1 |
On Saturday 22 Oct 2011 15:22:20 Jonas de Buhr wrote: |
2 |
> Am Sat, 22 Oct 2011 13:43:53 +0200 |
3 |
> |
4 |
> schrieb Florian Philipp <lists@×××××××××××.net>: |
5 |
> > Am 22.10.2011 13:29, schrieb Nilesh Govindarajan: |
6 |
> > > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote: |
7 |
> > >> Hi All, |
8 |
> > >> |
9 |
> > >> I'm asked for a desktop antivirus (the box is running KDE) but I |
10 |
> > >> have never used an antivirus on Linux. This page that I googled |
11 |
> > >> |
12 |
> > >> up shows a number of them: |
13 |
> > >> http://www.makeuseof.com/tag/free-linux-antivirus-programs/ |
14 |
> > >> |
15 |
> > >> Meanwhile, portage only lists clamav under app-antivirus/. |
16 |
> > >> |
17 |
> > >> The machine in question is running kmail to receive/send messages |
18 |
> > >> from ISP mail servers and ssmtp to send log messages for relaying |
19 |
> > >> via said ISP. |
20 |
> > >> |
21 |
> > >> What have you tried and what would you recommend for such a |
22 |
> > >> desktop setup? |
23 |
> > > |
24 |
> > > IMHO, you don't need antivirus on a Linux box, unless you're going |
25 |
> > > to run a mail relay, where you are responsible for saving recipents |
26 |
> > > from viruses. |
27 |
> > |
28 |
> > I agree. Check that your ISP performs virus checks. If not or if you |
29 |
> > want to be extra sure, I think kmail can work with clamav -- at least |
30 |
> > it could in the old 3.x days when I still used it. |
31 |
> > |
32 |
> > > The simplest reason of all is, Linux doesn't know how to execute |
33 |
> > > Windows binaries. |
34 |
> > |
35 |
> > Well, this is an oversimplification. |
36 |
> > 1) Any box running Wine is possibly as exposed to your classic |
37 |
> > pretty-women.exe mail attachments as any windows systems. |
38 |
> > 2) You should also be worried about Open/LibreOffice macro viruses as |
39 |
> > well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla |
40 |
> > based exploits. |
41 |
> |
42 |
> or image rendering library bugs. or mono. or tricky multi-platform |
43 |
> viruses/worms. saying that linux based viruses don't exist is simply |
44 |
> wrong. there may not be much in the wild, but they definitely are out |
45 |
> there. |
46 |
> |
47 |
> it is probably more difficult to write a successful virus for linux |
48 |
> than for windows for a number or reasons but in principle the problem is |
49 |
> the same as on windows. |
50 |
> i think the main technical reason is the heterogeneity of the |
51 |
> installations. one or two local exploits and you can hit almost any |
52 |
> windows XP installation. in linux you have to deal with n combinations |
53 |
> of kernel-version, glibc-version, etc. and there is very little you can |
54 |
> depend on to be in a fixed location in memory since different compiler |
55 |
> options may already change that. there are ways around all this of |
56 |
> course[1], but its a lot of work. too much for the limited impact. |
57 |
> also, a lot of malware seems to depend on social engineering for |
58 |
> infection these days. i think thats going to work less good on a lot of |
59 |
> linux users because the system conditions you to think before you act. |
60 |
> |
61 |
> that aside, i predict that we will see some linux viruses or worms with |
62 |
> larger infections in the future. i guess the first ones will be for |
63 |
> ubuntu because it has a large base of rather consistent base |
64 |
> installations. |
65 |
> |
66 |
> /jonas |
67 |
> |
68 |
> -- |
69 |
> |
70 |
> [1] fun idea: something exploiting bugs in the usb storage subsystem or |
71 |
> file system handling code spreading to usb sticks. you could probably |
72 |
> even make that multi-platform if you find the needed bugs for different |
73 |
> OSes. |
74 |
> |
75 |
> > Still, keeping your system up-to-date and observing the freshly |
76 |
> > revived GLSA notifications is more likely to save your butt than |
77 |
> > clamav. |
78 |
|
79 |
Thanks guys, good points. |
80 |
|
81 |
The USB vector reminds me of stuxnet, although this I understand was designed |
82 |
to infect Iranian MSWindows boxen. |
83 |
|
84 |
Anyway, the use case in point is to protect other MSWindows OS' when |
85 |
sending/forwarding office and pdf documents. So the user would like to be able |
86 |
to scan emails as they come in/sent out. |
87 |
|
88 |
Will clamav do this with KDE4? |
89 |
-- |
90 |
Regards, |
91 |
Mick |