Re: Group thoughts on: Anti-virus tools
- Date: Sun, 10 Mar 2019 18:20:52 +0300
- From: Reco <recoverym4n@xxxxxxxxxxxx>
- Subject: Re: Group thoughts on: Anti-virus tools
On Sun, Mar 10, 2019 at 10:58:12AM -0400, deb wrote:
> Starting assumption: I do want to run A/V.
> * I get that it may actually INCREASE attack surface.
> * But I have Windows & Mac stuff going back and forth to Debian 9.8 and just want to check.
> * (Clamscan already caught 4 things)
Ok. If it's the poison you want - we'll pour you a cup.
> a. What does the group suggest running on debian beyond
> - chkrootkit
Thing was good like 15 years ago. The thing is - the world has moved,
chrootkit stayed the same.
Save yourself CPU cycles and do not install the thing.
> - rkhunter
It's primary purpose - i.e. rootkit detection is severely lacking.
The thing has its uses as IDS and 'best practices auditor toolkit', but
But if it's the IDS you need - there are tripwire and debsums.
> - ClamAV
Can catch a Windoze virus or two. The intended purpose of clamav is to
sit on e-mail relay and scan the mail, which is does fulfill.
> b. Does the list keep a ~ "pinned" answer for these kinds of questions?
Not that I'm aware of. The thing is - instead of taking an insecure OS
and building assorted kludges (in the form of anti-virus) around it,
it's considered wise here to use a secure OS from the beginning.