Web lists-archives.com

Re: Group thoughts on: Anti-virus tools


On Sun, Mar 10, 2019 at 10:58:12AM -0400, deb wrote:
> Starting assumption: I do want to run A/V.
>  * I get that it may actually INCREASE attack surface.
>  * But I have Windows & Mac stuff going back and forth to Debian 9.8 and just want to check.
>  * (Clamscan already caught 4 things)

Ok. If it's the poison you want - we'll pour you a cup.

> a. What does the group suggest running on debian beyond
>     - chkrootkit

Thing was good like 15 years ago. The thing is - the world has moved,
chrootkit stayed the same.
Save yourself CPU cycles and do not install the thing.

>     - rkhunter

It's primary purpose - i.e. rootkit detection is severely lacking.
The thing has its uses as IDS and 'best practices auditor toolkit', but
that's it.

But if it's the IDS you need - there are tripwire and debsums.

>     - ClamAV

Can catch a Windoze virus or two. The intended purpose of clamav is to
sit on e-mail relay and scan the mail, which is does fulfill.

> b. Does the list keep a ~ "pinned" answer for these kinds of questions?

Not that I'm aware of. The thing is - instead of taking an insecure OS
and building assorted kludges (in the form of anti-virus) around it,
it's considered wise here to use a secure OS from the beginning.