1 |
Tony Caudel wrote: |
2 |
> I am currently using the clamv anti-virus program. I was wondering if there |
3 |
> is a better one for Gentoo, especially one that integrates well with |
4 |
> Thunderbird. That has been my one disappointment with clamav. Not |
5 |
> necessarily clamav's fault since T/B maintains its emails in one long file. |
6 |
> |
7 |
> Tony |
8 |
> |
9 |
|
10 |
I am extremely pleased with Antivir (aka Avira) and its realtime LKM, |
11 |
Dazuko! |
12 |
|
13 |
1. The Antivir database and heuristics contain dozens of Linux-specific |
14 |
rootkits and Trojans. These in addition to Windows sigs. FWICT, the |
15 |
only freeware AntiMalware that take Linux seriously (Kaspersky payware |
16 |
does). |
17 |
|
18 |
2. With Dazuko - a LKM, developed by AntiVir/Avira which provides |
19 |
real-time, on-access (read/write) scanning within directories you |
20 |
specify in configuration. I scan mail (in a chroot jail), browser and |
21 |
downloads (within a chroot jail, within RamDisk), Portage and portage |
22 |
work areas, and /home. |
23 |
|
24 |
Given that emerges are done with Root privilege, this scanning for |
25 |
signatures may keep your box from being borked, should someone hack a |
26 |
distribution site, or poison the DNS system, or etc. |
27 |
|
28 |
3. Recent testing by Windows testers indicate that Antivir is now one |
29 |
of the better windows AV's, and that their heuristics are quite |
30 |
effective. I'd guess the same to be true for 'ix. |
31 |
|
32 |
4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left |
33 |
unrepaired because I think it's so great: |
34 |
|
35 |
"ANTIVIR 2008-05-05_05:49:12.39449 Mon May 5 01:49:12 2008 WARNING: |
36 |
file '/etc/openvpn/trustconnect/pwd' is group or others accessible" |
37 |
|
38 |
5. its heuristics have notified me of XSS script attacks (at test sites) |
39 |
after scanning scripts loaded into the browser cache, with "suspicious |
40 |
script" warnings - and blocking that script from use by the browser. The |
41 |
only other tool of similar function that I know of is "NoScript", an |
42 |
extension for use in FireFox. |
43 |
|
44 |
6. I run WAN/LAN-connected applications in chroot jails (Grsecurity |
45 |
Hardened). Anything downloaded into a browser jail, lftp or TBird jail |
46 |
is moved to a "download" area via a script that invokes a deep scan by |
47 |
Antivir after it gets there. Dazuko invokes a second scan, as it also |
48 |
monitors that area. |
49 |
|
50 |
7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other |
51 |
AntiMalwares, or customized to respond to user-created tests (e.g. |
52 |
changed file). |
53 |
|
54 |
8. Linux and Unix oldtimers will scoff at real-time malware scanning - |
55 |
but I'm convinced that in todays world, realtime scanning is one |
56 |
important thing (perhaps the only thing) that we can learn from Windows. |
57 |
|
58 |
HTH |
59 |
|
60 |
|
61 |
|
62 |
-- |
63 |
gentoo-user@l.g.o mailing list |