Web lists-archives.com

Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

On 3/10/19 1:33 PM, Mart van de Wege wrote:
deb <deb@xxxxxxxxxxxxxxxxxxx> writes:

Starting assumption: I do want to run A/V.

  * I get that it may actually INCREASE attack surface.

  * But I have Windows & Mac stuff going back and forth to Debian 9.8
and just want to check.
When you say going back and forth, do you mean over the network?

On Linux the best solution right now is clamav, which is not 100%. Is it
an option for you to run a network based solution, like an IDS?


Yes Mart.

Over the network.

4 files were found being passed by just one Windows machine, which was running a paid A/'V (actually 3 different A/Vs!). 2 were in emails.

I will push along the ClamAV path.

It has worked.

I have to figure out if it really does real-time detection [it says it does].

That would allow it to beat out Malwarebytes.

 * I will be using ClamAV.

   It *seems* little shaky, but it worked.

 * I will ask elsewhere if there are better options.

  * Companies I push #debian into will be doing at least ClamAV [ [IF]

   they have or will have networked Windows/Mac machines, or receive email.

   (and probably anyway).

 * I'm not interested in cloud-based solutions,

    where "suspect" files are sent to the "cloud".

    That, to me, seems the worst answer.

I'm not interested in listening to noise from Brian (defines curmudgeon),

trying to guess what evil agenda I am backing; and all of that other posturing

about just compile your own code; review every line first, and all all is well.

People pass crap around on mixed networks.

They do.

I *ALREADY* caught it.

re: apt solving all? I understand it recently had a long-time vulnerability itself...

Linux will get hit more as it gets more popular.

I want to be ahead of that however possible.

So thank you for a real answer Mart.

What a pile of chest-thumping on this.