[Discuss] Cross platform Anti-Virus/Anti-Malware
Matthew Gillen
me at mattgillen.net
Mon Jun 1 12:03:22 EDT 2015
On 05/29/2015 10:06 AM, Matt Shields wrote:
> I'm fishing for what others are using for anti-virus/anti-malware on their
> Windows and Linux servers. Both commercial and open-source is an option.
I had some bad experiences with McAfee for linux
(http://www.mcafee.com/us/products/virusscan-enterprise-for-linux.aspx).
When the thing does periodic scans, it gives itself the highest
priority on the box, effectively shutting down everything else that
machine was doing. Which is exactly what I am looking for in an
anti-virus product....
Also, the interface is just awful. There is no way to tell it to scan a
single file (e.g. something suspicious you just downloaded); you instead
have to set up a 'job' that scans a particular directory (your
quarantine dir), and you can run that job on-demand.
Finally, probably not relevant to most people, there is no "stream"
interface; i.e, scan a stream of bytes without actually writing anything
to the filesystem.
ClamAV solves both issues: single-file on-demand scans and an
in-memory/stream interface. Unfortunately it doesn't detect a whole
lot. I periodically save off obviously malicious spam in a sandbox VM
just to see what ClamAV comes up with. Almost never flags anything.
Which isn't surprising, signature-base virus scanning is a losing
proposition in this day and age.
W.r.t. anti-malware, rootkit-hunter is a bare minimum you might want to
look at. I think there are windows equivalents.
HTH,
Matt
More information about the Discuss
mailing list