
35 |
> 6. I run WAN/LAN-connected applications in chroot jails (Grsecurity |
36 |
> Hardened). Anything downloaded into a browser jail, lftp or TBird jail is |
37 |
> moved to a "download" area via a script that invokes a deep scan by Antivir |
38 |
> after it gets there. Dazuko invokes a second scan, as it also monitors |
39 |
> that area. |
40 |
> |
41 |
> 7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other |
42 |
> AntiMalwares, or customized to respond to user-created tests (e.g. changed |
43 |
> file). |
44 |
> |
45 |
> 8. Linux and Unix oldtimers will scoff at real-time malware scanning - but |
46 |
> I'm convinced that in todays world, realtime scanning is one important |
47 |
> thing (perhaps the only thing) that we can learn from Windows. |
48 |
> |
49 |
> HTH |
50 |
> |
51 |
|
52 |
I think alot of old-timers also realize that, unless you specifically |
53 |
allow something to run, then it can't hurt you. |
54 |
|
55 |
Chances are, unless you are allowing XSS and are surfing sites you can't |
56 |
trust, you're close to bullet-proof, with the exception of program |
57 |
exploits that you really can't do anything about. |
58 |
|
59 |
-- |
60 |
gentoo-user@l.g.o mailing list |