[wellylug] email virus scanners

Jethro Carr jethro.carr at jethrocarr.com
Fri Dec 29 20:33:02 NZDT 2006 

On Fri, 2006-12-29 at 18:10 +1100, CarlTurney wrote:
> Hi Folks,
> 
> On the issue of LINUX and virii (or viruses)...
> 
> I've got two articles about LINUX and malware (one on paper, and one on my
> hard disk, both on their way to Wellington with me this weekend).  These 2-3
> year-old articles mentioned at least a dozen examples of malware, under the
> categories of virus, worms, etc.

are these examples actually in-the-wild programs? or are they proof-of-
concept examples?

There have been viruses released to prove a particular security flaw, or
possible attack vector, but I'm not really aware of any out in the wild
that could attack an up2date system.


What you should really want to know is if there is:
- any malware that can exploit a users computer without being run by the
user?
- any malware that can exploit a security flaw in a system service or
kernel to gain root access?

Anything that has to be run by the user doesn't really count - I could
write a bash script that deletes all the user's files if they are stupid
enough to run it without seeing what it does... but this threat doesn't
really count. :-)


> I am in the same boat as the originator of this thread:  Just migrating from
> Windoze to Fedora Core.
> 
> As to what -I- do:
> 
> I installed "clamav", which is the only shareware antivirus program
> specifically made for LINUX that I know of.

ClamAV is actually OSS, not shareware.

http://en.wikipedia.org/wiki/Open-source_software
http://en.wikipedia.org/wiki/Shareware

There's actually quite a difference in the two terms. :-)



> I regularly run "pup" (?), to ensure that my  Firefox, Thunderbird, clamav,
> kernel, etc. are all up to date.

not aware of what pup is... if you use fedora, you should be using yum
to update...?


> I don't know to what extent accepting SELINUX at system install time, and
> ensuring its settings are appropriate, has an effect on (email-based)
> malware.  I disabled it (because I'm a virtual newbie and found the
> complexity of running it beyond my ageing brain cells' ability).

selinux is a very complicated software that has it target audience.
However, it's not really beneficial for the average user, and can cause
far more headaches than benefits.


Basically, apply the following rule:

If you understand the concept of selinux and are able to write your own
custom selinux policies for your purposes, selinux is suitable for you.

Otherwise, it's not really going to help. (my $0.02 - some people may
disagree with this.)


-- 
Jethro Carr

www.jethrocarr.com
www.jethrocarr.com/index.php?page=cv/cv.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20061229/26aef2f1/attachment.pgp

More information about the wellylug mailing list