Does The Compatible Linux/Ubuntu Anti-Virus Software Programs Able To Scan, Detect, And Quarantine Or Remove Malware (Like Viruses) Applicable To Windows? Actually, See My 2 Part Question Below.

Posted on 2012-03-21
Medium Priority
Last Modified: 2012-08-13
Hello. I have an important question to ask you applicable to anti-virus security software, anti-virus databases, and different operating systems.

Regarding anti-virus program that is compatible and applicable to Linux Ubuntu v.11.10 64-bit operating systems, for example the popular: ClamAV program or any third party Linux/Ubuntu compatible anti-virus programs -- does these Linux/Ubuntu compatible anti-virus program scan and check (and hopefully detect and remove/quarantine) for *ANY* malware (in this case, viruses) FOR *ANY* operating system (namely Windows) in its anti-virus databases... ...or *ONLY* the compatible operating system the  anti-virus program is intended for (in this case Linux/Ubuntu)? ...let me break this down into two further questions for depth of clarity; please answer these and I will understand:

1. Ubuntu/Linux scan and check *ITS OWN* (Linux Ubuntu) system drive for its own known viruses of course *AND FOR ANY WINDOWS* viruses the Linux/Ubuntu system drive may contain? (Keyword: "its own")

2. Ubuntu/Linux scan and check *OTHER* system drives (like Windows system drive when Linux/Ubuntu is shared on an accessible external hard drive on the SAME computer) for its own known viruses of course *AND FOR ANY WINDOWS* viruses? (Keyword: "other")    

I find this to be an EXCELLENT question for ALL OF US!!! For many of your experts, I am sure you KNOW the answer to these questions for the MANY of us who do NOT. I have talked to some IT savvy people and they did not truly know.

Please reply. Please explain in detail.

Thank you very much!
Question by:Bazingeroo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 19

Assisted Solution

CoccoBill earned 400 total points
ID: 37751156
Since they are mainly used for mail/gateway/fileserver purposes, ClamAV and most AV systems available for Linux look for virus signatures for any operating system, although mainly Windows malware, since those are most abundant. The scans can be configured to check all disks on the system, but whether it can for example scan a Windows system drive depends on if it can read the filesystem it's on. Typically Windows systems reside on an NTFS filesystem, which is not natively supported by all Linux distributions.
LVL 10

Assisted Solution

pfrancois earned 300 total points
ID: 37751295
You have to see case by case with the different anti-virus softwares. I run a Linux filtering firewall (IPCop based) removing (mainly?) Windows virusses with ClamAV.

An interesting answer is given by the people of ClamTk in their FAQs:
Q. I thought Linux doesn't NEED antivirus protection!
A. You may not need it. Some Linux users like to scan files prior to sending them to users of other operating systems, though.
(see: http://clamtk.sourceforge.net/faq.html#doesn%27t_need_av)
LVL 10

Assisted Solution

pfrancois earned 300 total points
ID: 37751302
@CoccoBill: Ubuntu 11.10 supports natively NTFS file systems.
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

LVL 38

Accepted Solution

Rich Rumble earned 800 total points
ID: 37751873
ClamAV is far and away the most popular choice, although the other AV vendors do have gateway products as well as clients for Linux/Mac as well. ClamAV also has a windows client, nice and GUI too :) I've used ClamAV in conjunction with Squid proxies, and it is the AV that Barracuda email gateway appliances have used for almost a decade. ClamAV can scan windows NTFS, there are boot disc's (live CD's) that have been created to do this. Viri are all over, and some are using more universal languages like Java so that they can infect all 3 (apple/linux/windows) equally. Linux/Mac and now windows (only took 20 yrs) put you user account in a non-root/admin account by default which does help mitigate 90% of all virus issue.
LVL 64

Assisted Solution

btan earned 500 total points
ID: 37753116
There is no consensus on the signature id identifying even if the aware are of similar strain and family. This is regardless of os and why it make it even different is the os executable can be different but the signature of the aware payload is the same.even the aware want to stay interopetable to remain global rather than targeting only windows... Hence java get popular with those writer.
Looking at clam it is using md5 hash and that is easily update using stool and even yard that can do scanning room value add it. There are difference in available not because of os support but more of behaviour, heuristic and classifier schemes adopted. There is a MACE standard which is rightfully the best practice for available folks. Believe the major players are supporting it and it does go forward with interoperability of the scheme..at least they detect eicar. ..
Nonetheless, there is online virus scanners services like virustotal which probably are running them in different os by commanding so as not to conflict since not all available can co exist in same os... Multi av  is not simply to accommodate since all are hooking to os services...ideally they should be at hypervisor level like using unsa
LVL 64

Assisted Solution

btan earned 500 total points
ID: 37753126
Vmsafe apiece or Vmsafe appliance to co exist...just some thoughts

Author Closing Comment

ID: 37804701
@ CoccoBill, pfrancois, richrumble, & breadtan:

Hello. Nice to meet CoccoBill and richrumble! Nice to see you again, pfrancois and breadtan!

Thanks for all your comments. I have received some really great responses from this question I posted!

Now, let me look at the last responses by breadtan. I see your knowledge on this topic is extensive and overwhelming to comprehend for the average user. I follow your thoughts at times and then I lose your lead. Because of this loss of a simpler explanation, I am awarding you credit or a few of the ideas you clearly develop well. I am giving you 100 points for your first response which contains a lot of extrapolation and 25 points for your second response with a program solution – both comments receive Assisted Solution titles.

Next, I wish to discuss pfrancois. He explains his specific methodology how he utilizes programs to get the best solutions I may need. I absolutely appreciate that. I would like to ask you sometime how to setup the program assembly and where you retrieved your solution someday. Impressed! However, I did see very limited rationale or understanding to your specific methodology you provide in relation to my questions. I am going to give you 50 points for your first comment and 25 points for your significant second comment correction – both comments receive Assisted Solution.

CoccoBill and richrumble have supplied an well developed explanation in more practical terminology that I can appreciate more that are most applicable to the question of this thread I have asked. (Sorry breadtan, I tired to understand you. ;-) ) These two experts made me realize the answers I needed to know. However pfrancois corrected CoccoBill's comment which was reinforced to be factually true by pfrancois and richrumble regarding the Windows factor that I deem important to know the facts based on my questions. Therefore I am giving CoccoBill 100 points and the Assisted Solution. richrumble goes into some more topics in his comment I found significant he discusses that make richrumble's comment as the Accepted Solution and the remaining 200 points.

Again, thank you all very much!

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question