Re: Clamav

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: "Antonio Olivares" <oli[email protected]>
Sent: Sunday, 2010/April/18 11:48
> --- On Sun, 4/18/10, Daniel B. Thurman <[email protected]> wrote:
>> From: Daniel B. Thurman <[email protected]>
>> Subject: Re: Clamav
>> To: "Community support for Fedora users" <[email protected]>
>> Date: Sunday, April 18, 2010, 11:37 AM
>> On 04/15/2010 12:50 PM, Patrick
>> O'Callaghan wrote:
>> > On Thu, 2010-04-15 at 12:22 -0700, Michael Miles
>> wrote:
>> >
>> >> I have removed all and I will wait for proper
>> instruction as I really
>> >> do not know enough about this OS
>> >>
>> > Given that you say so yourself, the logical question
>> is "why do you need
>> > Clamav"? Clamav is usually installed by people running
>> mail servers for
>> > users who access them from Windows.
>> Where is the proof that an AV is not needed for Linux sans
>> w-dozs,
>> regardless of the pathways to infection?  ClamAV is
>> not just for
>> email-servers but for scanning infected drives.  The
>> effectiveness
>> of virus detection is only as good as the design and the
>> latest virus
>> database, and even then, there is no guarantee against
>> newly created
>> viruses and its variants, and one could argue "damned if
>> you do, damned
>> if you don't", but I could argue 'Tis better to reduce the
>> chances of
>> infection,
>> than none at all'?
>> > If all you're doing is reading mail in Linux, it's
>> extremely unlikely
>> > that you even need it. In 35 years of using first Unix
>> and then Linux,
>> > I have yet to see a single virus that wasn't a
>> proof-of-concept demo.
>> >
>> Again, experiences makes proof, not.  I prefer the
>> data, please.
>> > po
>> I have a fully installed, F-12 w/ SELinux including
>> clamav,
>> spamassassin and it has found several rejected virus
>> infected
>> incoming email messages. If I get one again, I will be
>> happy to
>> post what the viruses are, as I just don't remember.
>> Most of my
>> viruses are coming from overseas, mostly cn and ru and via
>> incoming email, not visited websites.  We are talking
>> about AV,
>> not malware or other modes of attacks.
>> As far as I know, clamav has not detected any infected
>> local
>> files but of course that does not mean there are NO
>> viruses,
>> just undetected ones, if any.
>> And no, I do not run doz via wine nor virtualbox, on this
>> Linux email
>> system and it has a separate public IP address apart from
>> another
>> email system, (W-doz) exchange, again on a separate public
>> IP address.
>> Neither one of these email servers, 'talks' to one or
>> another, nor
>> overlaps, they are mutually exclusive.  It is
>> interesting to watch
>> which of the two are infected and which is not.
>> FWIW,
>> Dan
>> -- 
> Dan,
> The virii that hit Michael's machine were via wine.  In which case ClamAV 
> did not find them, Avira did.  Most of your post is also correct.  If you 
> have an email server it makes good sense to have antivirus to scan 
> incoming mail/messages and also send clean messages as well.

They existed on disk and should have been detected. ClamAV has a disk scan
mode. ClamAV is not a total bust. Therefore another check to make sure the
files in question were not part of the wine install is worthwhile. I'd
expect ClamAV to avoid false alarms on wine. I'd not expect avira to
cater to a wine environment.

> It you have Selinux, Antivirus, Firewall, all enabled and configured 
> properly, virii should not make it into your machine but one is not 
> entirely 100% safe :(

100% is beyond reach on complex systems. We may be at the 99.% level and
are adding more 9s as suffixes. The question is how many 9s do you want
to spend CPU cycles on? That's a personal cost benefit tradeoff.


users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux