(?) The Answer Gang (!)

By Jim Dennis, Ben Okopnik, Dan Wilder, the Editors of Linux Gazette... and You!
Send questions (or interesting answers) to tag@lists.linuxgazette.net

(?) linux anti virus?

From Jugs

Answered By Mike Orr, Heather Stern

On Sat, Sep 16, 2000 at 03:59:53PM +0200, jugs wrote:

(?) hi
i wonder if you could help?.
i am running a mail/internet server with the red hat linux (6.2) operating system. Viruses are getting through the end user via emails and are spread over my local area network.

1) is there any anti virus software that i can get for the linux box?

(!) [Mike] Yes, but I don't know the names offhand. Check previous issues of The Answer Gang, News Bytes, the LG search page, and www.securityportal.comi.
(!) [Heather] Yes. I'm operating on the assumption that your linux box is the hub through which all mail is received, maybe even the only place that mail really comes to, because the typical Windows or Mac client uses POP.
You could use:
AMaViS (A Mail Virus Scanner) ...note, they have a bunch of great links too!
Freshmeat has a whole section on antivirus daemons
Mind you, most of these require that you have the linux version of one of the commercial vendors' antivirus apps, or, they're meant to deal with problems which usually break the clients (e.g. poor MIME construction, etc). At least one of the commercial vendors has a complete solution for us though... and a handful of other 'Ix flavors too:
Trend Micro's Interscan VirusWall
...and in case anyone is wondering whether it only works on RH, I have a few clients who got it working on SuSE and seem pretty happy with it.
For those who prefer to go with all free parts, I have to note, VACina (a sourceforge project) isn't very far along, and anti-spam stuff can be twisted only so far if you aren't planning to become an antivirus engineer on your own.

(?) 2) the option of buying software for each machine wipes my budget out. preferably the solution that i would like would be to stop the virus at the server.

(!) [Heather] That shouldn't be a problem, the stuff I described above works at the server level. I have to warn you though, thaat I used to work in the antivirus field, and until those macro viruses (yeah, viruses ... the biological ones are virii) came around, the vast percentage of infections were from accidental boots off a floppy. There's also a type of virus that is carried in programs, but as soon as given a chance, hits the boot sector too. So going without some sort of resident checker, or if that's too much, then a downtime window where your staff goes through and checks all the machines, is not really doing a complete job.
A school I did a bunch of work with solved the problem in their labs in this way: every evening when the lab closed, they'd go around with a spot checker and take notes what was found. They didn't waste time cleaning any, they just reformatted and reinstalled the OS from a network image. (Among other things, that way they didn't have to worry if they missed some new breed.) But they posted the note on the wall, how many viruses were found the night before. They also made it easy for students to spot check their disks. Of course, the school had an educational license to the AV software. You can think of this as the "free clinic" style of solving it, if you like... though real illnesses, sadly, can't be solved by reformatting the human.
But, I can't say what your budget really is. In the end, you'll have to decide if you want to spend more time or more money.

(?) if you could suggest a solution i would be grateful

thanking you

(!) [Heather] Everyone else wondering about solutions for their virus ills in a mixed environment, surely thanks you for asking, Jugs. Good luck in the battle!

This page edited and maintained by the Editors of Linux Gazette Copyright © 2001
Published in issue 63 of Linux Gazette February Extra 2001
HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/

[ Answer Guy Current Index ] greetings   1   2   3   4   5   6   7 [ Index of Past Answers ]