[CentOS] Antivirus for CentOS? (yuck!)

NM nico at altiva.fr
Thu Apr 23 20:12:51 UTC 2009


On Thu, 22 Jan 2009 15:55:11 -0500, Adam Tauno Williams wrote:

> Yes, you gain the ability to detect a compromised server.

Absolutely not, you don't gain that ability at all. Again we're talking 
*viruses* not all malware. An antivirus will never detect a good rootkit; 
modern rootkit employ sophisticated stealth techniques and hide 
themselves and their files from all other processes. They typically 
insert an invisible kernel module. An antivirus can't do squat about 
that ... because that's not a virus anyway.

On the other hand an antivirus is yet another piece of useless garbage 
running on your server, and one more opportunity for an attacker to pwn 
you. 



More information about the CentOS mailing list