Is there any good virus scanner program that runs on RedHat Linux 4.2
and 6.0 under command line?
Please reply via email if possible.
Sent via Deja.com http://www.deja.com/
Before you buy.
> Is there any good virus scanner program that runs on RedHat Linux 4.2
> and 6.0 under command line?
> Please reply via email if possible.
> Sent via Deja.com http://www.deja.com/
> Before you buy.
But if an intruder can gain root access to a Linux system,
he can do damage directly or modify important system programs
so they function as trojan horses. Intruders can gain
access by failure to use basic security protections like
tcp wrappers. But they can also gain access by exploiting
bugs in programs needed to communicate with the outside
world. An example of such a program is sendmail. There is
a constant battle going on between crackers and people maintaining
those programs in which the former try to find new vulnerabilities
and the latter try to fix them. That is why it is important to
keep up to date on security fixes and periodically to upgrade
your system. Also, you should obviously be careful about
installing programs as root the source of which you are not
sure you can trust. Often providers of packages will include
digital signatures which can be checked to make sure the
package has not been tampered with.
There are programs to help you detect intrusions, but one
simple thing you can do with RedHat systems (or other systems
using rpm package management) is to use the -V option to the
rpm command. This will detect changes in files when compared
to what the rpm database things should be there. You have
to run it as root, and just because a file seems to have
been changed, it doesn't necessarily indicate an intrusion.
rpm -V util-linux
rpm -V fileutils
show either /bin/login or /bin/ls as changed with a 'U'
in the list of changes, that suggests someone has modified
files. Or since these programs are often targets, it
might be worthwhile keeping copies on a floppy disk or
hidden somewhere with names known only to you and then
comparing them periodically. You could also do checksums
on the installed versions and check periodically that
the sums have not changed.
One reason for changing ls for example is so the cracker
can create directories (usually starting with '.') that you
can't see. Another way to find such directories might be
tar cv directory_name | tar tv
But of course the cracker could also modify tar if he has
root access. It is a question of how far the cracker wants
to go to foil your attempts to find his handywork.
Once you've discovered that an intruder has got into your
system, it is usually best to clean your disk and reinstall.
Dept. of Mathematics, Northwestern Univ., Evanston, IL 60208
Most people who ask for linux based virus scanners are looking
for scnaners that detect windows virii. IE for a gateway or
firewall machine, to inspect emails and whatnot going back and forth.
Beyound that, it is a myth that virii don't exist under Linux. They
can and have existed in pretty much every OS known.
"You're one of those condescending UNIX users! ...."
"Here's a nickel kid ... get yourself a real computer."
1. Virus Scan
I am using RedHat 6.1 and running Sendmail 8.12.9 on it.
Is that any advice on any good virus scanners or anyone had used any of them
in the industry?