[Last Call] Learn how to a build a cloud-first strategyRegister Now


Does The Compatible Linux/Ubuntu Anti-Virus Software Programs Able To Scan, Detect, And Quarantine Or Remove Malware (Like Viruses) Applicable To Windows? Actually, See My 2 Part Question Below.

Posted on 2012-03-21
Medium Priority
Last Modified: 2012-08-13
Hello. I have an important question to ask you applicable to anti-virus security software, anti-virus databases, and different operating systems.

Regarding anti-virus program that is compatible and applicable to Linux Ubuntu v.11.10 64-bit operating systems, for example the popular: ClamAV program or any third party Linux/Ubuntu compatible anti-virus programs -- does these Linux/Ubuntu compatible anti-virus program scan and check (and hopefully detect and remove/quarantine) for *ANY* malware (in this case, viruses) FOR *ANY* operating system (namely Windows) in its anti-virus databases... ...or *ONLY* the compatible operating system the  anti-virus program is intended for (in this case Linux/Ubuntu)? ...let me break this down into two further questions for depth of clarity; please answer these and I will understand:

1. Ubuntu/Linux scan and check *ITS OWN* (Linux Ubuntu) system drive for its own known viruses of course *AND FOR ANY WINDOWS* viruses the Linux/Ubuntu system drive may contain? (Keyword: "its own")

2. Ubuntu/Linux scan and check *OTHER* system drives (like Windows system drive when Linux/Ubuntu is shared on an accessible external hard drive on the SAME computer) for its own known viruses of course *AND FOR ANY WINDOWS* viruses? (Keyword: "other")    

I find this to be an EXCELLENT question for ALL OF US!!! For many of your experts, I am sure you KNOW the answer to these questions for the MANY of us who do NOT. I have talked to some IT savvy people and they did not truly know.

Please reply. Please explain in detail.

Thank you very much!
Question by:Bazingeroo
LVL 19

Assisted Solution

CoccoBill earned 400 total points
ID: 37751156
Since they are mainly used for mail/gateway/fileserver purposes, ClamAV and most AV systems available for Linux look for virus signatures for any operating system, although mainly Windows malware, since those are most abundant. The scans can be configured to check all disks on the system, but whether it can for example scan a Windows system drive depends on if it can read the filesystem it's on. Typically Windows systems reside on an NTFS filesystem, which is not natively supported by all Linux distributions.
LVL 10

Assisted Solution

by:Pierre François
Pierre François earned 300 total points
ID: 37751295
You have to see case by case with the different anti-virus softwares. I run a Linux filtering firewall (IPCop based) removing (mainly?) Windows virusses with ClamAV.

An interesting answer is given by the people of ClamTk in their FAQs:
Q. I thought Linux doesn't NEED antivirus protection!
A. You may not need it. Some Linux users like to scan files prior to sending them to users of other operating systems, though.
(see: http://clamtk.sourceforge.net/faq.html#doesn%27t_need_av)
LVL 10

Assisted Solution

by:Pierre François
Pierre François earned 300 total points
ID: 37751302
@CoccoBill: Ubuntu 11.10 supports natively NTFS file systems.
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

LVL 38

Accepted Solution

Rich Rumble earned 800 total points
ID: 37751873
ClamAV is far and away the most popular choice, although the other AV vendors do have gateway products as well as clients for Linux/Mac as well. ClamAV also has a windows client, nice and GUI too :) I've used ClamAV in conjunction with Squid proxies, and it is the AV that Barracuda email gateway appliances have used for almost a decade. ClamAV can scan windows NTFS, there are boot disc's (live CD's) that have been created to do this. Viri are all over, and some are using more universal languages like Java so that they can infect all 3 (apple/linux/windows) equally. Linux/Mac and now windows (only took 20 yrs) put you user account in a non-root/admin account by default which does help mitigate 90% of all virus issue.
LVL 65

Assisted Solution

btan earned 500 total points
ID: 37753116
There is no consensus on the signature id identifying even if the aware are of similar strain and family. This is regardless of os and why it make it even different is the os executable can be different but the signature of the aware payload is the same.even the aware want to stay interopetable to remain global rather than targeting only windows... Hence java get popular with those writer.
Looking at clam it is using md5 hash and that is easily update using stool and even yard that can do scanning room value add it. There are difference in available not because of os support but more of behaviour, heuristic and classifier schemes adopted. There is a MACE standard which is rightfully the best practice for available folks. Believe the major players are supporting it and it does go forward with interoperability of the scheme..at least they detect eicar. ..
Nonetheless, there is online virus scanners services like virustotal which probably are running them in different os by commanding so as not to conflict since not all available can co exist in same os... Multi av  is not simply to accommodate since all are hooking to os services...ideally they should be at hypervisor level like using unsa
LVL 65

Assisted Solution

btan earned 500 total points
ID: 37753126
Vmsafe apiece or Vmsafe appliance to co exist...just some thoughts

Author Closing Comment

ID: 37804701
@ CoccoBill, pfrancois, richrumble, & breadtan:

Hello. Nice to meet CoccoBill and richrumble! Nice to see you again, pfrancois and breadtan!

Thanks for all your comments. I have received some really great responses from this question I posted!

Now, let me look at the last responses by breadtan. I see your knowledge on this topic is extensive and overwhelming to comprehend for the average user. I follow your thoughts at times and then I lose your lead. Because of this loss of a simpler explanation, I am awarding you credit or a few of the ideas you clearly develop well. I am giving you 100 points for your first response which contains a lot of extrapolation and 25 points for your second response with a program solution – both comments receive Assisted Solution titles.

Next, I wish to discuss pfrancois. He explains his specific methodology how he utilizes programs to get the best solutions I may need. I absolutely appreciate that. I would like to ask you sometime how to setup the program assembly and where you retrieved your solution someday. Impressed! However, I did see very limited rationale or understanding to your specific methodology you provide in relation to my questions. I am going to give you 50 points for your first comment and 25 points for your significant second comment correction – both comments receive Assisted Solution.

CoccoBill and richrumble have supplied an well developed explanation in more practical terminology that I can appreciate more that are most applicable to the question of this thread I have asked. (Sorry breadtan, I tired to understand you. ;-) ) These two experts made me realize the answers I needed to know. However pfrancois corrected CoccoBill's comment which was reinforced to be factually true by pfrancois and richrumble regarding the Windows factor that I deem important to know the facts based on my questions. Therefore I am giving CoccoBill 100 points and the Assisted Solution. richrumble goes into some more topics in his comment I found significant he discusses that make richrumble's comment as the Accepted Solution and the remaining 200 points.

Again, thank you all very much!

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question