I searched past posts and it doesn't look like we've ever discussed this so I am going to throw it out there.

http://forum.defcon.org/search.php?searchid=14293
http://forum.defcon.org/search.php?searchid=14294

Is anyone using Antivirus software for their Linux workstations?

If so, what product and why?

Is anyone using Antivirus software for their Linux workstations?

If so, what product and why?

F-Prot, because I'm lazy and I bought both Win and Linux licenses at the same time.

I run Kaspersky on all my linux boxen, only A/V I trust and recommend too - one of the best out there over all, heuristics are top notch with very low probability of false positives. If you're looking for a good antivirus solution, what you get is more than worth what you pay.

http://www.kasperskylabs.com/products.html

Qu|rk-

F-Prot, because I'm lazy and I bought both Win and Linux licenses at the same time.



DUDE! f-prot has not one, but TWO of my favorite features:

1) Free
2) Command line

Good shit.

Thats slick..
I've always used F-prot on my winblows box/partition..
/me go's and downloads for BSD.... (props to F-prot!!)

I don't use anti-virus on the only linux computer i use. It's a school computer i dual booted with 98 and redhat. I don't really give a fuck if anyone gets a virus on it. FDisk is my anti-virus.

FDISK, although in your eyes is an antivirus..it's only effective if the floppy drive is working, the bios can see it, or you have a way to access the fdisk executable which many of the nasty virii out there kill... it also completely throws any concept of time management out the window, even if you did that, and then ghosted it... Chris pointed out F-prot for linux is free... so why not use it? Just a thought...

Qu|rk-

I'm trying to get my boss to purchase an F-Prot license for our qmail/Solaris mailserver. I have the trial version running now, and it was ridiculously easy to deploy (it even comes with a drop-in qmail-queue replacement).

Beagle.K was the motivating factor for this... it generated one of the sneakiest virus messages I've ever seen:


Dear user of e-mail server "Colostate.edu",

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

Please, read the attach for further details.

Attached file protected with the password for security reasons. Password is 17572.

Best wishes,
The Colostate.edu team
http://www.colostate.edu


Fortunately for us, everyone here reads their mail with dtmail or PINE...

I've used F-Prot for at least 10 years, starting back in the day of the DOS boot sector viruses. I've remained virus free, maybe in part to F-PROT but probably more because of common sense. Anyway, glad that folks are finding it useful.

I've used F-Prot for at least 10 years, starting back in the day of the DOS boot sector viruses. I've remained virus free, maybe in part to F-PROT but probably more because of common sense. Anyway, glad that folks are finding it useful.


I agree that it is probably more due to common sense. I have never had a virus (well...not a computer virus ;)) either.

But back to topc, I just set up two cron jobs, one to update the F-Prot defs daily, and then five minutes later to scan with F-Prot. I had not used this program before you posted it and I am very impressed. Thanks.

Gonna have to snag f-prot after all this, great thread I always wanted to know as to what anti-virus solutions linux has. As for windows, I havnt gone after f-prot, i use AVG any reasons to switch to F-Prot?

Gonna have to snag f-prot after all this, great thread I always wanted to know as to what anti-virus solutions linux has. As for windows, I havnt gone after f-prot, i use AVG any reasons to switch to F-Prot?

I have a 'clean' laptop that I use only for connecting to VPNs. It has most of the major vendor AV programs. I really don't see much of a difference between any of them from a end user point of view. A sysadmin would probably have more relevant things to say, especially when it comes to scanning email.

http://clamav.sf.net (clamav.sf.net)

ClamAV is a free, open source project that runs on *nix and it's version is also availiable for windows.

I use it on my mail server & windows pc's at office. nice tool. Perfectly managed virus database.

Check there website for more information.

http://clamav.sf.net (clamav.sf.net)

ClamAV is a free, open source project that runs on *nix and it's version is also availiable for windows.

I use it on my mail server & windows pc's at office. nice tool. Perfectly managed virus database.

Check there website for more information.


Have you had any infections in the past? Has this products actually worked for you?

I use it for 2 - 3 month's now and I think it does it's job well.

though I havn't done in depth research, I DID test it.

I recive less noise from dumb users, and I guess it's not because number of viruses and warms for win32 has decriesed with time.

and I choose it over kaspersky and Dr.Web as I use only free(open source) software (on machines under my responsibility).

I haven't used any other antivirus on linux, so I can't provide comparisons.

if it works for me doesn't nessarily mean that it will for you, but I think it defenetly might.

My mail server had never had any virus on it.

as for users it's not that easy to say from where the virus came, but as far as i know my users had had no viral e-mails since i installed antispam/antivirus on server.

I use it for 2 - 3 month's now and I think it does it's job well.

though I havn't done in depth research, I DID test it.

I recive less noise from dumb users, and I guess it's not because number of viruses and warms for win32 has decriesed with time.

and I choose it over kaspersky and Dr.Web as I use only free(open source) software (on machines under my responsibility).

I haven't used any other antivirus on linux, so I can't provide comparisons.

if it works for me doesn't nessarily mean that it will for you, but I think it defenetly might.


I am running f-prot now. I will DL the Linux version of Clam and test the two side by side for a month or so and let you know what I find.

well i've just downloaded f-prot, and clamAV is next up. my first impression is to like clamAV because it has debian packages that are packaged my a known maintainer and they are going to be included in the next official release of debian (sarge). which also means they adhear to a strict guideline of "opensouceness" ;)

f-prot does have deb packages as well, but not official or ever going to be. their liscense is more restrictive but not really a real issue for any "home user". also the deb package dumps everything in /usr/local/f-prot, although i would have expected and at least liked the option to have the conf files or def put in /etc and maybe the def update scripts put in /usr/bin. anyway, some particulars. all can be changed manually.

i'll post with my finial verdict on how both work, behave etc when i'm done. i imagine the results will be pretty equal.

simon

I am running f-prot now. I will DL the Linux version of Clam and test the two side by side for a month or so and let you know what I find.
After using it for five months, I haven't had any problems with ClamAV except for a scanning time which is longer than I'm comfortable with:

-- summary --
Known viruses: 21857
Scanned directories: 19518
Scanned files: 323767
Infected files: 2
Data scanned: 13921.50 MB
I/O buffer size: 131072 bytes
Time: 5364.687 sec (89 m 24 s)

Running on a dual Pentium 3, 1GHz system with 512MB of RAM, an hour and a half is longer than I would expect for that amount of data. Although several gigabytes of information is contained within compressed BZip2 archives, the software would be considerably more effective if it was modified to make proper use of a SMP environment.

One noteworthy feature which was quite helpful is the threaded clamd server, which allows for centralized scanning of a network. I haven't tested the actual bandwidth requirements of that system, however I would suspect that it would be substantial.