Anti-Virus on Linux
This is a discussion about Anti-Virus on Linux in the Linux Software category; Hello All! As many of you know, I still consider myself a new linux user. I have seen different threads on this subject, and would like some input from the knowledgeable community here. I saw over the weekend that McAfee ofers virus protection for linux, and has identified a worm from 2002, the slapper worm.
Hello All!
As many of you know, I still consider myself a new linux user. I have seen different threads on this subject, and would like some input from the knowledgeable community here. I saw over the weekend that McAfee ofers virus protection for linux, and has identified a worm from 2002, the slapper worm. Is this something that the linux community, and or distro developers have dealt with? I am running SuSe 9.3, is there a risk to my system, and or my privacy? Is this something I should re-take a look at and consider purchasing and installing on my system? Does anyone here believe that as the popularity of linux grows that the danger of malicious programs grows also, and is this kind of product the answer. One of the main reasons I switched to linux from M$ windows was security. Of course, now I know the other HUGE benefits of a linux system (well, some of them anyway). Any how, any thoughts or insights on this topic?
Thanks
Justbill
this is a link to McAfee site, about slapper worm http://vil.nai.com/vil/content/v_99693.htm#VirusChar .com
As many of you know, I still consider myself a new linux user. I have seen different threads on this subject, and would like some input from the knowledgeable community here. I saw over the weekend that McAfee ofers virus protection for linux, and has identified a worm from 2002, the slapper worm. Is this something that the linux community, and or distro developers have dealt with? I am running SuSe 9.3, is there a risk to my system, and or my privacy? Is this something I should re-take a look at and consider purchasing and installing on my system? Does anyone here believe that as the popularity of linux grows that the danger of malicious programs grows also, and is this kind of product the answer. One of the main reasons I switched to linux from M$ windows was security. Of course, now I know the other HUGE benefits of a linux system (well, some of them anyway). Any how, any thoughts or insights on this topic?
Thanks
Justbill
this is a link to McAfee site, about slapper worm http://vil.nai.com/vil/content/v_99693.htm#VirusChar .com
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Responses to this topic
As far as I am aware, the virus would need root privialges in order to do anything, which is not likely unless you are silly enough to login as root.
I have linux and windows systems networked at my home so I use a virus scanner on my linux box, just for peace of mind. I use the f-prot antivirus for linux, it is free for home use.
I have linux and windows systems networked at my home so I use a virus scanner on my linux box, just for peace of mind. I use the f-prot antivirus for linux, it is free for home use.
This virus dates back to 2002. I'm no expert on this, but it looks to me that the virus affects older versions of Apache and OpenSSL. I doubt that this is a problem for most users, given it attacks older Apache Web Servers and obsolete OpenSSL.
OP
Soooooooo,
I downloaded the RPM for f-prot, right clicked on the rpm icon in my home folder, and clicked Open with Yast, and, and, and, and,,,,,,,,,,,Nothin! And yes I did chmod a+x. What, pray tell am I doing wrong here? I had the same issue last week trying to install the game maelstrom. Whats up with that? This is the only thing I am unhappy with on this OS (SuSe9.3). Can't seem to install stuff easily
Justbill
I downloaded the RPM for f-prot, right clicked on the rpm icon in my home folder, and clicked Open with Yast, and, and, and, and,,,,,,,,,,,Nothin! And yes I did chmod a+x. What, pray tell am I doing wrong here? I had the same issue last week trying to install the game maelstrom. Whats up with that? This is the only thing I am unhappy with on this OS (SuSe9.3). Can't seem to install stuff easily
Justbill
Yes I noticed the date of the virus as well danleff, however I thought it probably would still be propigating in the wild some place, you never now.
I don't use apache or openssl, o i have no idea if it still a problem, i guess it wouldn't be though.
Justbill, f-prot doesnt have a GUI. If you installed it then it should be running in the background. You update the virus signature s via command prompt by typing in something like this, as root.
/usr/local/f-prot/tools/check-updates.pl
heres a link for help
http://www.f-prot.com/support/helpfiles/unix/workstation/man_updt.html
I don't use apache or openssl, o i have no idea if it still a problem, i guess it wouldn't be though.
Justbill, f-prot doesnt have a GUI. If you installed it then it should be running in the background. You update the virus signature s via command prompt by typing in something like this, as root.
/usr/local/f-prot/tools/check-updates.pl
heres a link for help
http://www.f-prot.com/support/helpfiles/unix/workstation/man_updt.html
Justbill, try the other selection when you 'click' on the .rpm that you downloaded. "use directory as source for yast" then password, when it then says source add 'O.K' then do 'install with yast' bit.
> clamav < and > antivir < are both good free antivirus scanners as well but command line to use, quiet easy thou. ( antivir needs danku installed first) check their sites out.
clamav > www.clamav.net <
antivir > www.antivir.de < (click the english flag)
Like mention above, Linux not a great problem with normal user, but always good to stop them spreading thru you to your friends out of courtesy.
.........
Regards,
Ian.
,,.....,,
~~~
"@|@"
^
*
________________________________________________
"...Intelligent people don't call people stupid!
-only stupid people, call other's stupid!..."
"...If you want something done well!
-leave it in the microwave overnight!..."
________________________________________________
> clamav < and > antivir < are both good free antivirus scanners as well but command line to use, quiet easy thou. ( antivir needs danku installed first) check their sites out.
clamav > www.clamav.net <
antivir > www.antivir.de < (click the english flag)
Like mention above, Linux not a great problem with normal user, but always good to stop them spreading thru you to your friends out of courtesy.
.........
Regards,
Ian.
,,.....,,
~~~
"@|@"
^
*
________________________________________________
"...Intelligent people don't call people stupid!
-only stupid people, call other's stupid!..."
"...If you want something done well!
-leave it in the microwave overnight!..."
________________________________________________
I use clam to root out windows bugs, but I have no worries about any wild linux viruses. After a little snooping I found info on 3 Viruses found in wild that infect old apache/Openssl, but nothing that can get through a modern kernel on a limited account. Don't surf the web as root and you need only scan to protect your unfortunate Windows using buddies. Now If sombody knows you use a particular kernel, and convinces you to download and install a root-kit you can get zombified. So don't install crap from people who know you,don't like you much, and can hack with some skill.
There is a front-end to Fprot Anti-Virus. The rpm here contains
both Fprot plus it's front-end Xfprot:
http://distro.ibiblio.org/pub/linux/dist...-4.6.2.i386.rpm
After installing - create a link on your desktop to the executable 'xfprot'.
This program also allows you to download new virus signatures at mouse point, etc ...
Requirements:
GTK 2.0x
Original source: http://web.tiscali.it/sharp/xfprot/
both Fprot plus it's front-end Xfprot:
http://distro.ibiblio.org/pub/linux/dist...-4.6.2.i386.rpm
After installing - create a link on your desktop to the executable 'xfprot'.
This program also allows you to download new virus signatures at mouse point, etc ...
Requirements:
GTK 2.0x
Original source: http://web.tiscali.it/sharp/xfprot/
It is quite simple if you use KDE and Kmail. Install clamav and in Kmail under the Tools menu select antivirus wizard. It's easy and it works. You can also install spamassassian and in Kmail under the same menu select antispam wizard.
You really have very little to worry about in Linux but it does prevent you from passing a virus to others who persist in using ms windows.
You really have very little to worry about in Linux but it does prevent you from passing a virus to others who persist in using ms windows.
I would recommend clamav. Libre and it works great as well.
I'm using clamav with the KlamAV GUI, which makes it very easy to set up and use. No problem at all installing or doing setup and no need to work from a command line, if you are more comfortable with a GUI.
Regards,
zenarcher
Regards,
zenarcher
OP
So, does this clamav work alright with Gnome? Also, I will be re-configuring my firewall this weekend for NFS and a shared printer, will clamav be a problem with this?
Justbill
Afterthought: I am back to FC4 on my main box, and now have CentOS 4.2 on a 2nd box.
Justbill
Afterthought: I am back to FC4 on my main box, and now have CentOS 4.2 on a 2nd box.
I'm not able to answer that one for you, Bill....I use KDE here and don't use a shared printer. I'm sure someone will come up with info for you on that.
Regards,
zenarcher
Regards,
zenarcher
does this clamav work alright with Gnome?
Clamav will work with Gnome. I can't advise on the GUI since I use KDE. Try KDE, install Klamav and see how you like it. KDE is far more complete as a desktop than is Gnome.
Some application GUIs will work with KDE or Gnome.
Clamav will work with Gnome. I can't advise on the GUI since I use KDE. Try KDE, install Klamav and see how you like it. KDE is far more complete as a desktop than is Gnome.
Some application GUIs will work with KDE or Gnome.
OP
Thats a matter of personal preference! I have all the KDE apps in Gnome, and prefer the uncluttered desktop of Gnome.
Justbill
P.S. when I installed FC4, I installed "Everything", and a large amount of the stuff I use is KDE, but I have the Gnome desktop
Justbill
P.S. when I installed FC4, I installed "Everything", and a large amount of the stuff I use is KDE, but I have the Gnome desktop
How do I get xfprot installed?
I installed fprot from here:
http://www.f-prot.com/download/trial_forms/linux-ws-rpm.html
But when I try and install xfprot it says f-prot is missing as well as linux-gate.so.1, libintl.so.3, and perl-libwww.
F-prot seems to be installed fine:
Code:
Thanks,
Will
[Edited by war59312 on 2006-02-11 06:05:22]
I installed fprot from here:
http://www.f-prot.com/download/trial_forms/linux-ws-rpm.html
But when I try and install xfprot it says f-prot is missing as well as linux-gate.so.1, libintl.so.3, and perl-libwww.
F-prot seems to be installed fine:
Code:
$ f-prot -vernoF-PROT ANTIVIRUSProgram version: 4.6.6Engine version: 3.16.14VIRUS SIGNATURE FILESSIGN.DEF created 9 February 2006SIGN2.DEF created 9 February 2006MACRO.DEF created 9 February 2006$ f-prot eicar.comVirus scanning report - 11 February 2006 @ 0:04F-PROT ANTIVIRUSProgram version: 4.6.6Engine version: 3.16.14VIRUS SIGNATURE FILESSIGN.DEF created 9 February 2006SIGN2.DEF created 9 February 2006MACRO.DEF created 9 February 2006Search: eicar.comAction: Report onlyFiles: "Dumb" scan of all filesSwitches: -ARCHIVE -PACKED -SERVER/home/war59312/Desktop/eicar.com Infection: EICAR_Test_FileResults of virus scanning:Files: 1MBRs: 0Boot sectors: 0Objects scanned: 1Infected: 1Suspicious: 0Disinfected: 0Deleted: 0Renamed: 0Time: 0:00
Thanks,
Will
[Edited by war59312 on 2006-02-11 06:05:22]
