Solved

Does The Compatible Linux/Ubuntu Anti-Virus Software Programs Able To Scan, Detect, And Quarantine Or Remove Malware (Like Viruses) Applicable To Windows? Actually, See My 2 Part Question Below.

Posted on 2012-03-21
7
837 Views
Last Modified: 2012-08-13
Hello. I have an important question to ask you applicable to anti-virus security software, anti-virus databases, and different operating systems.

Regarding anti-virus program that is compatible and applicable to Linux Ubuntu v.11.10 64-bit operating systems, for example the popular: ClamAV program or any third party Linux/Ubuntu compatible anti-virus programs -- does these Linux/Ubuntu compatible anti-virus program scan and check (and hopefully detect and remove/quarantine) for *ANY* malware (in this case, viruses) FOR *ANY* operating system (namely Windows) in its anti-virus databases... ...or *ONLY* the compatible operating system the  anti-virus program is intended for (in this case Linux/Ubuntu)? ...let me break this down into two further questions for depth of clarity; please answer these and I will understand:

1. Ubuntu/Linux scan and check *ITS OWN* (Linux Ubuntu) system drive for its own known viruses of course *AND FOR ANY WINDOWS* viruses the Linux/Ubuntu system drive may contain? (Keyword: "its own")

2. Ubuntu/Linux scan and check *OTHER* system drives (like Windows system drive when Linux/Ubuntu is shared on an accessible external hard drive on the SAME computer) for its own known viruses of course *AND FOR ANY WINDOWS* viruses? (Keyword: "other")    

I find this to be an EXCELLENT question for ALL OF US!!! For many of your experts, I am sure you KNOW the answer to these questions for the MANY of us who do NOT. I have talked to some IT savvy people and they did not truly know.

Please reply. Please explain in detail.

Thank you very much!
0
Comment
Question by:Bazingeroo
7 Comments
 
LVL 19

Assisted Solution

by:CoccoBill
CoccoBill earned 100 total points
Comment Utility
Since they are mainly used for mail/gateway/fileserver purposes, ClamAV and most AV systems available for Linux look for virus signatures for any operating system, although mainly Windows malware, since those are most abundant. The scans can be configured to check all disks on the system, but whether it can for example scan a Windows system drive depends on if it can read the filesystem it's on. Typically Windows systems reside on an NTFS filesystem, which is not natively supported by all Linux distributions.
0
 
LVL 10

Assisted Solution

by:pfrancois
pfrancois earned 75 total points
Comment Utility
You have to see case by case with the different anti-virus softwares. I run a Linux filtering firewall (IPCop based) removing (mainly?) Windows virusses with ClamAV.

An interesting answer is given by the people of ClamTk in their FAQs:
Q. I thought Linux doesn't NEED antivirus protection!
A. You may not need it. Some Linux users like to scan files prior to sending them to users of other operating systems, though.
(see: http://clamtk.sourceforge.net/faq.html#doesn%27t_need_av)
0
 
LVL 10

Assisted Solution

by:pfrancois
pfrancois earned 75 total points
Comment Utility
@CoccoBill: Ubuntu 11.10 supports natively NTFS file systems.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 38

Accepted Solution

by:
Rich Rumble earned 200 total points
Comment Utility
ClamAV is far and away the most popular choice, although the other AV vendors do have gateway products as well as clients for Linux/Mac as well. ClamAV also has a windows client, nice and GUI too :) I've used ClamAV in conjunction with Squid proxies, and it is the AV that Barracuda email gateway appliances have used for almost a decade. ClamAV can scan windows NTFS, there are boot disc's (live CD's) that have been created to do this. Viri are all over, and some are using more universal languages like Java so that they can infect all 3 (apple/linux/windows) equally. Linux/Mac and now windows (only took 20 yrs) put you user account in a non-root/admin account by default which does help mitigate 90% of all virus issue.
-rich
0
 
LVL 61

Assisted Solution

by:btan
btan earned 125 total points
Comment Utility
There is no consensus on the signature id identifying even if the aware are of similar strain and family. This is regardless of os and why it make it even different is the os executable can be different but the signature of the aware payload is the same.even the aware want to stay interopetable to remain global rather than targeting only windows... Hence java get popular with those writer.
Looking at clam it is using md5 hash and that is easily update using stool and even yard that can do scanning room value add it. There are difference in available not because of os support but more of behaviour, heuristic and classifier schemes adopted. There is a MACE standard which is rightfully the best practice for available folks. Believe the major players are supporting it and it does go forward with interoperability of the scheme..at least they detect eicar. ..
Nonetheless, there is online virus scanners services like virustotal which probably are running them in different os by commanding so as not to conflict since not all available can co exist in same os... Multi av  is not simply to accommodate since all are hooking to os services...ideally they should be at hypervisor level like using unsa
0
 
LVL 61

Assisted Solution

by:btan
btan earned 125 total points
Comment Utility
Vmsafe apiece or Vmsafe appliance to co exist...just some thoughts
0
 

Author Closing Comment

by:Bazingeroo
Comment Utility
@ CoccoBill, pfrancois, richrumble, & breadtan:

Hello. Nice to meet CoccoBill and richrumble! Nice to see you again, pfrancois and breadtan!

Thanks for all your comments. I have received some really great responses from this question I posted!

Now, let me look at the last responses by breadtan. I see your knowledge on this topic is extensive and overwhelming to comprehend for the average user. I follow your thoughts at times and then I lose your lead. Because of this loss of a simpler explanation, I am awarding you credit or a few of the ideas you clearly develop well. I am giving you 100 points for your first response which contains a lot of extrapolation and 25 points for your second response with a program solution – both comments receive Assisted Solution titles.

Next, I wish to discuss pfrancois. He explains his specific methodology how he utilizes programs to get the best solutions I may need. I absolutely appreciate that. I would like to ask you sometime how to setup the program assembly and where you retrieved your solution someday. Impressed! However, I did see very limited rationale or understanding to your specific methodology you provide in relation to my questions. I am going to give you 50 points for your first comment and 25 points for your significant second comment correction – both comments receive Assisted Solution.

CoccoBill and richrumble have supplied an well developed explanation in more practical terminology that I can appreciate more that are most applicable to the question of this thread I have asked. (Sorry breadtan, I tired to understand you. ;-) ) These two experts made me realize the answers I needed to know. However pfrancois corrected CoccoBill's comment which was reinforced to be factually true by pfrancois and richrumble regarding the Windows factor that I deem important to know the facts based on my questions. Therefore I am giving CoccoBill 100 points and the Assisted Solution. richrumble goes into some more topics in his comment I found significant he discusses that make richrumble's comment as the Accepted Solution and the remaining 200 points.

Again, thank you all very much!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now