FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 05-09-2008, 03:23 AM
"Tony Caudel"
 
Default Best anti-virus

I am currently using the clamv anti-virus program.* I was wondering if there is a better one for Gentoo, especially one that integrates well with Thunderbird.* That has been my one disappointment with clamav.* Not necessarily clamav's fault since T/B maintains its emails in one long file.


Tony
--
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
*-- Benjamin Franklin
 
Old 05-09-2008, 11:42 AM
"Abraham Gyorgy"
 
Default Best anti-virus

If you want open source antivirus, you can only use ClamAV.
Anyway there are a number of free or commercial antivirus solutions for Linux. (I don't know if any of these supports Thunderbird).

http://www.linux.com/articles/22899


This is a good article about antivirus solutions. You can use ClamAV along with Sylpheed(Claws) because it has integration for it.

Bye, Gyuszk

2008/5/9 Tony Caudel <tony.caudel@gmail.com>:

I am currently using the clamv anti-virus program.* I was wondering if there is a better one for Gentoo, especially one that integrates well with Thunderbird.* That has been my one disappointment with clamav.* Not necessarily clamav's fault since T/B maintains its emails in one long file.



Tony
--
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
*-- Benjamin Franklin
 
Old 05-09-2008, 11:58 AM
Dirk Heinrichs
 
Default Best anti-virus

Am Freitag, 9. Mai 2008 schrieb ext Tony Caudel:

> I am currently using the clamv anti-virus program. I was wondering if
> there is a better one for Gentoo, especially one that integrates well
> with Thunderbird. That has been my one disappointment with clamav. Not
> necessarily clamav's fault since T/B maintains its emails in one long
> file.

Hmm, how many Linux viruses exist out there? Usually these Linux based anti
virus progs only make sense on mail servers that receive mail for Windows
users.

Or am I completely wrong here?

Bye...

Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
 
Old 05-09-2008, 12:30 PM
Volker Armin Hemmann
 
Default Best anti-virus

On Freitag, 9. Mai 2008, Dirk Heinrichs wrote:
> Am Freitag, 9. Mai 2008 schrieb ext Tony Caudel:
> > I am currently using the clamv anti-virus program. I was wondering if
> > there is a better one for Gentoo, especially one that integrates well
> > with Thunderbird. That has been my one disappointment with clamav. Not
> > necessarily clamav's fault since T/B maintains its emails in one long
> > file.
>
> Hmm, how many Linux viruses exist out there? Usually these Linux based anti
> virus progs only make sense on mail servers that receive mail for Windows
> users.
>
> Or am I completely wrong here?

better save than sorry - and there is more malware than virus' and worms. A
good av might be able to find some of the less sophisticated rootkits too.
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-09-2008, 12:50 PM
Dirk Heinrichs
 
Default Best anti-virus

Am Freitag, 9. Mai 2008 schrieb ext Volker Armin Hemmann:
> On Freitag, 9. Mai 2008, Dirk Heinrichs wrote:
> > Am Freitag, 9. Mai 2008 schrieb ext Tony Caudel:
> > > I am currently using the clamv anti-virus program. I was wondering
> > > if there is a better one for Gentoo, especially one that integrates
> > > well with Thunderbird. That has been my one disappointment with
> > > clamav. Not necessarily clamav's fault since T/B maintains its
> > > emails in one long file.
> >
> > Hmm, how many Linux viruses exist out there? Usually these Linux based
> > anti virus progs only make sense on mail servers that receive mail for
> > Windows users.
> >
> > Or am I completely wrong here?
>
> better save than sorry - and there is more malware than virus' and worms.
> A good av might be able to find some of the less sophisticated rootkits
> too.

On Linux, to be affected by malware received via mail, the user has to
explicitely:

1) Save the attachment
2) make it executable
3) finally run it

If you do all this with an attachment (eventually) received from an unknown
source, you deserve having your data deleted ;-)

Bye...

Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
 
Old 05-09-2008, 12:51 PM
Neil Bothwick
 
Default Best anti-virus

On Fri, 9 May 2008 13:42:28 +0200, Abraham Gyorgy wrote:

> This is a good article about antivirus solutions. You can use ClamAV
> along with Sylpheed(Claws) because it has integration for it.

Which? Sylpheed or Claws? They are now separate programs. Claws Mail no
longer has a clamav plugin because libclamav is GPL 2 only and Claws is
GPL 3, although you can still use actions to pass mails through clamd.
there is a GPL3 compatible plugin that uses clamd rather than linking to
libclamav but it's not in the official distribution.


--
Neil Bothwick

The truth shall make you free, but first it shall piss you off.
 
Old 05-09-2008, 12:52 PM
Alan McKinnon
 
Default Best anti-virus

On Friday 09 May 2008, Dirk Heinrichs wrote:
> Am Freitag, 9. Mai 2008 schrieb ext Tony Caudel:
> > I am currently using the clamv anti-virus program. I was wondering
> > if there is a better one for Gentoo, especially one that integrates
> > well with Thunderbird. That has been my one disappointment with
> > clamav. Not necessarily clamav's fault since T/B maintains its
> > emails in one long file.
>
> Hmm, how many Linux viruses exist out there? Usually these Linux
> based anti virus progs only make sense on mail servers that receive
> mail for Windows users.
>
> Or am I completely wrong here?

I don't think you are wrong. I know that theoretical Linux viruses do
exist, but I've yet to actually see one in the wild.

Mail with a virus payload doesn't make much sense in the Linux world -
how would the payload launch? Mail clients don't launch executables and
they don't do it on Windows either - they tend to take advantage of
ActiveX, VBMacros or whatever other sandbox applet MS comes up with
next week. Linux doesn't have such things.

Rootkits do exist though. But how is an anti-virus program going to
detect them? By running as root???? OMFG. I think I will be much much
much safer NOT running Symantec's latest and greatest than running it.


--
Alan McKinnon
alan dot mckinnon at gmail dot com

--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-09-2008, 07:25 PM
"Tony Caudel"
 
Default Best anti-virus

On Fri, May 9, 2008 at 6:58 AM, Dirk Heinrichs <dirk.heinrichs.ext@nsn.com> wrote:
*

Hmm, how many Linux viruses exist out there? Usually these Linux based anti

virus progs only make sense on mail servers that receive mail for Windows

users.



Or am I completely wrong here?
On the other hand, plenty of us then forward this mail to our windoze-using friends who would be very unhappy if we infected them.

--
Those who would give up essential Liberty, to purchase a little temporary

Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin
 
Old 05-09-2008, 08:58 PM
Albert Hopkins
 
Default Best anti-virus

On Fri, 2008-05-09 at 14:25 -0500, Tony Caudel wrote:
> On the other hand, plenty of us then forward this mail to our
> windoze-using friends who would be very unhappy if we infected them.

Then let them get the anti-virus software.

-a


--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-10-2008, 12:13 AM
7v5w7go9ub0o
 
Default Best anti-virus

Tony Caudel wrote:

I am currently using the clamv anti-virus program. I was wondering if there
is a better one for Gentoo, especially one that integrates well with
Thunderbird. That has been my one disappointment with clamav. Not
necessarily clamav's fault since T/B maintains its emails in one long file.

Tony



I am extremely pleased with Antivir (aka Avira) and its realtime LKM,
Dazuko!


1. The Antivir database and heuristics contain dozens of Linux-specific
rootkits and Trojans. These in addition to Windows sigs. FWICT, the
only freeware AntiMalware that take Linux seriously (Kaspersky payware
does).


2. With Dazuko - a LKM, developed by AntiVir/Avira which provides
real-time, on-access (read/write) scanning within directories you
specify in configuration. I scan mail (in a chroot jail), browser and
downloads (within a chroot jail, within RamDisk), Portage and portage
work areas, and /home.


Given that emerges are done with Root privilege, this scanning for
signatures may keep your box from being borked, should someone hack a
distribution site, or poison the DNS system, or etc.


3. Recent testing by Windows testers indicate that Antivir is now one
of the better windows AV's, and that their heuristics are quite
effective. I'd guess the same to be true for 'ix.


4. It scans for Linux screwups. :-) :-) e.g. here's one that I have left
unrepaired because I think it's so great:


"ANTIVIR 2008-05-05_05:49:12.39449 Mon May 5 01:49:12 2008 WARNING:
file '/etc/openvpn/trustconnect/pwd' is group or others accessible"


5. its heuristics have notified me of XSS script attacks (at test sites)
after scanning scripts loaded into the browser cache, with "suspicious
script" warnings - and blocking that script from use by the browser. The
only other tool of similar function that I know of is "NoScript", an
extension for use in FireFox.


6. I run WAN/LAN-connected applications in chroot jails (Grsecurity
Hardened). Anything downloaded into a browser jail, lftp or TBird jail
is moved to a "download" area via a script that invokes a deep scan by
Antivir after it gets there. Dazuko invokes a second scan, as it also
monitors that area.


7. AntiVir is not in portage. Dazuko is. Dazuko can be used with other
AntiMalwares, or customized to respond to user-created tests (e.g.
changed file).


8. Linux and Unix oldtimers will scoff at real-time malware scanning -
but I'm convinced that in todays world, realtime scanning is one
important thing (perhaps the only thing) that we can learn from Windows.


HTH



--
gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 09:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org