[CentOS] Antivirus for CentOS? (yuck!)

Adam Tauno Williams awilliam at whitemice.org
Thu Jan 22 20:55:11 UTC 2009


On Thu, 2009-01-22 at 21:24 +0100, Ralph Angenendt wrote:
> Adam Tauno Williams wrote:
> > > What do you do with clamav on a linux server? 
> > You scan the server for malware.  
> When? Every day via crontab? That can be much too late. Every hour? That can
> be much too late. Every 10 minutes? That can be much too late - and your 
> server is busy scanning the file system.

Verses never???  That's just silly;  your making perfect an obstacle of
the good.  If it finds something then you KNOW you have a problem and
the time frame in which it occurred:  you can then access and respond
and [potentially] notify.  Verses what?  No knowledge?  The alternative
is to host the malware indefinitely in blissful ignorance - or until
someone else detects and reports your server.

CLAMAV, or any package, isn't THE answer, it is part of an answer.  And
PCI/DSS requires a server be scanned on a regular basis.  Fighting
against that directive just makes no sense.  You should scan an entire
system on some interval regardless of OS.

> > The mantra "LINUX doesn't suffer from malware" is just bollocks.  Lots
> > of malware is served from LINUX servers.   Scanning a server for
> > signatures is just another way to proof (not prove) that a server has
> > not been compromised and that data accessed by the server is secure.
> > Which is what things like PCI/DSS is about - protecting the *data*. 
> I never said "LINUX doesn't suffer from malware". But clamav itself is not
> able to scan in real time. Looks like dazuko has gotten a bit better, I don't
> know about clamuko. But by "just installing clamav, you gain nothing 
> protection wise.

Yes, you gain the ability to detect a compromised server.



More information about the CentOS mailing list