[CentOS] Antivirus for CentOS? (yuck!)

Adam Tauno Williams awilliam at whitemice.org
Thu Jan 22 19:01:26 UTC 2009


> Adam Tauno Williams wrote:
> > > 1. Has anyone here gone though such a procedure and got good arguments
> > > against the need for anti-virus?
> > There is no good argument against running malware detection on any
> > sever.
> > > 2. Alternatively - what linux anti-virus (oh, the shame of typing this
> > > word combination :() do you use which doesn't affect our systems
> > > performance too much.
> > CLAMAV works well.
> What do you do with clamav on a linux server? 

You scan the server for malware.  

There is nothing special about LINUX here.  The whole "don't run
services as root" business is just so much noise.  It isn't about
protecting the *server* it is about protecting the *data* which is
accesses [hopefully] by services which are *not* root.  It is about the
data and the clients that connect to the server.   

I've seen CLAMAV find malware on web servers (maybe it isn't common...
because no one is checking).  Someone's crappy PHP code [is there any
other kind?] allows malware to get injected into, and served, from the
server.  No root access anywhere, or required.  It isn't about
protecting the OS or the system, it is about protecting the data, the
applications [from exploit], and the end-users [so the server isn't an
attack vector].   Assuming none of the services on you server can be
exploited is just wrong headed;  and the exploiter does not need to
"own" the server (aka have root) in order to do mischief.   Access to
your data is probably more valuable than whacking your server.

The mantra "LINUX doesn't suffer from malware" is just bollocks.  Lots
of malware is served from LINUX servers.   Scanning a server for
signatures is just another way to proof (not prove) that a server has
not been compromised and that data accessed by the server is secure.
Which is what things like PCI/DSS is about - protecting the *data*. 

>  What do you think it protects you against on a linux server? 

"against a linux server?" ?





More information about the CentOS mailing list