| 1 |
On Saturday 22 Oct 2011 15:22:20 Jonas de Buhr wrote: |
| 2 |
> Am Sat, 22 Oct 2011 13:43:53 +0200 |
| 3 |
> |
| 4 |
> schrieb Florian Philipp <lists@×××××××××××.net>: |
| 5 |
> > Am 22.10.2011 13:29, schrieb Nilesh Govindarajan: |
| 6 |
> > > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote: |
| 7 |
> > >> Hi All, |
| 8 |
> > >> |
| 9 |
> > >> I'm asked for a desktop antivirus (the box is running KDE) but I |
| 10 |
> > >> have never used an antivirus on Linux. This page that I googled |
| 11 |
> > >> |
| 12 |
> > >> up shows a number of them: |
| 13 |
> > >> http://www.makeuseof.com/tag/free-linux-antivirus-programs/ |
| 14 |
> > >> |
| 15 |
> > >> Meanwhile, portage only lists clamav under app-antivirus/. |
| 16 |
> > >> |
| 17 |
> > >> The machine in question is running kmail to receive/send messages |
| 18 |
> > >> from ISP mail servers and ssmtp to send log messages for relaying |
| 19 |
> > >> via said ISP. |
| 20 |
> > >> |
| 21 |
> > >> What have you tried and what would you recommend for such a |
| 22 |
> > >> desktop setup? |
| 23 |
> > > |
| 24 |
> > > IMHO, you don't need antivirus on a Linux box, unless you're going |
| 25 |
> > > to run a mail relay, where you are responsible for saving recipents |
| 26 |
> > > from viruses. |
| 27 |
> > |
| 28 |
> > I agree. Check that your ISP performs virus checks. If not or if you |
| 29 |
> > want to be extra sure, I think kmail can work with clamav -- at least |
| 30 |
> > it could in the old 3.x days when I still used it. |
| 31 |
> > |
| 32 |
> > > The simplest reason of all is, Linux doesn't know how to execute |
| 33 |
> > > Windows binaries. |
| 34 |
> > |
| 35 |
> > Well, this is an oversimplification. |
| 36 |
> > 1) Any box running Wine is possibly as exposed to your classic |
| 37 |
> > pretty-women.exe mail attachments as any windows systems. |
| 38 |
> > 2) You should also be worried about Open/LibreOffice macro viruses as |
| 39 |
> > well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla |
| 40 |
> > based exploits. |
| 41 |
> |
| 42 |
> or image rendering library bugs. or mono. or tricky multi-platform |
| 43 |
> viruses/worms. saying that linux based viruses don't exist is simply |
| 44 |
> wrong. there may not be much in the wild, but they definitely are out |
| 45 |
> there. |
| 46 |
> |
| 47 |
> it is probably more difficult to write a successful virus for linux |
| 48 |
> than for windows for a number or reasons but in principle the problem is |
| 49 |
> the same as on windows. |
| 50 |
> i think the main technical reason is the heterogeneity of the |
| 51 |
> installations. one or two local exploits and you can hit almost any |
| 52 |
> windows XP installation. in linux you have to deal with n combinations |
| 53 |
> of kernel-version, glibc-version, etc. and there is very little you can |
| 54 |
> depend on to be in a fixed location in memory since different compiler |
| 55 |
> options may already change that. there are ways around all this of |
| 56 |
> course[1], but its a lot of work. too much for the limited impact. |
| 57 |
> also, a lot of malware seems to depend on social engineering for |
| 58 |
> infection these days. i think thats going to work less good on a lot of |
| 59 |
> linux users because the system conditions you to think before you act. |
| 60 |
> |
| 61 |
> that aside, i predict that we will see some linux viruses or worms with |
| 62 |
> larger infections in the future. i guess the first ones will be for |
| 63 |
> ubuntu because it has a large base of rather consistent base |
| 64 |
> installations. |
| 65 |
> |
| 66 |
> /jonas |
| 67 |
> |
| 68 |
> -- |
| 69 |
> |
| 70 |
> [1] fun idea: something exploiting bugs in the usb storage subsystem or |
| 71 |
> file system handling code spreading to usb sticks. you could probably |
| 72 |
> even make that multi-platform if you find the needed bugs for different |
| 73 |
> OSes. |
| 74 |
> |
| 75 |
> > Still, keeping your system up-to-date and observing the freshly |
| 76 |
> > revived GLSA notifications is more likely to save your butt than |
| 77 |
> > clamav. |
| 78 |
|
| 79 |
Thanks guys, good points. |
| 80 |
|
| 81 |
The USB vector reminds me of stuxnet, although this I understand was designed |
| 82 |
to infect Iranian MSWindows boxen. |
| 83 |
|
| 84 |
Anyway, the use case in point is to protect other MSWindows OS' when |
| 85 |
sending/forwarding office and pdf documents. So the user would like to be able |
| 86 |
to scan emails as they come in/sent out. |
| 87 |
|
| 88 |
Will clamav do this with KDE4? |
| 89 |
-- |
| 90 |
Regards, |
| 91 |
Mick |
Archives