Re: Clamav

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/18/2010 11:48 AM, Antonio Olivares wrote:
>
> --- On Sun, 4/18/10, Daniel B. Thurman<dant@xxxxxxxxx>  wrote:
>
>    
>> From: Daniel B. Thurman<dant@xxxxxxxxx>
>> Subject: Re: Clamav
>> To: "Community support for Fedora users"<users@xxxxxxxxxxxxxxxxxxxxxxx>
>> Date: Sunday, April 18, 2010, 11:37 AM
>> On 04/15/2010 12:50 PM, Patrick
>> O'Callaghan wrote:
>>      
>>> On Thu, 2010-04-15 at 12:22 -0700, Michael Miles
>>>        
>> wrote:
>>      
>>>
>>>        
>>>> I have removed all and I will wait for proper
>>>>          
>> instruction as I really
>>      
>>>> do not know enough about this OS
>>>>
>>>>          
>>> Given that you say so yourself, the logical question
>>>        
>> is "why do you need
>>      
>>> Clamav"? Clamav is usually installed by people running
>>>        
>> mail servers for
>>      
>>> users who access them from Windows.
>>>        
>> Where is the proof that an AV is not needed for Linux sans
>> w-dozs,
>> regardless of the pathways to infection?  ClamAV is
>> not just for
>> email-servers but for scanning infected drives.  The
>> effectiveness
>> of virus detection is only as good as the design and the
>> latest virus
>> database, and even then, there is no guarantee against
>> newly created
>> viruses and its variants, and one could argue "damned if
>> you do, damned
>> if you don't", but I could argue 'Tis better to reduce the
>> chances of
>> infection,
>> than none at all'?
>>      
>>> If all you're doing is reading mail in Linux, it's
>>>        
>> extremely unlikely
>>      
>>> that you even need it. In 35 years of using first Unix
>>>        
>> and then Linux,
>>      
>>> I have yet to see a single virus that wasn't a
>>>        
>> proof-of-concept demo.
>>      
>>>
>>>        
>> Again, experiences makes proof, not.  I prefer the
>> data, please.
>>      
>>> po
>>>        
>> I have a fully installed, F-12 w/ SELinux including
>> clamav,
>> spamassassin and it has found several rejected virus
>> infected
>> incoming email messages. If I get one again, I will be
>> happy to
>> post what the viruses are, as I just don't remember.
>> Most of my
>> viruses are coming from overseas, mostly cn and ru and via
>> incoming email, not visited websites.  We are talking
>> about AV,
>> not malware or other modes of attacks.
>>
>> As far as I know, clamav has not detected any infected
>> local
>> files but of course that does not mean there are NO
>> viruses,
>> just undetected ones, if any.
>>
>> And no, I do not run doz via wine nor virtualbox, on this
>> Linux email
>> system and it has a separate public IP address apart from
>> another
>> email system, (W-doz) exchange, again on a separate public
>> IP address.
>> Neither one of these email servers, 'talks' to one or
>> another, nor
>> overlaps, they are mutually exclusive.  It is
>> interesting to watch
>> which of the two are infected and which is not.
>>
>> FWIW,
>> Dan
>>
>> -- 
>>      
> Dan,
>
> The virii that hit Michael's machine were via wine.  In which case ClamAV did not find them, Avira did.  Most of your post is also correct.  If you have an email server it makes good sense to have antivirus to scan incoming mail/messages and also send clean messages as well.
>
> It you have Selinux, Antivirus, Firewall, all enabled and configured properly, virii should not make it into your machine but one is not entirely 100% safe :(
>
> Again, it depends on experiences that one has had/has and you summoned it up DAMMNED IF YOU DO, DAMMED IF YOU DON'T
>
> Regards,
>
> Antonio
>
>
>
>    
That's what concerns me about Clamav.
It clearly did not trap any of these viruses and if it is the mainstream 
av scanner for Fedora then people could be in for a surprise if they run 
a different scanner on the system.



I have removed wine altogether and all virtualbox win installs.

If the virus definitions from Clamav is written for linux based viruses 
and not windows based then what real good is it.
All virus definitions should be included with the scan
Especially if Wine and virtualbox are running on a linux system

I just thank god the virus in question was not too severe and just 
renamed core windows files and appended .xxx to them making them easy to 
find but effectivly stopping xp from running

Michael


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux