Virus Scan Utility

Virus Scan Utility

Post by Bosco Tsan » Wed, 02 Feb 2000 04:00:00



Is there any good virus scanner program that runs on RedHat Linux 4.2
and 6.0 under command line?

Please reply via email if possible.

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

Virus Scan Utility

Post by Leonard Even » Thu, 03 Feb 2000 04:00:00



> Is there any good virus scanner program that runs on RedHat Linux 4.2
> and 6.0 under command line?

> Please reply via email if possible.

> Sent via Deja.com http://www.deja.com/
> Before you buy.

There are no Linux viruses comparable to Windows viruses.   The
latter depend on specific features of the Windows operating
system and file system.   Viruses are not as much of a problem
for Linux systems because those attempting to crack Linux
systems often aren't interested in doing random damage but
in using those systems for further cracking.

But if an intruder can gain root access to a Linux system,
he can do damage directly or modify important system programs
so they function as trojan horses.   Intruders can gain
access by failure to use basic security protections like
tcp wrappers.  But they can also gain access by exploiting
bugs in programs needed to communicate with the outside
world.  An example of such a program is sendmail.  There is
a constant battle going on between crackers and people maintaining
those programs in which the former try to find new vulnerabilities
and the latter try to fix them.   That is why it is important to
keep up to date on security fixes and periodically to upgrade
your system.   Also, you should obviously be careful about
installing programs as root the source of which you are not
sure you can trust.  Often providers of packages will include
digital signatures which can be checked to make sure the
package has not been tampered with.

There are programs to help you detect intrusions, but one
simple thing you can do with RedHat systems (or other systems
using rpm package management) is to use the -V option to the
rpm command.   This will detect changes in files when compared
to what the rpm database things should be there.   You have
to run it as root, and just because a file seems to have
been changed, it doesn't necessarily indicate an intrusion.
But if
rpm -V util-linux
rpm -V fileutils
show either /bin/login or /bin/ls as changed with a 'U'
in the list of changes, that suggests someone has modified
files.   Or since these programs are often targets, it
might be worthwhile keeping copies on a floppy disk or
hidden somewhere with names known only to you and then
comparing them periodically.  You could also do checksums
on the installed versions and check periodically that
the sums have not changed.

One reason for changing ls for example is so the cracker
can create directories (usually starting with '.') that you
can't see.   Another way to find such directories might be
to use
tar cv directory_name | tar tv
But of course the cracker could also modify tar if he has
root access.  It is a question of how far the cracker wants
to go to foil your attempts to find his handywork.

Once you've discovered that an intruder has got into your
system, it is usually best to clean your disk and reinstall.

--


Dept. of Mathematics, Northwestern Univ., Evanston, IL 60208

 
 
 

Virus Scan Utility

Post by Jeff Gent » Thu, 03 Feb 2000 04:00:00


: There are no Linux viruses comparable to Windows viruses.   The
: latter depend on specific features of the Windows operating
: system and file system.   Viruses are not as much of a problem
: for Linux systems because those attempting to crack Linux
: systems often aren't interested in doing random damage but
: in using those systems for further cracking.

Most people who ask for linux based virus scanners are looking
for scnaners that detect windows virii.  IE for a gateway or
firewall machine, to inspect emails and whatnot going back and forth.

Beyound that, it is a myth that virii don't exist under Linux.  They
can and have existed in pretty much every OS known.

--

"You're one of those condescending UNIX users! ...."
"Here's a nickel kid ... get yourself a real computer."

 
 
 

Virus Scan Utility

Post by deku.. » Fri, 04 Feb 2000 04:00:00


Quote:>McAfee also have a virus scanner for linux but I don't know "how up to date"
>it is; it is ver 4.04.

well, yes it exists but u can only use it ,in my understanding, on the
vfat partition, so u can only scan the M$ slice of the sistem.

dek