# Anti-virus - is it needed??

## grofaz

Should I run some sort of anti-virus package ?

If yes, what's recommended ?

Thanks for advice.

----------

## slackline

You should set up decent firewalls (see gentoo docs and the gentoo wiki).

I've never suffered from any viruses, but if you do want to run one (which would definately be a good idea if your running mail servers) then there are a number out there.  Personally I'd recommend clamav which is in portage.

----------

## Paapaa

 *slack---line wrote:*   

> You should set up decent firewalls (see gentoo docs and the gentoo wiki).

 

Why? I think it is enough to make sure you only have those services listening to the ports which you really want. If you have nothing listeting, why would you need a firewall? And it is rarely necessary to block outgoing packets as there is so little viruses/malware for Linux. 

No, I don't use anti-virus.

----------

## UberLord

A good firewall also stops nasty icmp floods, stops port scanners and other such stuff.

----------

## JeliJami

 *slack---line wrote:*   

> You should set up decent firewalls (see gentoo docs and the gentoo wiki).
> 
> I've never suffered from any viruses, but if you do want to run one (which would definately be a good idea if your running mail servers) then there are a number out there.  Personally I'd recommend clamav which is in portage.

 

Not only on mail servers!

I bet you forward mails every now and then?

Maybe you get a virus infected mail from a windows user. Your gentoo box won't suffer from it. Nice.

Because the mail contains a great joke, you forward it to another windows user, infecting that user's PC.

If you don't run an antivirus tool, you'll infect someone someday  :Sad: 

----------

## slackline

 *Quote:*   

> Maybe you get a virus infected mail from a windows user. Your gentoo box won't suffer from it. Nice.
> 
> Because the mail contains a great joke, you forward it to another windows user, infecting that user's PC.
> 
> If you don't run an antivirus tool, you'll infect someone someday 

 

v.good point, although people shouldn't expect to be protected through others actions and should therefore use sufficent measures to protect themselves, which therefore implicity help prevent the spread of viruses.

(although the majority of viruses tend to be imbedded in certain types of attachments which I personally am wary of forwarding)

----------

## JeliJami

 *slack---line wrote:*   

> v.good point, although people shouldn't expect to be protected through others actions and should therefore use sufficent measures to protect themselves, which therefore implicity help prevent the spread of viruses.
> 
> 

 

requote: and should therefore use sufficent measures to protect themselves, like removing Windows from their systems and installing a decent OS  :Very Happy: 

----------

## P3SM

Just checked out this thread and it triggered my interest! I've never had any problems with viruses on my Linux systems (so far...   :Confused: ) but I do run a decent firewall (shorewall).

I suppose as the user base of Linux keeps expanding, malicious users will show up as well....   :Sad: 

Are there any anti-virus tools you guys could recommend?

Cheers, P3SM

----------

## AllenJB

I've never had any problems with linux viruses, but do yuo want to be caught in the first big wave? One day there will, in my opinion, undoubtedly be one. I keep an up-to-date antivirus so that I hopefully won't be caught  up in it. Keeping an up-to-date antivirus on linux will also protect you from accidentally passing on viruses to Windows users.

----------

## PMcCauley

 *grofaz wrote:*   

> Should I run some sort of anti-virus package ?
> 
> If yes, what's recommended ?
> 
> Thanks for advice.

 

For a mail server or a file server where there are windows clients I would install an antivirus so as to protect your windows clients.

Patrick

----------

## slackline

 *P3SM wrote:*   

> 
> 
> Are there any anti-virus tools you guys could recommend?
> 
> 

 

Already gave my recomendationfor AV software

----------

## P3SM

slack---line wrote:

 *Quote:*   

> Personally I'd recommend clamav which is in portage

 

You're right! I missed it!

Thanks, I'll be checking that out!

----------

## dkostic

I'm not running a mail server and I'm the only user of both of my machines.  Can anybody think of a reason I would need AV software?  (I do use p2p programs, but I imagine whatever malware comes over them is targeted at Micro$oft systems, and thus would be inoperable on a Linux machine.)  Sorry for the newb-ish question!

----------

## loki99

 *dkostic wrote:*   

> I'm not running a mail server and I'm the only user of both of my machines.  Can anybody think of a reason I would need AV software?  (I do use p2p programs, but I imagine whatever malware comes over them is targeted at Micro$oft systems, and thus would be inoperable on a Linux machine.)  Sorry for the newb-ish question!

 

The only reason I can think of, is the one mentioned by davjel above:

 *Quote:*   

> Maybe you get a virus infected mail from a windows user. Your gentoo box won't suffer from it. Nice.
> 
> Because the mail contains a great joke, you forward it to another windows user, infecting that user's PC. 

 

Personally, I never used one with Linux though.

----------

## dkostic

 *Quote:*   

> Maybe you get a virus infected mail from a windows user. Your gentoo box won't suffer from it. Nice.
> 
> Because the mail contains a great joke, you forward it to another windows user, infecting that user's PC. 

 

This is possible.  But if so, the joke is on him; get a better OS!   :Twisted Evil: 

 *Quote:*   

> Personally, I never used one with Linux though.

 

Nor have I.  For the record, it's good to install some good rootkit software.  rkhunter and chkrootkit are popular ones both available through Portage.  I use rkhunter, although I can't really vouch for its effectiveness as it's never turned up a rootkit  :Cool:  .

----------

## symbol

Hello, I have recently been infected by the die-hard virus (as vgen) on my windows partition. I (used to) auto mount xp on boot and somehow this virus affected firefox on linux e.g. pinched passwords etc.. I have an active virus scanner on xp that did not  detect diehard that had attached itself to hiberfil.sys, which is the file that handles hibernation in xp and can't be deleted unless  hibernation is de-activated, then windows rebooted and the file disappears (along with the virus). I knew something was wrong but what? so i scanned my xp partition with clamav and it detected the infected file and i could then fix the problem. YAY for clamav and Linux. Both helped me where xp and my virus scanner failed. Go Clamav!

Symbol

----------

## RlC

 *slack---line wrote:*   

> You should set up decent firewalls (see gentoo docs and the gentoo wiki).

 

i am behind a router... should i also set up a firewall?

----------

## P3SM

If the router is a DSL router they normally also contain firewall functionality and have the possibility to block/open ports and sometimes are even statefull.

It all depends on what your situation is. If there is just a single box behind the router/firewall it's a perfect set-up.

If you want to run a server next to a number of workstations you might want to forward all incoming traffic to the server and block everything on the router (towards the workstations) and then run a dedicated firewall on the server itself (e.g. shorewall or something similar) to control access and ports on the server.

Cheers, P3SM

----------

## Clansman

I agree that the antivirus, especially in relays, isn't meant to protect the linux users, but the windows people. The ability to stop spreading virus and trojans and such, very convenient in relays, means much more than happier users.

clamav is widely used and aparently scales well.

Cheers,

----------

