# antivirus for Linux network ?

## taskara

Hi,

I am helping a school change over from windows to Linux on both the desktop and servers.

I guess there are proably around 200 - 300 computers ?

I am looking for an anti-virus solution.

Obviously an open-source solution will be easier on the wallet, but I am happy to pay for a solution.

I have found 

http://www.ravantivirus.com/

http://www.bitdefender.com

http://www.centralcommand.com

I know there were a few open source projects out there... anyone know how these are progressing? got any names or links for these?

any infomation would really be very much appreciated.

Cheers,

Chris

----------

## jonnevers

There is also clam av, there is an ebuild for it.

Freshclam keeps it updated, It works well, I get a log emailed to me daily on its outut.

http://clamav.elektrapro.com/

----------

## taskara

that looks very interesting.. I'll play with it at home and see how it goes.

hmm I'll have to find some viruses to test it out with ..!

thanks heaps, I'll post what I find  :Smile: 

cheers

----------

## Tuppu

It is safer if you use EICAR instead of real virus.

Take a look here http://www.rexswain.com/eicar.html

----------

## taskara

cool thanks  :Smile:  I'll give it a go

----------

## mst

If you are looking for a commercial product, my recommendations definitely go to RAV. It works perfectly and has excellent support team. Otherwise I heard good things about clamav.

----------

## taskara

great, thanks!! I'll prob end up giving them both a try  :Smile: 

----------

## cschwede

Hi everyone,

RAV isnt support for new customers anymore, because GeCAD (the RAV vendor) is owned by Microsoft now. Look here: http://securityadvisor.info/doc/12610

ClamAV isn't a good solution, because the virus database is VERY small - about 7900 viruses in DB, while commercial scanners contain about 80.000. Anyway, it does a good job, but there are a lot of viruses not known. 

I really recommend a good commercial solution like F-Prot or Sophos if you want to be on (more) secured against viruses.

My personal experience is with ClamAV and F-Prot - ClamAV runs first, then F-Prot. And yes, there are a lot of viruses not found by ClamAV, specially older ones.

Have a nice day, Christian

----------

## taskara

hey thanks Christian, that's great advice...

I have used sophos under windows.. hmmm it requires more testing and more thinking..

cheers

----------

## kerframil

Hi, I can recommend net-mail/f-prot. As the following output shows, it has a very comprehensive virus signature database and the product has a strong pedigree.

```
SIGN.DEF created 6. August 2003

SIGN2.DEF created 6. August 2003

MACRO.DEF created 4. August 2003

DOS/Windows: 25503 viruses and 35496 Trojans

Word/Excel: 7934 viruses and Trojans

Java: 2 viruses and 121 Trojans

BAT: 2039 viruses and Trojans

IRC INI: 1148 viruses and Trojans

Script: 3487 viruses and Trojans

INF: 5 viruses and Trojans

Unix shell: 221 viruses and Trojans

Ami: 2 viruses and Trojans

WinBat: 4 viruses and Trojans

PIF: 19 viruses and Trojans

PalmOS: 4 viruses and Trojans

PHP: 10 viruses and Trojans

Unix: 256 viruses and Trojans

In addition, over 14500 viruses are identified using

generic identification, so the total number of viruses

and Trojans known to F-PROT is somewhere over 90700.
```

It is a command-line utility which you could easily incorporate into some scripts to harden your network. Furthermore, it can be very easily integrated into qmail with net-mail/qmail-scanner which also supports other methods of filtering messages (such as vetoing certain types of file attachments, or by matching certain criteria in the headers). A nice script (check-updates.sh) is provided which will update the signature database.

----------

## taskara

great! thanks heaps for your input... I'll check it out too!

----------

## Liathus

mcafee makes a product called uvscan that works in linux... of course its commercial as well.

----------

