On Sunday 18 April 2010, Michael Miles wrote: >On 04/18/2010 12:00 PM, Gene Heskett wrote: >> On Sunday 18 April 2010, Antonio Olivares wrote: >>> --- On Sun, 4/18/10, Daniel B. Thurman<dant@xxxxxxxxx> wrote: >>>> From: Daniel B. Thurman<dant@xxxxxxxxx> >>>> Subject: Re: Clamav >>>> To: "Community support for Fedora users"<users@xxxxxxxxxxxxxxxxxxxxxxx> >>>> Date: Sunday, April 18, 2010, 11:37 AM >>>> On 04/15/2010 12:50 PM, Patrick >>>> >>>> O'Callaghan wrote: >>>>> On Thu, 2010-04-15 at 12:22 -0700, Michael Miles >>>> >>>> wrote: >>>>>> I have removed all and I will wait for proper >>>> >>>> instruction as I really >>>> >>>>>> do not know enough about this OS >>>>> >>>>> Given that you say so yourself, the logical question >>>> >>>> is "why do you need >>>> >>>>> Clamav"? Clamav is usually installed by people running >>>> >>>> mail servers for >>>> >>>>> users who access them from Windows. >>>> >>>> Where is the proof that an AV is not needed for Linux sans >>>> w-dozs, >>>> regardless of the pathways to infection? ClamAV is >>>> not just for >>>> email-servers but for scanning infected drives. The >>>> effectiveness >>>> of virus detection is only as good as the design and the >>>> latest virus >>>> database, and even then, there is no guarantee against >>>> newly created >>>> viruses and its variants, and one could argue "damned if >>>> you do, damned >>>> if you don't", but I could argue 'Tis better to reduce the >>>> chances of >>>> infection, >>>> than none at all'? >>>> >>>>> If all you're doing is reading mail in Linux, it's >>>> >>>> extremely unlikely >>>> >>>>> that you even need it. In 35 years of using first Unix >>>> >>>> and then Linux, >>>> >>>>> I have yet to see a single virus that wasn't a >>>> >>>> proof-of-concept demo. >>>> >>>> Again, experiences makes proof, not. I prefer the >>>> data, please. >>>> >>>>> po >>>> >>>> I have a fully installed, F-12 w/ SELinux including >>>> clamav, >>>> spamassassin and it has found several rejected virus >>>> infected >>>> incoming email messages. If I get one again, I will be >>>> happy to >>>> post what the viruses are, as I just don't remember. >>>> Most of my >>>> viruses are coming from overseas, mostly cn and ru and via >>>> incoming email, not visited websites. We are talking >>>> about AV, >>>> not malware or other modes of attacks. >>>> >>>> As far as I know, clamav has not detected any infected >>>> local >>>> files but of course that does not mean there are NO >>>> viruses, >>>> just undetected ones, if any. >>>> >>>> And no, I do not run doz via wine nor virtualbox, on this >>>> Linux email >>>> system and it has a separate public IP address apart from >>>> another >>>> email system, (W-doz) exchange, again on a separate public >>>> IP address. >>>> Neither one of these email servers, 'talks' to one or >>>> another, nor >>>> overlaps, they are mutually exclusive. It is >>>> interesting to watch >>>> which of the two are infected and which is not. >>>> >>>> FWIW, >>>> Dan >>> >>> Dan, >>> >>> The virii that hit Michael's machine were via wine. In which case >>> ClamAV did not find them, Avira did. Most of your post is also correct. >>> If you have an email server it makes good sense to have antivirus to >>> scan incoming mail/messages and also send clean messages as well. >>> >>> It you have Selinux, Antivirus, Firewall, all enabled and configured >>> properly, virii should not make it into your machine but one is not >>> entirely 100% safe :( >>> >>> Again, it depends on experiences that one has had/has and you summoned >>> it up DAMMNED IF YOU DO, DAMMED IF YOU DON'T >>> >>> Regards, >>> >>> Antonio >> >> I have hoped that this thread would self-destruct. IMO it has no business >> on a linux oriented mailing list considering that this company has no >> visible, runs on linux products. To me, all it amounts to is tons of >> free advertising because some less than attentive person hosed his wine >> install with a windows virus. Excrement happens. Shrug. > >One other weird thing i forgot to mention. > >I install xp via wine 2 months ago. >Have not touched it since. > >Started scanning just to see a week ago. > >The files that were renamed by the virus were done two days ago, >according to time stamps. > >So this thing sat dormant until I started looking for them and that is >when it attacked. > >Now that's wild > Chuckle, bit of advice: Never take a knife to a gunfight. Question is, what did you do between that xp install and the attack? If it sat dormant for all that time, then the obvious conclusion is that the src of your xp install is itself hosed. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) You know, Callahan's is a peaceable bar, but if you ask that dog what his favorite formatter is, and he says "roff! roff!", well, I'll just have to... -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
