I've recently made the switch from windows to linux, and am looking for a virus scanner.
I'm running redhat, can anyone recomend a good one to download? any help would be great...
Printable View
I've recently made the switch from windows to linux, and am looking for a virus scanner.
I'm running redhat, can anyone recomend a good one to download? any help would be great...
www.f-prot.com I think they have one. I think Norton and McAfee also have them, but I'm not sure.
Linux is pretty good at not having virii, although there are some. Anytime you download something, look at the source, and see what it looks like. You should be able to tell its a virii by that. Also most virii are made for the windows OS. But again, there are some virii for linux. Just be careful what you download.
http://www.bitdefender.com/html/bd_linux.php Freeware anti virus for Linux.
Good-luck
McAfee makes one for several OSs..FreeBSD included! I would also suggest subscribing to alert lists to keep your Linux system up to date. A good one to subscribe to is http://www.sans.org/newlook/digests/ They have a few there to choose from. you can also customize it for just the OSs you want to see.
A short list over good AV scanners for Linux and Unix.
Quote:
source: NOD32
NOD32 for UNIX
It is no industry secret - everybody knows native UNIX viruses are rare. Still, an anitivirus system for UNIX make sense. In many heterogeneous networks viruses and worms pass through UNIX systems to infect their targets on other platforms. NOD32 for UNIX is capable of handling such problems.
Find out more
Quote:
source: Trend Micro
ServerProtect for Linux
ServerProtect™ software provides real-time antivirus scanning for Linux™ servers, detecting and removing viruses from files and compressed files in real time - before they reach the end user. Administrators can use a Web-based console for management of virus outbreaks, virus scanning, virus pattern file updates, and notifications.
Find out more
Quote:
source: Kaspersky
Kaspersky Anti-Virus for *nix
The world's first comprehensive anti-virus defence solution for workstations running on the Linux platform. The program is compatible with all of the most popular Linux versions, in-cluding Red Hat, Slackware, SuSE, Mandrake, and others utilised by the NSS version 1.x. Basic components: An...
Find out more
All of the above solutions are good but I do like NOD32 best since it's the fastest scanner I know and it takes less resources then any other scanner I have used before.. It has not as many features as other solutions but for my personal use is this the perfect solution.Quote:
source: Sophos
Sophos Anti-Virus for Unix
Sophos Anti-Virus for Unix is virus detection and disinfection software which can be installed on Unix file servers and workstations. It operates in scheduled and on-demand modes, checking local and remote file systems and networks for the presence of viruses. Its unique architecture intelligently determines which files need to be virus checked, maximising user transparency and minimising performance overhead.
Find out more
But to buy a AV scanner is almost like to buy a car.. Its all individual what you like and what works for you.. The only good solution is to try them all and see which of them you like best :).
~micael
Mandrake use to include AVP (now known as kaspersky labs) virus scanner in its powerpack edition. I've installed it before but never came across a linux virus for it to block. You also may want to look into rootkit scanners. Check out http://chkrootkit.org for a good one.
There are few viruses for Linux/Unix and IMO the main purpose to install a scanner on Linux is to protect your border: mail, samba & windows shares.
As complement to a AV solution would I suggest to install a tools like Tripwire , Snort . There are ofcourse many other solutions and tools to use as Xinetd, tcpwrappers etc, etc. But this thread was about antivirus scanners and to cover all other solutions would be to big task to do for me today.Quote:
It is no industry secret - everybody knows native UNIX viruses are rare. Still, an anitivirus system for UNIX make sense. In many heterogeneous networks viruses and worms pass through UNIX systems to infect their targets on other platforms.
Tools are good but even more important is to be aware of the risks and keep your system up-to-date (mailinglists, news) and do not run more services then you need. A good tool to read/monitor logfiles are also of great importance.Quote:
Tripwire
Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintanence, and functionality.
Snort
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
xinetd
xinetd is a secure replacement for inetd.
tcpwrappers
With tcpwrappers can you monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services.
~micael
Thanks for the help people!
now the fun part is gonna be trying to install one! lol
linux is'nt to forgiving when your a beginner...
cheers.
The beauty of open source. Never download any pre-compiled software…
I have never needed an Anti-Virus for Linux, and I have only come accross 16 UNIX viruses durring all my internet surfing. But if you really want to install an Anti-Virus then I suggest that you install Tripwire.
Tripwire is a good product but it's not a antivirus solution.
*nix has seldom virus but as popularity rises more and more threats will be discovered and a good antivirus solution is always a good and wise choice.
Quote:
What is tripwire?
Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintanence, and functionality.
Source: http://www.tripwire.org/qanda/faq.php
Bear in mind, your best defense against actual *nix viruses is never to run unknown executables as root. Although I've heard of one or two Linux viruses that use exploits to attempt to gain root access, none of them can succeed with current kernels. Following good security practices should prevent any Linux virus from harming anymore then one user's files.
Has anybody heard of using a *nix box to read McAfee or Norton's AV DAT's to scan networks for viri (sp)?
The McAfee virus scanner for *nix is supposed to work for all flavors, including Linux... if you want to pay for it. Symantec is working on a *nix version as well. So far, the McAfee product scan it's host server only, but testing is still going on to have it work across the network as well. The closest thing to providing any other good information we have seen has been from NESSUS, but we are still getting some false-positives there as well. :jams: