From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RKDbd-0004qo-62 for garchives@archives.gentoo.org; Sat, 29 Oct 2011 18:26:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D13A521C0BE; Sat, 29 Oct 2011 18:25:59 +0000 (UTC) Received: from svr-us4.tirtonadi.com (svr-us4.tirtonadi.com [69.65.43.212]) by pigeon.gentoo.org (Postfix) with ESMTP id 7AE8521C049 for ; Sat, 29 Oct 2011 18:25:04 +0000 (UTC) Received: from mail-fx0-f53.google.com ([209.85.161.53]) by svr-us4.tirtonadi.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.69) (envelope-from ) id 1RKDad-001fY4-6l for gentoo-user@lists.gentoo.org; Sun, 30 Oct 2011 01:25:07 +0700 Received: by faai28 with SMTP id i28so5646612faa.40 for ; Sat, 29 Oct 2011 11:25:00 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.223.15.13 with SMTP id i13mr15368598faa.36.1319912700259; Sat, 29 Oct 2011 11:25:00 -0700 (PDT) Received: by 10.223.70.133 with HTTP; Sat, 29 Oct 2011 11:25:00 -0700 (PDT) Received: by 10.223.70.133 with HTTP; Sat, 29 Oct 2011 11:25:00 -0700 (PDT) In-Reply-To: <201110291912.09456.michaelkintzios@gmail.com> References: <201110221227.43568.michaelkintzios@gmail.com> <201110291639.04734.michaelkintzios@gmail.com> <201110291912.09456.michaelkintzios@gmail.com> Date: Sun, 30 Oct 2011 01:25:00 +0700 Message-ID: Subject: Re: [gentoo-user] Which desktop antivirus? From: Pandu Poluan To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=001517479538a22fa604b0741fc3 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - svr-us4.tirtonadi.com X-AntiAbuse: Original Domain - lists.gentoo.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - poluan.info X-Archives-Salt: X-Archives-Hash: 566aa3f127a38acd6302864c7d4d560a --001517479538a22fa604b0741fc3 Content-Type: text/plain; charset=UTF-8 On Oct 30, 2011 1:15 AM, "Mick" wrote: > > On Saturday 29 Oct 2011 18:26:45 Mark Knecht wrote: > > On Sat, Oct 29, 2011 at 8:39 AM, Mick wrote: > > > > > > > The free bitdefender only offers MSWindows downloads: > > > > > > http://www.bitdefender.com/solutions/free.html#System Requirements > > > > > > To use bitdefender for good on a *nix it seems that you have to pay ... > > > :( > > > > > > Have I got this wrong? > > > -- > > > Regards, > > > Mick > > > > Mick, > > At the upper left of the page you linked to there was a link to ask > > for a free license for personal use: > > > > http://www.bitdefender.com/site/Products/ScannerLicense/ > > Nice! Thanks, I missed that! > > > > Do any folks here regularly run virus scanning on Gentoo boxes? > > Reading through the reasons you might want to I still see lack of root > > access and quick fixes for security problems at Linux advantages. Only > > the fact that Linux is more widely used every day is a reason to be > > concerned about anyone trying to attack. (I think.) > > > > Do good backups of /home. > > I have never run an antivirus apps on any of my boxen. Only rkhunter and > chkrootkit. > > However, my other half deals with clients who sent and receive messages from > their MSWindows machines that are occasionally infected with malicious > MSWindows executables. She wants to be able to check attachments in such a > case, advise them and not forward further. > > Meanwhile, I've installed avast! and I'm now running a mammoth scan on an ntfs > partition. It picked up two trojans. I suspect that they are false > positives, but will investigate further. One of the files it picked up is the > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO. > If pagefile.sys is detected as a malware, most likely the actual malware was once loaded into (Windows XP's) memory got swapped, and avast! picked up its remnant. Loaded into memory doesn't mean that the malware was active, if the Windows XP was equipped with a good antivirus. > Hmm .... it also thinks that some Batman Begins TS_01_0.VOB files (a back up I > made of a legit DVD) are "... a decompression bomb!" Puleeeeeze! o_O AFAIK "decompression bomb" is just avast!'s colorful way of saying that "this file is compressed, and I can't uncompress it to scan its contents, because there's not enough RAM to do a decompression." Rgds, --001517479538a22fa604b0741fc3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Oct 30, 2011 1:15 AM, "Mick" <michaelkintzios@gmail.com> wrote:
>
> On Saturday 29 Oct 2011 18:26:45 Mark Knecht wrote:
> > On Sat, Oct 29, 2011 at 8:39 AM, Mick <michaelkintzios@gmail.com> wrote:
> > <SNIP>
> >
> > > The free bitdefender only offers MSWindows downloads:
> > >
> > > =C2=A0http://www.bitdefender.com/solutions/free.html#System Requi= rements
> > >
> > > To use bitdefender for good on a *nix it seems that you have= to pay ...
> > > =C2=A0:(
> > >
> > > Have I got this wrong?
> > > --
> > > Regards,
> > > Mick
> >
> > Mick,
> > =C2=A0 =C2=A0At the upper left of the page you linked to there wa= s a link to ask
> > for a free license for personal use:
> >
> > http://www.bitdefender.com/site/Products/ScannerLicense/
>
> Nice! =C2=A0Thanks, I missed that!
>
>
> > =C2=A0 =C2=A0Do any folks here regularly run virus scanning on Ge= ntoo boxes?
> > Reading through the reasons you might want to I still see lack of= root
> > access and quick fixes for security problems at Linux advantages.= Only
> > the fact that Linux is more widely used every day is a reason to = be
> > concerned about anyone trying to attack. (I think.)
> >
> > =C2=A0 =C2=A0Do good backups of /home.
>
> I have never run an antivirus apps on any of my boxen. =C2=A0Only rkhu= nter and
> chkrootkit.
>
> However, my other half deals with clients who sent and receive message= s from
> their MSWindows machines that are occasionally infected with malicious=
> MSWindows executables. =C2=A0She wants to be able to check attachments= in such a
> case, advise them and not forward further.
>
> Meanwhile, I've installed avast! and I'm now running a mammoth= scan on an ntfs
> partition. =C2=A0It picked up two trojans. =C2=A0I suspect that they a= re false
> positives, but will investigate further. =C2=A0One of the files it pic= ked up is the
> pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO.
>

If pagefile.sys is detected as a malware, most likely the actual malware= was once loaded into (Windows XP's) memory got swapped, and avast! pic= ked up its remnant. Loaded into memory doesn't mean that the malware wa= s active, if the Windows XP was equipped with a good antivirus.

> Hmm .... it also thinks that some Batman Begins TS_01_0.VOB files (= a back up I
> made of a legit DVD) are "... a decompression bomb!" =C2=A0P= uleeeeeze! =C2=A0o_O

AFAIK "decompression bomb" is just avast!'s colorful way o= f saying that "this file is compressed, and I can't uncompress it = to scan its contents, because there's not enough RAM to do a decompress= ion."

Rgds,

--001517479538a22fa604b0741fc3--