-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fred A. Miller wrote:
Carlos E. R. wrote:
The Monday 2008-07-07 at 22:11 -0400, Fred A. Miller wrote:
Linux viruses tend to be scarce. In fact, IIRC, there's never been a successful one. So, what would you scan for, other than perhaps email carrying a Windows virus?
That's a good part of why I'm getting requests. And, I recently passed on a worm NOT knowing it was attached. I don't care to do that again.
The point is, you do NOT need dazuko to scan mails for viruses and worms.
Sure......SAMBA and MickySoft anti-virus.....now that's a worthwhile solution.....NOT!
Fred
I think that what Carlos is suggesting is that Samba implements the AV on-access scan (hopefully when files move from filestore, to filestore or both). Full scans would then really only be needed after a virus database update. I have a vague sense of deja vu here. There is is a tendency for some people to go for overkill solutions with AV strategies and to be frank on a Linux machine full on-access scanning is overkill. Linux does not really have the points of vulnerability to file based viruses that Windows has unless one is doing something very silly. Boot sector viruses could be problematic, but they usually only activate on bootable devices and always have been an easily controlled threat outside of DOS based systems. A more effective approach to scanning with the *NIX world probably would be monitoring for applications that are attempting to do things they should not. The threats are there but I would suggest a rather different approach is required for the *NIX world. I have worked with at least one server based AV on access solution (non-Linux/Windows) with which it was found that not only e-mails were being scanned on arriving, they were scanned on delivery to the file system, and then scanned when read the users mail client. With all the subsequent performance hit this entailed. At the moment, with a report by one individual on this list that ClamAV only detected 60% of a virus test set and Antivir a better (but still unacceptable) 95% on the same set, rather suggest (at least until these products are either more fully assessed, or someone can point to such an assessment) these products are currently *not* up to the task anyway so this issue could really be a moot point. For the record I had done a quick search to see if ClamAV had ever gone through such an assessment and I was a bit surprised to find it never really has... the ClamAV site has a rather weak set of comments about untangled (but on some the comments of the validity of untangled results elsewhere suggests that that outfits results should be treated with some caution). However, the virus bulletin has recently done an assessment of Linux based AV products on ubuntu... You will need to register to access the info but is is worth a look at... http://www.virusbtn.com/vb100 A corporate user should be able to afford a properly tested commercial solution if this that important to them, and until the open source products are good enough to withstand this kind of assessment I think there is a bit of problem here. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFIc8HMasN0sSnLmgIRAiU2AJ494RED/SOFc57H1W3jb2NwFbGB0QCeIopI tf3mtLOeTYquI4XbDUZYrUI= =rP3x -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org