View Full Version : anti virus for Linux?
Rings890
02-21-02, 01:17 AM
Any special anti virus I need to use for Linux?
Mandrake 8.1
Although there are very few viruses for Unix in general, mostly because to do any real damage you'd have to run/install them as root, there is one product that I've used for the past 3 years or so called AntiVir (http://www.hbedv.com/). It's free for non-commercial use (you have to register it, and you get the key later). It works quite well.
Most real hackers gain root access and then install a rootkit on the target system.
Viruses are for kids, real hackers patch a system from the kernel down so that not even the sysadmin knows a threat is present.
Stef
Well, you can try to prevent that from happening if you keep on top of the advisories, configure your firewall properly, and don't use high risk services (like sun-rpc, tftp, telnet, etc.) or services that you don't know how to configure properly.
However, you could still get hacked. In that case, detection and correction are what you need.
In the detection arena, you can use tools like LogWatch (which checks your logs periodically and e-mails you with the results), Samhain (which checksums all your important files), chkrootkit (which checks for installed rootkits), and some sort of Intrusion Detection System (I like LIDS myself).
On the correction side, make frequent back-ups!!! This can't be said enough! If you do a daily back-up, and you get hacked, you are only going to lose one day's worth of data (the alternative is searching through all your files for a couple days to try to find and fix what was done to your system, or fdisk and re-install from scratch). Spend the money, buy a removable hard drive or a tape drive, back the data up, then eject the tape or pull out the drive--otherwise, they can corrupt the back-up as well. You should also keep at least 5-7 days worth of back-ups. If you keep only one day, and you don't find out until after the back-up was made that your system was hacked, you might as well have not made a back-up to begin with.
If you're not running any servers... (this includes ident) just block all incoming requests using whatever filter your kernel version supports... if you wanna run sshd or a web server or something just leave those services only open and make sure you take strong auth measures for them.
I just surfed over this link, maybe it's usefull:
http://www.openantivirus.org
Stef
vBulletin® v3.7.3, Copyright ©2000-2008, Jelsoft Enterprises Ltd.