[CentOS] Antivirus for CentOS? (yuck!)
Adam Tauno Williams
awilliam at whitemice.org
Thu Jan 22 20:55:11 UTC 2009
On Thu, 2009-01-22 at 21:24 +0100, Ralph Angenendt wrote:
> Adam Tauno Williams wrote:
> > > What do you do with clamav on a linux server?
> > You scan the server for malware.
> When? Every day via crontab? That can be much too late. Every hour? That can
> be much too late. Every 10 minutes? That can be much too late - and your
> server is busy scanning the file system.
Verses never??? That's just silly; your making perfect an obstacle of
the good. If it finds something then you KNOW you have a problem and
the time frame in which it occurred: you can then access and respond
and [potentially] notify. Verses what? No knowledge? The alternative
is to host the malware indefinitely in blissful ignorance - or until
someone else detects and reports your server.
CLAMAV, or any package, isn't THE answer, it is part of an answer. And
PCI/DSS requires a server be scanned on a regular basis. Fighting
against that directive just makes no sense. You should scan an entire
system on some interval regardless of OS.
> > The mantra "LINUX doesn't suffer from malware" is just bollocks. Lots
> > of malware is served from LINUX servers. Scanning a server for
> > signatures is just another way to proof (not prove) that a server has
> > not been compromised and that data accessed by the server is secure.
> > Which is what things like PCI/DSS is about - protecting the *data*.
> I never said "LINUX doesn't suffer from malware". But clamav itself is not
> able to scan in real time. Looks like dazuko has gotten a bit better, I don't
> know about clamuko. But by "just installing clamav, you gain nothing
> protection wise.
Yes, you gain the ability to detect a compromised server.
More information about the CentOS