[CentOS] Antivirus for CentOS? (yuck!)

Thu Jan 22 13:05:58 UTC 2009
Anne Wilson <cannewilson at googlemail.com>

On Thursday 22 January 2009 12:46:46 Craig White wrote:
> On Thu, 2009-01-22 at 12:16 +0000, Anne Wilson wrote:
> > On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote:
> > > What do you do with clamav on a linux server? Especially: How is it run
> > > by you? What do you think it protects you against on a linux server?
> >
> > 1 - it protects you against passing on any windows viruses to windows
> > users 2 - it satisfied those auditors who can't think beyond what they
> > have been told, especially if you have log proof.  Logwatch's daily
> > report:
> >
> >  --------------------- clam-update Begin ------------------------
> >
> >  Last ClamAV update process started at Wed Jan 21 04:02:23 2009
> >
> >  Last Status:
> >     main.cvd is up to date (version: 49, sigs: 437972, f-level: 35,
> > builder: sven)
> >     daily.cld is up to date (version: 8881, sigs: 56877, f-level: 38,
> > builder: ccordes)
> >
> >  ---------------------- clam-update End -------------------------
> >
> >
> >  --------------------- Clamav Begin ------------------------
> >
> >
> >  **Unmatched Entries**
> >  Database correctly reloaded (936952 signatures)
> >
> >  ---------------------- Clamav End -------------------------
> >
> > That should satisfy and auditor.
>
> ----
> the above suggests that clamav signature files were updated and the
> database reloaded but nowhere does it suggest that any scanning of the
> file system occurred nor the output of such scanning which probably
> never occurred. What you have demonstrated is a gymnastic exercise which
> accomplishes little. clamd might be able to do something useful but it
> is not indicated above.
>
True.  As I have no windows boxes on the LAN I only run it manually, and it 
wasn't done on the day that that reported.  The one area that I am vulnerable 
to is email-borne viruses, and since I am not serving those to windows boxes 
it is only out of curiosity that I need clamav.

I'm sure there are plenty of people that can give Ralph detailed information 
about using it efficiently.  I was merely demonstrating how easy it is to show 
that you keep the database up to date.  You are quite right,of course, they 
will want to see evidence that it is scanning as well.

Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20090122/9756c440/attachment-0005.sig>