From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JuciC-0005QM-Kt for garchives@archives.gentoo.org; Sat, 10 May 2008 00:13:16 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 88369E0403; Sat, 10 May 2008 00:13:15 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 3FD54E0403 for ; Sat, 10 May 2008 00:13:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id DA0476784F for ; Sat, 10 May 2008 00:13:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -2.441 X-Spam-Level: X-Spam-Status: No, score=-2.441 required=5.5 tests=[AWL=0.159, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mrOJKo041X0C for ; Sat, 10 May 2008 00:13:08 +0000 (UTC) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.233]) by smtp.gentoo.org (Postfix) with ESMTP id B6763678F9 for ; Sat, 10 May 2008 00:13:07 +0000 (UTC) Received: by wx-out-0506.google.com with SMTP id i27so1187541wxd.6 for ; Fri, 09 May 2008 17:13:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=VHhPx9ZHJFWCTtHXZ10az61WuuCgfD/bHUPPZK0n7Sc=; b=qALyIZyyJtjIUSV6aYYIOLCSDa0yh7G2vdVxgYEJfQ4lwK74KtL8p4BigTev+pmqDnuiFWwqGO3JQVZwZFMCKFIJkq4VI3ex3DhAQofxlqoH7D0OC077wnU7eUgnl80/y48a9SVHrCZmRkbzyrturjIG3X/J9fZonOyavfgZ9Po= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=eZElMsAbj3JmgHxefdAY7b8VGve8g0bQcm/jvVgty1vF/hsZZjg7CkCu8Vp2RtBFRDIKD0tVKzpLayDMxyJuFO0jZd2RCABUuKqstp+aM4ZkEDX2iDmKYKi9jXQA/GxtNf35Shi83j7tDL4Xvqlr/B+K8kokppsyiVFfuF6+pdc= Received: by 10.90.53.5 with SMTP id b5mr7284661aga.77.1210378386759; Fri, 09 May 2008 17:13:06 -0700 (PDT) Received: from ?192.168.1.4? ( [71.233.85.48]) by mx.google.com with ESMTPS id 6sm5332832agb.11.2008.05.09.17.13.05 (version=SSLv3 cipher=RC4-MD5); Fri, 09 May 2008 17:13:06 -0700 (PDT) Message-ID: <4824E891.4060404@gmail.com> Date: Fri, 09 May 2008 20:13:05 -0400 From: 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com> User-Agent: Thunderbird 2.0.0.14 (X11/20080421) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Re: Best anti-virus References: <2b0b0d2d0805082023t5dbb240av49634fa4cf15e8b3@mail.gmail.com> In-Reply-To: <2b0b0d2d0805082023t5dbb240av49634fa4cf15e8b3@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 0683bdfb-abe7-4d67-b670-7477a42b79b2 X-Archives-Hash: 84cd86a62232790f3a4ce1a59272e95a Tony Caudel wrote: > I am currently using the clamv anti-virus program. I was wondering if there > is a better one for Gentoo, especially one that integrates well with > Thunderbird. That has been my one disappointment with clamav. Not > necessarily clamav's fault since T/B maintains its emails in one long file. > > Tony > I am extremely pleased with Antivir (aka Avira) and its realtime LKM, Dazuko! 1. The Antivir database and heuristics contain dozens of Linux-specific rootkits and Trojans. These in addition to Windows sigs. FWICT, the only freeware AntiMalware that take Linux seriously (Kaspersky payware does). 2. With Dazuko - a LKM, developed by AntiVir/Avira which provides real-time, on-access (read/write) scanning within directories you specify in configuration. I scan mail (in a chroot jail), browser and downloads (within a chroot jail, within RamDisk), Portage and portage work areas, and /home. Given that emerges are done with Root privilege, this scanning for signatures may keep your box from being borked, should someone hack a distribution site, or poison the DNS system, or etc. 3. Recent testing by Windows testers indicate that Antivir is now one of the better windows AV's, and that their heuristics are quite effective. I'd guess the same to be true for 'ix. 4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left unrepaired because I think it's so great: "ANTIVIR 2008-05-05_05:49:12.39449 Mon May 5 01:49:12 2008 WARNING: file '/etc/openvpn/trustconnect/pwd' is group or others accessible" 5. its heuristics have notified me of XSS script attacks (at test sites) after scanning scripts loaded into the browser cache, with "suspicious script" warnings - and blocking that script from use by the browser. The only other tool of similar function that I know of is "NoScript", an extension for use in FireFox. 6. I run WAN/LAN-connected applications in chroot jails (Grsecurity Hardened). Anything downloaded into a browser jail, lftp or TBird jail is moved to a "download" area via a script that invokes a deep scan by Antivir after it gets there. Dazuko invokes a second scan, as it also monitors that area. 7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other AntiMalwares, or customized to respond to user-created tests (e.g. changed file). 8. Linux and Unix oldtimers will scoff at real-time malware scanning - but I'm convinced that in todays world, realtime scanning is one important thing (perhaps the only thing) that we can learn from Windows. HTH -- gentoo-user@lists.gentoo.org mailing list