[Discuss] Cross platform Anti-Virus/Anti-Malware

[me at mattgillen.net (Matthew Gillen)]

On 05/29/2015 10:06 AM, Matt Shields wrote:
> I'm fishing for what others are using for anti-virus/anti-malware on their
> Windows and Linux servers.  Both commercial and open-source is an option.

I had some bad experiences with McAfee for linux
(http://www.mcafee.com/us/products/virusscan-enterprise-for-linux.aspx).
 When the thing does periodic scans, it gives itself the highest
priority on the box, effectively shutting down everything else that
machine was doing.  Which is exactly what I am looking for in an
anti-virus product....

Also, the interface is just awful.  There is no way to tell it to scan a
single file (e.g. something suspicious you just downloaded); you instead
have to set up a 'job' that scans a particular directory (your
quarantine dir), and you can run that job on-demand.

Finally, probably not relevant to most people, there is no "stream"
interface; i.e, scan a stream of bytes without actually writing anything
to the filesystem.

ClamAV solves both issues: single-file on-demand scans and an
in-memory/stream interface.  Unfortunately it doesn't detect a whole
lot.  I periodically save off obviously malicious spam in a sandbox VM
just to see what ClamAV comes up with.  Almost never flags anything.

Which isn't surprising, signature-base virus scanning is a losing
proposition in this day and age.

W.r.t. anti-malware, rootkit-hunter is a bare minimum you might want to
look at.  I think there are windows equivalents.

HTH,
Matt