[gentoo-user] Which desktop antivirus?

[gentoo-user] Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 550 bytes --]

Hi All,

I'm asked for a desktop antivirus (the box is running KDE) but I have never 
used an antivirus on Linux.  This page that I googled up shows a number of 
them:

  http://www.makeuseof.com/tag/free-linux-antivirus-programs/

Meanwhile, portage only lists clamav under app-antivirus/.

The machine in question is running kmail to receive/send messages from ISP 
mail servers and ssmtp to send log messages for relaying via said ISP.

What have you tried and what would you recommend for such a desktop setup?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Nilesh Govindarajan]

On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote:
> Hi All,
>
> I'm asked for a desktop antivirus (the box is running KDE) but I have never 
> used an antivirus on Linux.  This page that I googled up shows a number of 
> them:
>
>   http://www.makeuseof.com/tag/free-linux-antivirus-programs/
>
> Meanwhile, portage only lists clamav under app-antivirus/.
>
> The machine in question is running kmail to receive/send messages from ISP 
> mail servers and ssmtp to send log messages for relaying via said ISP.
>
> What have you tried and what would you recommend for such a desktop setup?

IMHO, you don't need antivirus on a Linux box, unless you're going to 
run a mail relay, where you are responsible for saving recipents from 
viruses.
The simplest reason of all is, Linux doesn't know how to execute 
Windows binaries.

-- 
Nilesh Govindarajan
http://nileshgr.com

[gentoo-user] Re: Which desktop antivirus?

[Nikos Chantziaras]

On 10/22/2011 02:27 PM, Mick wrote:
> Hi All,
>
> I'm asked for a desktop antivirus (the box is running KDE) but I have never
> used an antivirus on Linux.  This page that I googled up shows a number of
> them:
>
>    http://www.makeuseof.com/tag/free-linux-antivirus-programs/
>
> Meanwhile, portage only lists clamav under app-antivirus/.
>
> The machine in question is running kmail to receive/send messages from ISP
> mail servers and ssmtp to send log messages for relaying via said ISP.
>
> What have you tried and what would you recommend for such a desktop setup?

You don't need one.  Linux anti-virus programs are there to protect 
Windows installations (Windows executables passing through a Linux box). 
  Since you said "Desktop", I assume you meant protect against Linux 
viruses.  Since there aren't any Linus viruses, there's no need for 
something like that.

Re: [gentoo-user] Which desktop antivirus?

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 1612 bytes --]

Am 22.10.2011 13:29, schrieb Nilesh Govindarajan:
> On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote:
>> Hi All,
>>
>> I'm asked for a desktop antivirus (the box is running KDE) but I have never 
>> used an antivirus on Linux.  This page that I googled up shows a number of 
>> them:
>>
>>   http://www.makeuseof.com/tag/free-linux-antivirus-programs/
>>
>> Meanwhile, portage only lists clamav under app-antivirus/.
>>
>> The machine in question is running kmail to receive/send messages from ISP 
>> mail servers and ssmtp to send log messages for relaying via said ISP.
>>
>> What have you tried and what would you recommend for such a desktop setup?
> 
> IMHO, you don't need antivirus on a Linux box, unless you're going to 
> run a mail relay, where you are responsible for saving recipents from 
> viruses.

I agree. Check that your ISP performs virus checks. If not or if you
want to be extra sure, I think kmail can work with clamav -- at least it
could in the old 3.x days when I still used it.

> The simplest reason of all is, Linux doesn't know how to execute 
> Windows binaries.
> 

Well, this is an oversimplification.
1) Any box running Wine is possibly as exposed to your classic
pretty-women.exe mail attachments as any windows systems.
2) You should also be worried about Open/LibreOffice macro viruses as
well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla based
exploits.

Still, keeping your system up-to-date and observing the freshly revived
GLSA notifications is more likely to save your butt than clamav.

Cheers,
Florian Philipp


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [gentoo-user] Re: Which desktop antivirus?

[Adam Carter]

> there aren't any Linux viruses,

Except for the ones listed on the page below, which is probably incomplete.
http://en.wikipedia.org/wiki/Linux_malware

But yeah, on a linux desktop (especially a Gentoo one) you don't need
a virus scanner. Yet.

Re: [gentoo-user] Which desktop antivirus?

[Jonas de Buhr]

Am Sat, 22 Oct 2011 13:43:53 +0200
schrieb Florian Philipp <lists@binarywings.net>:

> Am 22.10.2011 13:29, schrieb Nilesh Govindarajan:
> > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote:
> >> Hi All,
> >>
> >> I'm asked for a desktop antivirus (the box is running KDE) but I
> >> have never used an antivirus on Linux.  This page that I googled
> >> up shows a number of them:
> >>
> >>   http://www.makeuseof.com/tag/free-linux-antivirus-programs/
> >>
> >> Meanwhile, portage only lists clamav under app-antivirus/.
> >>
> >> The machine in question is running kmail to receive/send messages
> >> from ISP mail servers and ssmtp to send log messages for relaying
> >> via said ISP.
> >>
> >> What have you tried and what would you recommend for such a
> >> desktop setup?
> > 
> > IMHO, you don't need antivirus on a Linux box, unless you're going
> > to run a mail relay, where you are responsible for saving recipents
> > from viruses.
> 
> I agree. Check that your ISP performs virus checks. If not or if you
> want to be extra sure, I think kmail can work with clamav -- at least
> it could in the old 3.x days when I still used it.
> 
> > The simplest reason of all is, Linux doesn't know how to execute 
> > Windows binaries.
> > 
> 
> Well, this is an oversimplification.
> 1) Any box running Wine is possibly as exposed to your classic
> pretty-women.exe mail attachments as any windows systems.
> 2) You should also be worried about Open/LibreOffice macro viruses as
> well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla
> based exploits.

or image rendering library bugs. or mono. or tricky multi-platform
viruses/worms. saying that linux based viruses don't exist is simply
wrong. there may not be much in the wild, but they definitely are out
there.

it is probably more difficult to write a successful virus for linux
than for windows for a number or reasons but in principle the problem is
the same as on windows.
i think the main technical reason is the heterogeneity of the
installations. one or two local exploits and you can hit almost any
windows XP installation. in linux you have to deal with n combinations
of kernel-version, glibc-version, etc. and there is very little you can
depend on to be in a fixed location in memory since different compiler
options may already change that. there are ways around all this of
course[1], but its a lot of work. too much for the limited impact.
also, a lot of malware seems to depend on social engineering for
infection these days. i think thats going to work less good on a lot of
linux users because the system conditions you to think before you act.

that aside, i predict that we will see some linux viruses or worms with
larger infections in the future. i guess the first ones will be for
ubuntu because it has a large base of rather consistent base
installations.

/jonas

--

[1] fun idea: something exploiting bugs in the usb storage subsystem or
file system handling code spreading to usb sticks. you could probably
even make that multi-platform if you find the needed bugs for different
OSes.


> 
> Still, keeping your system up-to-date and observing the freshly
> revived GLSA notifications is more likely to save your butt than
> clamav.
> 
> Cheers,
> Florian Philipp
> 

Re: [gentoo-user] Re: Which desktop antivirus?

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 524 bytes --]

On Oct 22, 2011 9:10 PM, "Adam Carter" <adamcarter3@gmail.com> wrote:
>
> > there aren't any Linux viruses,
>
> Except for the ones listed on the page below, which is probably
incomplete.
> http://en.wikipedia.org/wiki/Linux_malware
>
> But yeah, on a linux desktop (especially a Gentoo one) you don't need
> a virus scanner. Yet.
>

That IMO is one aspect where Gentoo is 'naturally hardened' even when
compared to other Linux distros: malware writers can't be sure that the
vectors they need exist in a target box.

Rgds,

[-- Attachment #2: Type: text/html, Size: 755 bytes --]

[gentoo-user] Re: Which desktop antivirus?

[Nikos Chantziaras]

On 10/22/2011 05:07 PM, Adam Carter wrote:
>> there aren't any Linux viruses,
>
> Except for the ones listed on the page below, which is probably incomplete.
> http://en.wikipedia.org/wiki/Linux_malware
>
> But yeah, on a linux desktop (especially a Gentoo one) you don't need
> a virus scanner. Yet.

There are literally *millions* of Windows viruses.  The Wikipedia page 
just proves Linux has virtually no viruses, and those listed don't even 
work anymore (exploits have been patched long ago.)  Most existing Linux 
malware targets servers (like PHP software exploits in forums, wikis, 
etc) and desktop users don't need to worry.

Furthermore, even if there were enough Linux viruses to worry about, 
there isn't a good way of getting infected.  On Windows, you download 
random executables from the net.  On Gentoo, you install your stuff 
through portage.  It's nearly impossible to get infected.

Re: [gentoo-user] Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 3907 bytes --]

On Saturday 22 Oct 2011 15:22:20 Jonas de Buhr wrote:
> Am Sat, 22 Oct 2011 13:43:53 +0200
> 
> schrieb Florian Philipp <lists@binarywings.net>:
> > Am 22.10.2011 13:29, schrieb Nilesh Govindarajan:
> > > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote:
> > >> Hi All,
> > >> 
> > >> I'm asked for a desktop antivirus (the box is running KDE) but I
> > >> have never used an antivirus on Linux.  This page that I googled
> > >> 
> > >> up shows a number of them:
> > >>   http://www.makeuseof.com/tag/free-linux-antivirus-programs/
> > >> 
> > >> Meanwhile, portage only lists clamav under app-antivirus/.
> > >> 
> > >> The machine in question is running kmail to receive/send messages
> > >> from ISP mail servers and ssmtp to send log messages for relaying
> > >> via said ISP.
> > >> 
> > >> What have you tried and what would you recommend for such a
> > >> desktop setup?
> > > 
> > > IMHO, you don't need antivirus on a Linux box, unless you're going
> > > to run a mail relay, where you are responsible for saving recipents
> > > from viruses.
> > 
> > I agree. Check that your ISP performs virus checks. If not or if you
> > want to be extra sure, I think kmail can work with clamav -- at least
> > it could in the old 3.x days when I still used it.
> > 
> > > The simplest reason of all is, Linux doesn't know how to execute
> > > Windows binaries.
> > 
> > Well, this is an oversimplification.
> > 1) Any box running Wine is possibly as exposed to your classic
> > pretty-women.exe mail attachments as any windows systems.
> > 2) You should also be worried about Open/LibreOffice macro viruses as
> > well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla
> > based exploits.
> 
> or image rendering library bugs. or mono. or tricky multi-platform
> viruses/worms. saying that linux based viruses don't exist is simply
> wrong. there may not be much in the wild, but they definitely are out
> there.
> 
> it is probably more difficult to write a successful virus for linux
> than for windows for a number or reasons but in principle the problem is
> the same as on windows.
> i think the main technical reason is the heterogeneity of the
> installations. one or two local exploits and you can hit almost any
> windows XP installation. in linux you have to deal with n combinations
> of kernel-version, glibc-version, etc. and there is very little you can
> depend on to be in a fixed location in memory since different compiler
> options may already change that. there are ways around all this of
> course[1], but its a lot of work. too much for the limited impact.
> also, a lot of malware seems to depend on social engineering for
> infection these days. i think thats going to work less good on a lot of
> linux users because the system conditions you to think before you act.
> 
> that aside, i predict that we will see some linux viruses or worms with
> larger infections in the future. i guess the first ones will be for
> ubuntu because it has a large base of rather consistent base
> installations.
> 
> /jonas
> 
> --
> 
> [1] fun idea: something exploiting bugs in the usb storage subsystem or
> file system handling code spreading to usb sticks. you could probably
> even make that multi-platform if you find the needed bugs for different
> OSes.
> 
> > Still, keeping your system up-to-date and observing the freshly
> > revived GLSA notifications is more likely to save your butt than
> > clamav.

Thanks guys, good points.

The USB vector reminds me of stuxnet, although this I understand was designed 
to infect Iranian MSWindows boxen.

Anyway, the use case in point is to protect other MSWindows OS' when 
sending/forwarding office and pdf documents.  So the user would like to be able 
to scan emails as they come in/sent out.

Will clamav do this with KDE4?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[gentoo-user] Re: Which desktop antivirus?

[Nikos Chantziaras]

On 10/22/2011 06:40 PM, Mick wrote:
>[...]
> Anyway, the use case in point is to protect other MSWindows OS' when
> sending/forwarding office and pdf documents.  So the user would like to be able
> to scan emails as they come in/sent out.
>
> Will clamav do this with KDE4?

ClamVM has poor detection rates.  You might want to look into AVG Free 
for Linux.

Re: [gentoo-user] Which desktop antivirus?

[Dale]

Mick wrote:
> Hi All,
>
> I'm asked for a desktop antivirus (the box is running KDE) but I have never
> used an antivirus on Linux.  This page that I googled up shows a number of
> them:
>
>    http://www.makeuseof.com/tag/free-linux-antivirus-programs/
>
> Meanwhile, portage only lists clamav under app-antivirus/.
>
> The machine in question is running kmail to receive/send messages from ISP
> mail servers and ssmtp to send log messages for relaying via said ISP.
>
> What have you tried and what would you recommend for such a desktop setup?

I have to agree with most everyone else on this one.  You don't really 
need a anit-virus software to protect yourself.  I do think it is good 
that you want to protect others by catching them while on your machine 
and then you know not to spread them around to others who can be 
infected.  I used to do this a long time ago but I have policies here 
about sending messages to others.  Mostly, I don't do it unless I know 
it is virus free.  If I get a video that is funny or something, I find 
it on youtube and just forward a link to that.  I'm sure youtube checks 
its stuff to be sure it is clean.

If you set up a process like this, you shouldn't spread anything but you 
do have to think before hitting forward too.  I think people have 
figured out I don't forward just anything so I don't get a lot of "junk" 
anymore.

I do agree on using AVG as someone else posted.  I have that on my 
brothers XP box.  He likes it better than Norton that he used to pay 
for.  If you can get that running on Linux, then that would be great.  
Another pretty good one that I used to use was f-prot but I think AVG 
would be better still.

Dale

:-)  :-)

Re: [gentoo-user] Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1931 bytes --]

On Saturday 22 Oct 2011 18:27:02 Dale wrote:
> Mick wrote:
> > Hi All,
> > 
> > I'm asked for a desktop antivirus (the box is running KDE) but I have
> > never used an antivirus on Linux.  This page that I googled up shows a
> > number of
> > 
> > them:
> >    http://www.makeuseof.com/tag/free-linux-antivirus-programs/
> > 
> > Meanwhile, portage only lists clamav under app-antivirus/.
> > 
> > The machine in question is running kmail to receive/send messages from
> > ISP mail servers and ssmtp to send log messages for relaying via said
> > ISP.
> > 
> > What have you tried and what would you recommend for such a desktop
> > setup?
> 
> I have to agree with most everyone else on this one.  You don't really
> need a anit-virus software to protect yourself.  I do think it is good
> that you want to protect others by catching them while on your machine
> and then you know not to spread them around to others who can be
> infected.  I used to do this a long time ago but I have policies here
> about sending messages to others.  Mostly, I don't do it unless I know
> it is virus free.  If I get a video that is funny or something, I find
> it on youtube and just forward a link to that.  I'm sure youtube checks
> its stuff to be sure it is clean.
> 
> If you set up a process like this, you shouldn't spread anything but you
> do have to think before hitting forward too.  I think people have
> figured out I don't forward just anything so I don't get a lot of "junk"
> anymore.
> 
> I do agree on using AVG as someone else posted.  I have that on my
> brothers XP box.  He likes it better than Norton that he used to pay
> for.  If you can get that running on Linux, then that would be great.
> Another pretty good one that I used to use was f-prot but I think AVG
> would be better still.
> 
> Dale

Is there an overlay that offers AVG or bitdefender?

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Andrey Moshbear]

On Sat, Oct 22, 2011 at 13:27, Dale <rdalek1967@gmail.com> wrote:
> Mick wrote:
>>
>> Hi All,
>>
>> I'm asked for a desktop antivirus (the box is running KDE) but I have
>> never
>> used an antivirus on Linux.  This page that I googled up shows a number of
>> them:
>>
>>   http://www.makeuseof.com/tag/free-linux-antivirus-programs/
>>
>> Meanwhile, portage only lists clamav under app-antivirus/.
>>
>> The machine in question is running kmail to receive/send messages from ISP
>> mail servers and ssmtp to send log messages for relaying via said ISP.
>>
>> What have you tried and what would you recommend for such a desktop setup?
>
> I have to agree with most everyone else on this one.  You don't really need
> a anit-virus software to protect yourself.  I do think it is good that you
> want to protect others by catching them while on your machine and then you
> know not to spread them around to others who can be infected.  I used to do
> this a long time ago but I have policies here about sending messages to
> others.  Mostly, I don't do it unless I know it is virus free.  If I get a
> video that is funny or something, I find it on youtube and just forward a
> link to that.  I'm sure youtube checks its stuff to be sure it is clean.
>
> If you set up a process like this, you shouldn't spread anything but you do
> have to think before hitting forward too.  I think people have figured out I
> don't forward just anything so I don't get a lot of "junk" anymore.
>
> I do agree on using AVG as someone else posted.  I have that on my brothers
> XP box.  He likes it better than Norton that he used to pay for.  If you can
> get that running on Linux, then that would be great.  Another pretty good
> one that I used to use was f-prot but I think AVG would be better still.
>

Nod32 is nice, but you need to patch dazuko into your kernel for it to
work in real-time.

Re: [gentoo-user] Which desktop antivirus?

[Dale]

Mick wrote:
> Is there an overlay that offers AVG or bitdefender? 

I found this:

http://www.gentoo-wiki.info/AVG_Anti-Virus

There is a ebuild for it but it looks like it is not maintained.  The 
last changelog was in 2008.  It is here:

http://gpo.zugaina.org/app-antivirus/avgfree

Just to cover all the bases here, I have not followed the instructions 
or anything for either of those links so I can not say if it works or 
not.  So, don't jump in if the water is to deep and you can't swim.  
o_O   I can't swim either.  Well, I swim like a lead ball is more like it.

Even tho I don't use a AV tool, I do wish AVG was in portage.  I know it 
works well on windoze and that says a lot.  lol

Dale

:-)  :-)

Re: [gentoo-user] Which desktop antivirus?

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1922 bytes --]

On Oct 23, 2011 12:32 AM, "Dale" <rdalek1967@gmail.com> wrote:
>
> Mick wrote:
>>
>> Hi All,
>>
>> I'm asked for a desktop antivirus (the box is running KDE) but I have
never
>> used an antivirus on Linux.  This page that I googled up shows a number
of
>> them:
>>
>>   http://www.makeuseof.com/tag/free-linux-antivirus-programs/
>>
>> Meanwhile, portage only lists clamav under app-antivirus/.
>>
>> The machine in question is running kmail to receive/send messages from
ISP
>> mail servers and ssmtp to send log messages for relaying via said ISP.
>>
>> What have you tried and what would you recommend for such a desktop
setup?
>
>
> I have to agree with most everyone else on this one.  You don't really
need a anit-virus software to protect yourself.  I do think it is good that
you want to protect others by catching them while on your machine and then
you know not to spread them around to others who can be infected.  I used to
do this a long time ago but I have policies here about sending messages to
others.  Mostly, I don't do it unless I know it is virus free.  If I get a
video that is funny or something, I find it on youtube and just forward a
link to that.  I'm sure youtube checks its stuff to be sure it is clean.
>
> If you set up a process like this, you shouldn't spread anything but you
do have to think before hitting forward too.  I think people have figured
out I don't forward just anything so I don't get a lot of "junk" anymore.
>
> I do agree on using AVG as someone else posted.  I have that on my
brothers XP box.  He likes it better than Norton that he used to pay for.
 If you can get that running on Linux, then that would be great.  Another
pretty good one that I used to use was f-prot but I think AVG would be
better still.

I prefer Avast to AVG. It has versions for both Windows and Linux. Here's
the link for the Linux version:

http://www.avast.com/linux-home-edition#tab1

Rgds,

[-- Attachment #2: Type: text/html, Size: 2452 bytes --]

Re: [gentoo-user] Re: Which desktop antivirus?

[Mark Knecht]

On Sat, Oct 22, 2011 at 8:14 AM, Nikos Chantziaras <realnc@arcor.de> wrote:
>
> There are literally *millions* of Windows viruses.

I use Kaspersky in my Windows VMs.

6,028,900 virus signatures as of an update run 1 hour ago...

6,029,804 now...

Go figure...

- Mark

Re: [gentoo-user] Re: Which desktop antivirus?

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 364 bytes --]

On Sat, 22 Oct 2011 20:03:44 +0300, Nikos Chantziaras wrote:

> ClamVM has poor detection rates.  You might want to look into AVG Free 
> for Linux.

Do you have any documentation for this?

I'm not saying you're wrong, rather that I'd like to know more.


-- 
Neil Bothwick

Assembler: (n.) a minor program of interest only to obsessed programmers.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Re: Which desktop antivirus?

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 1323 bytes --]

Am 22.10.2011 17:14, schrieb Nikos Chantziaras:
> On 10/22/2011 05:07 PM, Adam Carter wrote:
>>> there aren't any Linux viruses,
>>
>> Except for the ones listed on the page below, which is probably
>> incomplete.
>> http://en.wikipedia.org/wiki/Linux_malware
>>
>> But yeah, on a linux desktop (especially a Gentoo one) you don't need
>> a virus scanner. Yet.
> 
> There are literally *millions* of Windows viruses.  The Wikipedia page
> just proves Linux has virtually no viruses, and those listed don't even
> work anymore (exploits have been patched long ago.)  Most existing Linux
> malware targets servers (like PHP software exploits in forums, wikis,
> etc) and desktop users don't need to worry.
> 
> Furthermore, even if there were enough Linux viruses to worry about,
> there isn't a good way of getting infected.  On Windows, you download
> random executables from the net.  On Gentoo, you install your stuff
> through portage.  It's nearly impossible to get infected.
> 

Unless you hijack one of the portage mirrors or stage a
man-in-the-middle attack. Only a few manifest files in the official
portage tree are signed with PGP and even there I don't think emerge
checks the keys, only the normal hash keys. That is something that bugs
me for ages.

Regards,
Florian Philipp



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [gentoo-user] Re: Which desktop antivirus?

[Volker Armin Hemmann]

Am Samstag 22 Oktober 2011, 18:14:32 schrieb Nikos Chantziaras:
> On 10/22/2011 05:07 PM, Adam Carter wrote:
> >> there aren't any Linux viruses,
> > 
> > Except for the ones listed on the page below, which is probably
> > incomplete. http://en.wikipedia.org/wiki/Linux_malware
> > 
> > But yeah, on a linux desktop (especially a Gentoo one) you don't need
> > a virus scanner. Yet.
> 
> There are literally *millions* of Windows viruses.  The Wikipedia page
> just proves Linux has virtually no viruses, and those listed don't even
> work anymore (exploits have been patched long ago.)  Most existing Linux
> malware targets servers (like PHP software exploits in forums, wikis,
> etc) and desktop users don't need to worry.
> 
> Furthermore, even if there were enough Linux viruses to worry about,
> there isn't a good way of getting infected.  On Windows, you download
> random executables from the net.  On Gentoo, you install your stuff
> through portage.  It's nearly impossible to get infected.

except when someone puts up or takes over a rsync server and starts providing 
malicious ebuilds.


Hilarious.
-- 
#163933

Re: [gentoo-user] Re: Which desktop antivirus?

[Adam Carter]

>> Furthermore, even if there were enough Linux viruses to worry about,
>> there isn't a good way of getting infected.  On Windows, you download
>> random executables from the net.  On Gentoo, you install your stuff
>> through portage.  It's nearly impossible to get infected.
>
> except when someone puts up or takes over a rsync server and starts providing
> malicious ebuilds.

And most malware runs an exploit to install itself, it doesn't require
the user to run an installation program. So typical attack vectors
are: network services, documents/media files (.pdfs flash etc), and
all the usual web stuff. As stated earlier buffer overflows against
Gentoo would be a nightmare to write due to the system
variability....RHEL not so much.

Re: [gentoo-user] Which desktop antivirus?

[du yang]

[-- Attachment #1: Type: text/plain, Size: 411 bytes --]

On Sunday 10/23/11 03:17:10 CST, Pandu Poluan wrote:
> I prefer Avast to AVG. It has versions for both Windows and Linux. Here's the
> link for the Linux version:
> 
> http://www.avast.com/linux-home-edition#tab1
> 

overlay gentoo-zh offer it.
  app-antivirus/avast4workstation


-- 
Best Regads
du yang

oooO:::::::::
(..):::::::::
:\.(:::Oooo::
::\_)::(..)::
:::::::)./:::
::::::(_/::::

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

Re: [gentoo-user] Re: Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1544 bytes --]

On Saturday 22 Oct 2011 22:30:45 Volker Armin Hemmann wrote:
> Am Samstag 22 Oktober 2011, 18:14:32 schrieb Nikos Chantziaras:
> > On 10/22/2011 05:07 PM, Adam Carter wrote:
> > >> there aren't any Linux viruses,
> > > 
> > > Except for the ones listed on the page below, which is probably
> > > incomplete. http://en.wikipedia.org/wiki/Linux_malware
> > > 
> > > But yeah, on a linux desktop (especially a Gentoo one) you don't need
> > > a virus scanner. Yet.
> > 
> > There are literally *millions* of Windows viruses.  The Wikipedia page
> > just proves Linux has virtually no viruses, and those listed don't even
> > work anymore (exploits have been patched long ago.)  Most existing Linux
> > malware targets servers (like PHP software exploits in forums, wikis,
> > etc) and desktop users don't need to worry.
> > 
> > Furthermore, even if there were enough Linux viruses to worry about,
> > there isn't a good way of getting infected.  On Windows, you download
> > random executables from the net.  On Gentoo, you install your stuff
> > through portage.  It's nearly impossible to get infected.
> 
> except when someone puts up or takes over a rsync server and starts
> providing malicious ebuilds.
> 
> 
> Hilarious.

Isn't that what happened back in 2003/04?  I can't recall exactly but there 
was some discussion where it was suggested that clients should rsync against 
two different mirrors and diff the portage contents (or hashes thereof?), before 
accepting the sync result.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 404 bytes --]

On Oct 23, 2011 2:23 PM, "du yang" <duyang.seu@gmail.com> wrote:
>
> On Sunday 10/23/11 03:17:10 CST, Pandu Poluan wrote:
> > I prefer Avast to AVG. It has versions for both Windows and Linux.
Here's the
> > link for the Linux version:
> >
> > http://www.avast.com/linux-home-edition#tab1
> >
>
> overlay gentoo-zh offer it.
>  app-antivirus/avast4workstation
>

Whoa, COOL!

Thanks for the info!

Rgds,

[-- Attachment #2: Type: text/html, Size: 670 bytes --]

Re: [gentoo-user] Re: Which desktop antivirus?

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 1918 bytes --]

Am 23.10.2011 09:49, schrieb Mick:
> On Saturday 22 Oct 2011 22:30:45 Volker Armin Hemmann wrote:
>> Am Samstag 22 Oktober 2011, 18:14:32 schrieb Nikos Chantziaras:
>>> On 10/22/2011 05:07 PM, Adam Carter wrote:
>>>>> there aren't any Linux viruses,
>>>>
>>>> Except for the ones listed on the page below, which is probably
>>>> incomplete. http://en.wikipedia.org/wiki/Linux_malware
>>>>
>>>> But yeah, on a linux desktop (especially a Gentoo one) you don't need
>>>> a virus scanner. Yet.
>>>
>>> There are literally *millions* of Windows viruses.  The Wikipedia page
>>> just proves Linux has virtually no viruses, and those listed don't even
>>> work anymore (exploits have been patched long ago.)  Most existing Linux
>>> malware targets servers (like PHP software exploits in forums, wikis,
>>> etc) and desktop users don't need to worry.
>>>
>>> Furthermore, even if there were enough Linux viruses to worry about,
>>> there isn't a good way of getting infected.  On Windows, you download
>>> random executables from the net.  On Gentoo, you install your stuff
>>> through portage.  It's nearly impossible to get infected.
>>
>> except when someone puts up or takes over a rsync server and starts
>> providing malicious ebuilds.
>>
>>
>> Hilarious.
> 
> Isn't that what happened back in 2003/04?  I can't recall exactly but there 
> was some discussion where it was suggested that clients should rsync against 
> two different mirrors and diff the portage contents (or hashes thereof?), before 
> accepting the sync result.

That still doesn't protect you against man-in-the-middle attacks or an
attack against the CVS tree (like the recent kernel.org disaster).

Signing the manifest files is really the only reasonable solution. Good
thing there seems to be some progress in that direction:
https://bugs.gentoo.org/show_bug.cgi?id=360363

Regards,
Florian Philipp


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Volker Armin Hemmann]

Am Samstag 22 Oktober 2011, 19:46:59 schrieb Mick:
> On Saturday 22 Oct 2011 18:27:02 Dale wrote:
> > Mick wrote:
> > > Hi All,
> > > 
> > > I'm asked for a desktop antivirus (the box is running KDE) but I
> > > have
> > > never used an antivirus on Linux.  This page that I googled up shows
> > > a
> > > number of
> > > 
> > > them:
> > >    http://www.makeuseof.com/tag/free-linux-antivirus-programs/
> > > 
> > > Meanwhile, portage only lists clamav under app-antivirus/.
> > > 
> > > The machine in question is running kmail to receive/send messages
> > > from
> > > ISP mail servers and ssmtp to send log messages for relaying via
> > > said
> > > ISP.
> > > 
> > > What have you tried and what would you recommend for such a desktop
> > > setup?
> > 
> > I have to agree with most everyone else on this one.  You don't really
> > need a anit-virus software to protect yourself.  I do think it is good
> > that you want to protect others by catching them while on your machine
> > and then you know not to spread them around to others who can be
> > infected.  I used to do this a long time ago but I have policies here
> > about sending messages to others.  Mostly, I don't do it unless I know
> > it is virus free.  If I get a video that is funny or something, I find
> > it on youtube and just forward a link to that.  I'm sure youtube checks
> > its stuff to be sure it is clean.
> > 
> > If you set up a process like this, you shouldn't spread anything but you
> > do have to think before hitting forward too.  I think people have
> > figured out I don't forward just anything so I don't get a lot of "junk"
> > anymore.
> > 
> > I do agree on using AVG as someone else posted.  I have that on my
> > brothers XP box.  He likes it better than Norton that he used to pay
> > for.  If you can get that running on Linux, then that would be great.
> > Another pretty good one that I used to use was f-prot but I think AVG
> > would be better still.
> > 
> > Dale
> 
> Is there an overlay that offers AVG or bitdefender?

looks like - but I just run the bitdefender script to extract, than used dpkg 
--force-all to install. Works well so far.

You can get a free personal use licence on their web site.
-- 
#163933

Re: [gentoo-user] Which desktop antivirus?

[Dale]

Mick wrote:
> Is there an overlay that offers AVG or bitdefender? 

I found these:

root@fireball / # eix avast
* app-antivirus/avast4workstation
      Available versions:  ~1.3.0-r2!m[1] ~1.3.0-r2!m[2]
      Homepage:            
http://www.avast.com/eng/avast-for-linux-workstation.html
      Description:         avast! Linux Home Edition

[1] "gentoo-china" layman/gentoo-china
[2] "gentoo-zh" layman/gentoo-zh
root@fireball / # eix avg
* media-libs/shivavg
      Available versions:  [M]~0.2.1
      Homepage:            http://shivavg.sourceforge.net
      Description:         open-source implementation of the Khronos' 
OpenVG specification

* www-apache/mod_loadavg
      Available versions:  ~0.0.1
      Homepage:            http://defunced.de/
      Description:         Apache module executing CGI-Requests 
depending on the load of the server

Found 2 matches.
root@fireball / # eix bitdefend
* app-antivirus/bitdefender-scanner
      Available versions:  ~7.6.4-r1!f[1] ~7.6.4-r1!f[2] 
{bash-completion examples gtk}
      Homepage:            
http://www.bitdefender.com/PRODUCT-80-en--BitDefender-Antivirus-Scanner-for-Unices.html
      Description:         Antivirus and antispyware scanner for both 
UNIX-based and Windows-based partitions

[1] "gentoo-china" layman/gentoo-china
[2] "gentoo-zh" layman/gentoo-zh
root@fireball / #


So, avast is in gentoo-zh overlay, no AVG, and bitdefender-scanner is 
in, drum roll please, gentoo-zh overlay.  The guy keeping up with 
gentoo-zh is busy on virus tools.  lol

Oh, how did I get that you ask?  This little command is neat.

eix-remote update

Note that gets cleared the next time you sync.  At least it did here.

Hope that helps.

Dale

:-)  :-)

Re: [gentoo-user] Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 2951 bytes --]

On Sunday 23 Oct 2011 12:01:32 Volker Armin Hemmann wrote:
> Am Samstag 22 Oktober 2011, 19:46:59 schrieb Mick:
> > On Saturday 22 Oct 2011 18:27:02 Dale wrote:
> > > Mick wrote:
> > > > Hi All,
> > > > 
> > > > I'm asked for a desktop antivirus (the box is running KDE) but I
> > > > have
> > > > never used an antivirus on Linux.  This page that I googled up shows
> > > > a
> > > > number of
> > > > 
> > > > them:
> > > >    http://www.makeuseof.com/tag/free-linux-antivirus-programs/
> > > > 
> > > > Meanwhile, portage only lists clamav under app-antivirus/.
> > > > 
> > > > The machine in question is running kmail to receive/send messages
> > > > from
> > > > ISP mail servers and ssmtp to send log messages for relaying via
> > > > said
> > > > ISP.
> > > > 
> > > > What have you tried and what would you recommend for such a desktop
> > > > setup?
> > > 
> > > I have to agree with most everyone else on this one.  You don't really
> > > need a anit-virus software to protect yourself.  I do think it is good
> > > that you want to protect others by catching them while on your machine
> > > and then you know not to spread them around to others who can be
> > > infected.  I used to do this a long time ago but I have policies here
> > > about sending messages to others.  Mostly, I don't do it unless I know
> > > it is virus free.  If I get a video that is funny or something, I find
> > > it on youtube and just forward a link to that.  I'm sure youtube checks
> > > its stuff to be sure it is clean.
> > > 
> > > If you set up a process like this, you shouldn't spread anything but
> > > you do have to think before hitting forward too.  I think people have
> > > figured out I don't forward just anything so I don't get a lot of
> > > "junk" anymore.
> > > 
> > > I do agree on using AVG as someone else posted.  I have that on my
> > > brothers XP box.  He likes it better than Norton that he used to pay
> > > for.  If you can get that running on Linux, then that would be great.
> > > Another pretty good one that I used to use was f-prot but I think AVG
> > > would be better still.
> > > 
> > > Dale
> > 
> > Is there an overlay that offers AVG or bitdefender?
> 
> looks like - but I just run the bitdefender script to extract, than used
> dpkg --force-all to install. Works well so far.
> 
> You can get a free personal use licence on their web site.

I am getting confused ...

Just looked at the ebuild for app-antivirus/bitdefender-scanner-7.6.4-r1 and 
it seems that the user has to fill in a form for an evaluation license only:

  http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/2/80/

The free bitdefender only offers MSWindows downloads:

  http://www.bitdefender.com/solutions/free.html#System Requirements

To use bitdefender for good on a *nix it seems that you have to pay ...  :(

Have I got this wrong?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Mark Knecht]

On Sat, Oct 29, 2011 at 8:39 AM, Mick <michaelkintzios@gmail.com> wrote:
<SNIP>
>
> The free bitdefender only offers MSWindows downloads:
>
>  http://www.bitdefender.com/solutions/free.html#System Requirements
>
> To use bitdefender for good on a *nix it seems that you have to pay ...  :(
>
> Have I got this wrong?
> --
> Regards,
> Mick
>

Mick,
   At the upper left of the page you linked to there was a link to ask
for a free license for personal use:

http://www.bitdefender.com/site/Products/ScannerLicense/

   Do any folks here regularly run virus scanning on Gentoo boxes?
Reading through the reasons you might want to I still see lack of root
access and quick fixes for security problems at Linux advantages. Only
the fact that Linux is more widely used every day is a reason to be
concerned about anyone trying to attack. (I think.)

   Do good backups of /home.

HTH,
Mark

Re: [gentoo-user] Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1893 bytes --]

On Saturday 29 Oct 2011 18:26:45 Mark Knecht wrote:
> On Sat, Oct 29, 2011 at 8:39 AM, Mick <michaelkintzios@gmail.com> wrote:
> <SNIP>
> 
> > The free bitdefender only offers MSWindows downloads:
> > 
> >  http://www.bitdefender.com/solutions/free.html#System Requirements
> > 
> > To use bitdefender for good on a *nix it seems that you have to pay ...
> >  :(
> > 
> > Have I got this wrong?
> > --
> > Regards,
> > Mick
> 
> Mick,
>    At the upper left of the page you linked to there was a link to ask
> for a free license for personal use:
> 
> http://www.bitdefender.com/site/Products/ScannerLicense/

Nice!  Thanks, I missed that!


>    Do any folks here regularly run virus scanning on Gentoo boxes?
> Reading through the reasons you might want to I still see lack of root
> access and quick fixes for security problems at Linux advantages. Only
> the fact that Linux is more widely used every day is a reason to be
> concerned about anyone trying to attack. (I think.)
> 
>    Do good backups of /home.

I have never run an antivirus apps on any of my boxen.  Only rkhunter and 
chkrootkit.

However, my other half deals with clients who sent and receive messages from 
their MSWindows machines that are occasionally infected with malicious 
MSWindows executables.  She wants to be able to check attachments in such a 
case, advise them and not forward further.

Meanwhile, I've installed avast! and I'm now running a mammoth scan on an ntfs 
partition.  It picked up two trojans.  I suspect that they are false 
positives, but will investigate further.  One of the files it picked up is the 
pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO.

Hmm .... it also thinks that some Batman Begins TS_01_0.VOB files (a back up I 
made of a legit DVD) are "... a decompression bomb!"  Puleeeeeze!  o_O
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 2456 bytes --]

On Oct 30, 2011 1:15 AM, "Mick" <michaelkintzios@gmail.com> wrote:
>
> On Saturday 29 Oct 2011 18:26:45 Mark Knecht wrote:
> > On Sat, Oct 29, 2011 at 8:39 AM, Mick <michaelkintzios@gmail.com> wrote:
> > <SNIP>
> >
> > > The free bitdefender only offers MSWindows downloads:
> > >
> > >  http://www.bitdefender.com/solutions/free.html#System Requirements
> > >
> > > To use bitdefender for good on a *nix it seems that you have to pay
...
> > >  :(
> > >
> > > Have I got this wrong?
> > > --
> > > Regards,
> > > Mick
> >
> > Mick,
> >    At the upper left of the page you linked to there was a link to ask
> > for a free license for personal use:
> >
> > http://www.bitdefender.com/site/Products/ScannerLicense/
>
> Nice!  Thanks, I missed that!
>
>
> >    Do any folks here regularly run virus scanning on Gentoo boxes?
> > Reading through the reasons you might want to I still see lack of root
> > access and quick fixes for security problems at Linux advantages. Only
> > the fact that Linux is more widely used every day is a reason to be
> > concerned about anyone trying to attack. (I think.)
> >
> >    Do good backups of /home.
>
> I have never run an antivirus apps on any of my boxen.  Only rkhunter and
> chkrootkit.
>
> However, my other half deals with clients who sent and receive messages
from
> their MSWindows machines that are occasionally infected with malicious
> MSWindows executables.  She wants to be able to check attachments in such
a
> case, advise them and not forward further.
>
> Meanwhile, I've installed avast! and I'm now running a mammoth scan on an
ntfs
> partition.  It picked up two trojans.  I suspect that they are false
> positives, but will investigate further.  One of the files it picked up is
the
> pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO.
>

If pagefile.sys is detected as a malware, most likely the actual malware was
once loaded into (Windows XP's) memory got swapped, and avast! picked up its
remnant. Loaded into memory doesn't mean that the malware was active, if the
Windows XP was equipped with a good antivirus.

> Hmm .... it also thinks that some Batman Begins TS_01_0.VOB files (a back
up I
> made of a legit DVD) are "... a decompression bomb!"  Puleeeeeze!  o_O

AFAIK "decompression bomb" is just avast!'s colorful way of saying that
"this file is compressed, and I can't uncompress it to scan its contents,
because there's not enough RAM to do a decompression."

Rgds,

[-- Attachment #2: Type: text/html, Size: 3344 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1158 bytes --]

On Saturday 29 Oct 2011 19:25:00 Pandu Poluan wrote:
> On Oct 30, 2011 1:15 AM, "Mick" <michaelkintzios@gmail.com> wrote:

> > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO.
> 
> If pagefile.sys is detected as a malware, most likely the actual malware
> was once loaded into (Windows XP's) memory got swapped, and avast! picked
> up its remnant. Loaded into memory doesn't mean that the malware was
> active, if the Windows XP was equipped with a good antivirus.

Interesting!  The WinXP has Microsoft Security Essentials on it.  I'll ask my 
wife if it picked up anything lately.

> > Hmm .... it also thinks that some Batman Begins TS_01_0.VOB files (a back
> 
> up I
> 
> > made of a legit DVD) are "... a decompression bomb!"  Puleeeeeze!  o_O
> 
> AFAIK "decompression bomb" is just avast!'s colorful way of saying that
> "this file is compressed, and I can't uncompress it to scan its contents,
> because there's not enough RAM to do a decompression."

Oh!  I see ...

(I was in close proximity when bombs were going off in London and I get a bit 
jumpy unnecessarily it seems! :))

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Re: Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 831 bytes --]

On Saturday 22 Oct 2011 21:31:32 Neil Bothwick wrote:
> On Sat, 22 Oct 2011 20:03:44 +0300, Nikos Chantziaras wrote:
> > ClamVM has poor detection rates.  You might want to look into AVG Free
> > for Linux.
> 
> Do you have any documentation for this?
> 
> I'm not saying you're wrong, rather that I'd like to know more.

This is not current, but if it is to be believed (and without details on the 
methodology I'd be reluctant to believe it) clamav came 2nd after Karspersky:

  http://www.builderau.com.au/blogs/byteclub/viewblogpost.htm?p=339270831


This on the other hand is both current and more meaningful, because it 
includes zero day attacks:

  http://www.shadowserver.org/wiki/pmwiki.php/AV/VirusDailyStats

ClamAV on linux comes 3rd for zero day attacks and 16th on retries.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1536 bytes --]

On Saturday 29 Oct 2011 19:40:49 Mick wrote:
> On Saturday 29 Oct 2011 19:25:00 Pandu Poluan wrote:
> > On Oct 30, 2011 1:15 AM, "Mick" <michaelkintzios@gmail.com> wrote:
> > > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO.
> > 
> > If pagefile.sys is detected as a malware, most likely the actual malware
> > was once loaded into (Windows XP's) memory got swapped, and avast! picked
> > up its remnant. Loaded into memory doesn't mean that the malware was
> > active, if the Windows XP was equipped with a good antivirus.
> 
> Interesting!  The WinXP has Microsoft Security Essentials on it.  I'll ask
> my wife if it picked up anything lately.

She can't recall any MSE reports of malware.  I did check the WinXP fs for all 
the files and registry entries that this trojan is meant to create and none 
were present.  Then I've zero'ed the pagefile and a second scan did not flag 
anything up.

I also checked for a reported trojan in a Windows 7 vdi file (in virtualbox).  
Nothing found there either.  I am tempted to think that avast! is rather 
super-sensitive.  However, avast! also picked up some php files from a backed 
up website - so this may be a worthwhile find.

Anyway, I can't make it integrate with kmail which was the original user 
requirement.  Tried this script but the kmail Antivirus Wizard will not pick 
it up:

   http://forum.avast.com/index.php?topic=17898.0

So I am now heading for clamav to see how that works with a Linux desktop.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[James Broadhead]

[-- Attachment #1: Type: text/plain, Size: 1944 bytes --]

I'm surprised that no one has mentioned rkhunter yet - loads of lib
exploits allow system access, and there's a pretty solid argument that says
that compromising a user account on the average *nix system allows enough
resourses to do a lot of malicious activity without even needing privilege
escalation.
On Oct 30, 2011 1:06 p.m., "Mick" <michaelkintzios@gmail.com> wrote:

> On Saturday 29 Oct 2011 19:40:49 Mick wrote:
> > On Saturday 29 Oct 2011 19:25:00 Pandu Poluan wrote:
> > > On Oct 30, 2011 1:15 AM, "Mick" <michaelkintzios@gmail.com> wrote:
> > > > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO.
> > >
> > > If pagefile.sys is detected as a malware, most likely the actual
> malware
> > > was once loaded into (Windows XP's) memory got swapped, and avast!
> picked
> > > up its remnant. Loaded into memory doesn't mean that the malware was
> > > active, if the Windows XP was equipped with a good antivirus.
> >
> > Interesting!  The WinXP has Microsoft Security Essentials on it.  I'll
> ask
> > my wife if it picked up anything lately.
>
> She can't recall any MSE reports of malware.  I did check the WinXP fs for
> all
> the files and registry entries that this trojan is meant to create and none
> were present.  Then I've zero'ed the pagefile and a second scan did not
> flag
> anything up.
>
> I also checked for a reported trojan in a Windows 7 vdi file (in
> virtualbox).
> Nothing found there either.  I am tempted to think that avast! is rather
> super-sensitive.  However, avast! also picked up some php files from a
> backed
> up website - so this may be a worthwhile find.
>
> Anyway, I can't make it integrate with kmail which was the original user
> requirement.  Tried this script but the kmail Antivirus Wizard will not
> pick
> it up:
>
>   http://forum.avast.com/index.php?topic=17898.0
>
> So I am now heading for clamav to see how that works with a Linux desktop.
>
> --
> Regards,
> Mick
>

[-- Attachment #2: Type: text/html, Size: 2521 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 947 bytes --]

On Sunday 30 Oct 2011 13:32:26 James Broadhead wrote:
> I'm surprised that no one has mentioned rkhunter yet - loads of lib
> exploits allow system access, and there's a pretty solid argument that says
> that compromising a user account on the average *nix system allows enough
> resourses to do a lot of malicious activity without even needing privilege
> escalation.

I have ...

All I use on my boxen is chkrootkit and rkhunter.

rkhunter-1.3.8 is currently giving me false positives:
======================
File properties checks...
    Required commands check failed
    Files checked: 138
    Suspect files: 1

Rootkit checks...
    Rootkits checked : 245
    Possible rootkits: 2
    Rootkit names    : Xzibit Rootkit, Knark Rootkit

Applications checks...
    Applications checked: 3
    Suspect applications: 0
======================

This is known and I believe fixed in later versions.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[James Broadhead]

[-- Attachment #1: Type: text/plain, Size: 374 bytes --]

I'm surprised that no one has mentioned rkhunter yet - loads of lib
exploits allow system access, and there's a pretty solid argument that says
that compromising a user account on the average *nix system allows enough
resourses to do a lot of malicious activity without even needing privilege
escalation.
On Oct 30, 2011 1:06 p.m., "Mick" <michaelkintzios@gmail.com> wrote:

[-- Attachment #2: Type: text/html, Size: 511 bytes --]

Re: [gentoo-user] Which desktop antivirus?

[James Broadhead]

On 30 October 2011 15:29, Mick <michaelkintzios@gmail.com> wrote:
> On Sunday 30 Oct 2011 13:32:26 James Broadhead wrote:
>> I'm surprised that no one has mentioned rkhunter yet
>
> I have ...

Oops, sorry! I was reading the thread on my phone, and must have missed it.

JB