Hello, until now I don't scan my Linux only system for viruses, but since I get more and more MS Word Documents which I open with OpenOffice I fear that I get macro viruses, since OO convertes quite well. Do I need to be afraid of these viruses? With Windows I used in the past f-prot (www.fprot.org) to scan my system, this is now also availabel for linux. How is the experience with this program? I thought of installing the f-prot start command in KMail so that the Mail directory will be scanned when a Mail is received. I this a good idea or is thee a better solution for a dialin connecton? Sorry when these questions are ot so prefessisonal - I still work on the bases of linux. Thanks a lot Michael
Michael Hoeller (MichaelHoeller@t-online.de) wrote:
With Windows I used in the past f-prot (www.fprot.org) to scan my system, this is now also availabel for linux. How is the experience with this program?
I'm very satisfied.
I thought of installing the f-prot start command in KMail so that the Mail directory will be scanned when a Mail is received. I this a good idea or is thee a better solution for a dialin connecton?
Since I run qmail on my SuSE box, I patched it and use it with qmail-scanner which automatically calls f-prot scan-engine and if there is some virus found, I get report as an email, and virus is put in quarantine where I can check it and remove it. Very useful.
Sorry when these questions are ot so prefessisonal - I still work on the bases of linux.
No problem. I'm still in the same boat :-) Sincerely, Gour -- Gour gour@mail.inet.hr Registered Linux User #278493
Am Sonntag 16 Februar 2003 10:57 schrieb Gour: Hi, it's probably a bit off-topic and I'll earn a lot of *plonk*'s for this post, but anyway...
Since I run qmail on my SuSE box, I patched it and use it with qmail-scanner which automatically calls f-prot scan-engine and if there is some virus found, I get report as an email, and virus is put in quarantine where I can check it and remove it. Very useful.
This is a point I disagree strongly with. I consider the idea of installing a virus scanner in the mailsystem greatly flawed and/or contraproductive: Why do people tend to see bugs in the Microsoft system as something completly normal, which that linux thingee over there in corner has to take care of? Why is it, that the problem is not fixed, where it occurs? Either by finally replacing Outlook (it's not like there are no alternatives), or at least by putting a decent AV Software on the according client and giving the users a basic "How to use the net" tutorial (after all: Would you give someone a loaded weapon without some instructions)? Such a tutorial could easily be put in the emailfolder upon account creation. Educating users may be something very uncompfortable (for both, you and them), but in the long run could save you a lot of trouble (like user A complaining about how long it takes to download the 30MB+ word document, via ISDN, user B sent to the team mailing list). After all, if you cannot disciple your users into not using a certain broken email app, how do you prevent them from setting up a second account with some freemailer and getting their share of malware through there? -- Patrick Ahlbrecht - billiton internetservices Systemadministration direct phone: 0271/3038619
On Sun, Feb 16, 2003 at 02:55:49PM +0100, Patrick Ahlbrecht wrote:
Educating users may be something very uncompfortable (for both, you and them), but in the long run could save you a lot of trouble (like user A complaining about how long it takes to download the 30MB+ word document, via ISDN, user B sent to the team mailing list). After all, if you cannot disciple your users into not using a certain broken email app, how do you prevent them from setting up a second account with some freemailer and getting their share of malware through there?
Proxy's and Firewalls ;) But ok, you cannot stop users from doing the wrong things with just technical options. Its right that you SHOULD teach your users how to use the net. But its also a FACT that many ppl disable virusscanners because of they slow down the maschines. Surely you're able to setup rules which will prevent doing this, but you increases the work for you/the admin. Putting scanners on central communication points is imho a good idea: you've just a few scanners you REALLY need to keep with actual virus files, noone, besides you ;), can easily disable the scanner. And another maybe not so unimportant point is the TOC: have you ever bought licenses for 100+ Clients? ;) I fully agree with you on the part that users should be teached and told whats good and whats bad, because they cannot take the virus scanner from work to home, but their brain ;) I disagree with your point of view that content scanners are a bad idea, but i see no point for flaming you :) regards, Sven PS: exchanging malware is good, but its like steal the lolli of a little child .. cause its soooo easy and colorful .. *d0h* ;)
Am Sonntag 16 Februar 2003 14:53 schrieben Sie:
On Sun, Feb 16, 2003 at 02:55:49PM +0100, Patrick Ahlbrecht wrote:
Educating users may be something very uncompfortable (for both, you and them), but in the long run could save you a lot of trouble (like user A complaining about how long it takes to download the 30MB+ word document, via ISDN, user B sent to the team mailing list). After all, if you cannot disciple your users into not using a certain broken email app, how do you prevent them from setting up a second account with some freemailer and getting their share of malware through there?
Proxy's and Firewalls ;) But ok, you cannot stop users from doing the wrong things with just technical options. Its right that you SHOULD teach your users how to use the net.
That is the point, firewalls proxies and the like level the problem a bit, but you still have to figure out, which stupid things your users are up to at the moment and trying to work around that usually costs time, not to mention risking system instability/obscurity.
But its also a FACT that many ppl disable virusscanners because of they slow down the maschines.
So we put them on the servers and urge management to spill out same extra bucks for some HW upgrade, right ;-)?
Surely you're able to setup rules which will prevent doing this, but you increases the work for you/the admin. Putting
Actually I think, that this is the way of doing this. A few, sane corporate rules with do's and dont's would imho remove much workload of the admin, as s/he won't have to work around problems born out of stupidity (or better said: uneducatedness).
scanners on central communication points is imho a good idea: you've just a few scanners you REALLY need to keep with actual virus files, noone, besides you ;), can easily disable the scanner.
AFAIK AV software is nowadays cabable of autoupdates.
And another maybe not so unimportant point is the TOC: have you ever bought licenses for 100+ Clients? ;)
This is an interesting point by the way, and one that should instantly ban M$ Outlook from each and every client. The AV Software is only needed, because ppl are using a broken by design system, undoing with this (does one really have to use outlook, if the only requirement is to sent/receive mail?). Thinking a bit more about it, two questions remain nevertheless: a) If no one uses outlook, would I need an AV soft license for my server? b) Is email really the only way to catch malware? Thinking about Dialer spams (the ones, only containing links to the real d/l) or diskettes... ... Personally I strongly believe, that each and everyone using a M$ system should also have some AV soft installed for his/her own safety.
I fully agree with you on the part that users should be teached and told whats good and whats bad, because they cannot take the virus scanner from work to home, but their brain ;)
Bingo. Right now, I really consider, if it would be usefull to initialize every newly created emailaccount in my mailsystem with a short tutorial of do's and don'ts.
I disagree with your point of view that content scanners are a bad idea, but i see no point for flaming you :)
Oh, I don't think they are a bad idea ;-). I just think they should be installed where the problem is.
PS: exchanging malware is good, but its like steal the lolli of a little child .. cause its soooo easy and colorful .. *d0h* ;)
To be honest, sometimes I wouldn't mind, if more malware was distributed. Pain can have a tremendous learning effect ;-> -- Patrick Ahlbrecht - billiton internetservices Systemadministration direct phone: 0271/3038619
Patrick Ahlbrecht (p.ahlbrecht@billiton.de) wrote:
Since I run qmail on my SuSE box, I patched it and use it with qmail-scanner which automatically calls f-prot scan-engine and if there is some virus found, I get report as an email, and virus is put in quarantine where I can check it and remove it. Very useful.
This is a point I disagree strongly with. I consider the idea of installing a virus scanner in the mailsystem greatly flawed and/or contraproductive:
Pls. cool down :-)
Educating users may be something very uncompfortable (for both, you and them), but in the long run could save you a lot of trouble (like user A complaining about how long it takes to download the 30MB+ word document, via ISDN, user B sent to the team mailing list). After all, if you cannot disciple your users into not using a certain broken email app, how do you prevent them from setting up a second account with some freemailer and getting their share of malware through there?
I'm speaking about single-user dialup account where I fetch my mail with fetchmail/getmail and filter it with procmail/maildrop, and I want to be sure that all the garbage ie. virus attachments are removed. It doesn't take too long to scan the messages before leaving them to enter sorting phase. If there is a question of mail server, then this is another scenario, but I didn't have feeling that some Linux newbie is running the mail server :-) Sincerely, Gour -- Gour gour@mail.inet.hr Registered Linux User #278493
Hi Michael, you could let "fetchmail" fetch the mail from the external (pop3) Server and let "amavis" check the incoming mail with f-prot. Than KMail can fetch the checked mail from the local postbox. Or you could go even one step further and use a forwarding-only smpt-server on your local computer and let amavis also check your outgoing mail. The f-prot for Linux packet includes also a script to check for and install new antivirus signature files from their ft-server. The whole stuff sounds more complicated than it is on a modern SuSE Linux system; most things are available via yast... (If you like, ask me for some concrete tips of installation on a German SuSE system via pm. I don't want to post the German names of settings-dialogues etc. on this english spoken list...) On Sonntag, 16. Februar 2003 00:25, Michael Hoeller wrote:
until now I don't scan my Linux only system for viruses, but since I get more and more MS Word Documents which I open with OpenOffice I fear that I get macro viruses, since OO convertes quite well. Do I need to be afraid of these viruses?
With Windows I used in the past f-prot (www.fprot.org) to scan my system, this is now also availabel for linux. How is the experience with this program?
I thought of installing the f-prot start command in KMail so that the Mail directory will be scanned when a Mail is received. I this a good idea or is thee a better solution for a dialin connecton?
-- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216
On Sun, Feb 16, 2003 at 12:25:21AM +0100, Michael Hoeller wrote:
With Windows I used in the past f-prot (www.fprot.org) to scan my system, this is now also availabel for linux. How is the experience with this program?
The usage and detection rates of the linux version are very similar to the dos version.
I thought of installing the f-prot start command in KMail so that the Mail directory will be scanned when a Mail is received. I this a good idea or is thee a better solution for a dialin connecton?
You should be aware that many products (including f-prot) have problems scanning mailbox files. If I collect all infected mails I receive in one mailbox file, f-prot finds less than 10% of them (other products are no better). The less convenient but more secure way is to save all attachments (and downloaded files) in a separate directory that is scanned before any of this files is used elsewhere. -- Michel Messerschmidt lists@michel-messerschmidt.de antiVirusTestCenter, Computer Science, University of Hamburg
El sáb, 15-02-2003 a las 20:25, Michael Hoeller escribió:
until now I don't scan my Linux only system for viruses, but since I get more and more MS Word Documents which I open with OpenOffice I fear that I get macro viruses, since OO convertes quite well. Do I need to be afraid of these viruses?
I don't think so... I suppose that OO have better security and don't execute macros on opening the infected file. Antivirus software also usually checks for trojans, backdoors and some exploits, so is not only for virus that you could consider to use them
With Windows I used in the past f-prot (www.fprot.org) to scan my system, this is now also availabel for linux. How is the experience with this program?
Not tried f-prot for linux... avp for linux, in the other hand, seems to be very good (at least at the mail server I'm using it)
I thought of installing the f-prot start command in KMail so that the Mail directory will be scanned when a Mail is received. I this a good idea or is thee a better solution for a dialin connecton?
There are several script that are invoked at procmail level or so that checks mail for virus (you can configure several antivirus) and spam. I think that this is better than only let f-prot check your mail. -- Gustavo Muslera <gmuslera@internet.com.uy>
participants (7)
-
David Huecking -
Gour -
Gustavo Muslera -
MichaelHoeller@t-online.de -
Michel Messerschmidt -
Patrick Ahlbrecht -
Sven Michels