From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RHcVi-00013L-QT for garchives@archives.gentoo.org; Sat, 22 Oct 2011 14:25:19 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BCD7121C1B7; Sat, 22 Oct 2011 14:24:55 +0000 (UTC) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by pigeon.gentoo.org (Postfix) with SMTP id 6955621C199 for ; Sat, 22 Oct 2011 14:22:28 +0000 (UTC) Received: (qmail invoked by alias); 22 Oct 2011 14:22:27 -0000 Received: from e181233031.adsl.alicedsl.de (EHLO toxic.dbnet) [85.181.233.31] by mail.gmx.net (mp072) with SMTP; 22 Oct 2011 16:22:27 +0200 X-Authenticated: #351132 X-Provags-ID: V01U2FsdGVkX1+tmldkHhStrqid5oNU/DO8y4ZCEaNDDcZ9DIUwFV cAAlr93wv1Hwzh Date: Sat, 22 Oct 2011 16:22:20 +0200 From: Jonas de Buhr To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Which desktop antivirus? Message-ID: <20111022162220.7e7a7f77@toxic.dbnet> In-Reply-To: <4EA2AC79.5050102@binarywings.net> References: <201110221227.43568.michaelkintzios@gmail.com> <4EA2A92F.3010204@nileshgr.com> <4EA2AC79.5050102@binarywings.net> X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.5; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-Archives-Salt: X-Archives-Hash: cabe77acfebd011274dec0ed4f6d43ff Am Sat, 22 Oct 2011 13:43:53 +0200 schrieb Florian Philipp : > Am 22.10.2011 13:29, schrieb Nilesh Govindarajan: > > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote: > >> Hi All, > >> > >> I'm asked for a desktop antivirus (the box is running KDE) but I > >> have never used an antivirus on Linux. This page that I googled > >> up shows a number of them: > >> > >> http://www.makeuseof.com/tag/free-linux-antivirus-programs/ > >> > >> Meanwhile, portage only lists clamav under app-antivirus/. > >> > >> The machine in question is running kmail to receive/send messages > >> from ISP mail servers and ssmtp to send log messages for relaying > >> via said ISP. > >> > >> What have you tried and what would you recommend for such a > >> desktop setup? > > > > IMHO, you don't need antivirus on a Linux box, unless you're going > > to run a mail relay, where you are responsible for saving recipents > > from viruses. > > I agree. Check that your ISP performs virus checks. If not or if you > want to be extra sure, I think kmail can work with clamav -- at least > it could in the old 3.x days when I still used it. > > > The simplest reason of all is, Linux doesn't know how to execute > > Windows binaries. > > > > Well, this is an oversimplification. > 1) Any box running Wine is possibly as exposed to your classic > pretty-women.exe mail attachments as any windows systems. > 2) You should also be worried about Open/LibreOffice macro viruses as > well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla > based exploits. or image rendering library bugs. or mono. or tricky multi-platform viruses/worms. saying that linux based viruses don't exist is simply wrong. there may not be much in the wild, but they definitely are out there. it is probably more difficult to write a successful virus for linux than for windows for a number or reasons but in principle the problem is the same as on windows. i think the main technical reason is the heterogeneity of the installations. one or two local exploits and you can hit almost any windows XP installation. in linux you have to deal with n combinations of kernel-version, glibc-version, etc. and there is very little you can depend on to be in a fixed location in memory since different compiler options may already change that. there are ways around all this of course[1], but its a lot of work. too much for the limited impact. also, a lot of malware seems to depend on social engineering for infection these days. i think thats going to work less good on a lot of linux users because the system conditions you to think before you act. that aside, i predict that we will see some linux viruses or worms with larger infections in the future. i guess the first ones will be for ubuntu because it has a large base of rather consistent base installations. /jonas -- [1] fun idea: something exploiting bugs in the usb storage subsystem or file system handling code spreading to usb sticks. you could probably even make that multi-platform if you find the needed bugs for different OSes. > > Still, keeping your system up-to-date and observing the freshly > revived GLSA notifications is more likely to save your butt than > clamav. > > Cheers, > Florian Philipp >