Does The Compatible Linux/Ubuntu Anti-Virus Software Programs Able To Scan, Detect, And Quarantine Or Remove Malware (Like Viruses) Applicable To Windows? Actually, See My 2 Part Question Below.

Hello. I have an important question to ask you applicable to anti-virus security software, anti-virus databases, and different operating systems.

Regarding anti-virus program that is compatible and applicable to Linux Ubuntu v.11.10 64-bit operating systems, for example the popular: ClamAV program or any third party Linux/Ubuntu compatible anti-virus programs -- does these Linux/Ubuntu compatible anti-virus program scan and check (and hopefully detect and remove/quarantine) for *ANY* malware (in this case, viruses) FOR *ANY* operating system (namely Windows) in its anti-virus databases... ...or *ONLY* the compatible operating system the  anti-virus program is intended for (in this case Linux/Ubuntu)? ...let me break this down into two further questions for depth of clarity; please answer these and I will understand:

1. Ubuntu/Linux scan and check *ITS OWN* (Linux Ubuntu) system drive for its own known viruses of course *AND FOR ANY WINDOWS* viruses the Linux/Ubuntu system drive may contain? (Keyword: "its own")

2. Ubuntu/Linux scan and check *OTHER* system drives (like Windows system drive when Linux/Ubuntu is shared on an accessible external hard drive on the SAME computer) for its own known viruses of course *AND FOR ANY WINDOWS* viruses? (Keyword: "other")    

I find this to be an EXCELLENT question for ALL OF US!!! For many of your experts, I am sure you KNOW the answer to these questions for the MANY of us who do NOT. I have talked to some IT savvy people and they did not truly know.

Please reply. Please explain in detail.

Thank you very much!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Since they are mainly used for mail/gateway/fileserver purposes, ClamAV and most AV systems available for Linux look for virus signatures for any operating system, although mainly Windows malware, since those are most abundant. The scans can be configured to check all disks on the system, but whether it can for example scan a Windows system drive depends on if it can read the filesystem it's on. Typically Windows systems reside on an NTFS filesystem, which is not natively supported by all Linux distributions.
Pierre FrançoisSenior consultantCommented:
You have to see case by case with the different anti-virus softwares. I run a Linux filtering firewall (IPCop based) removing (mainly?) Windows virusses with ClamAV.

An interesting answer is given by the people of ClamTk in their FAQs:
Q. I thought Linux doesn't NEED antivirus protection!
A. You may not need it. Some Linux users like to scan files prior to sending them to users of other operating systems, though.
Pierre FrançoisSenior consultantCommented:
@CoccoBill: Ubuntu 11.10 supports natively NTFS file systems.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Rich RumbleSecurity SamuraiCommented:
ClamAV is far and away the most popular choice, although the other AV vendors do have gateway products as well as clients for Linux/Mac as well. ClamAV also has a windows client, nice and GUI too :) I've used ClamAV in conjunction with Squid proxies, and it is the AV that Barracuda email gateway appliances have used for almost a decade. ClamAV can scan windows NTFS, there are boot disc's (live CD's) that have been created to do this. Viri are all over, and some are using more universal languages like Java so that they can infect all 3 (apple/linux/windows) equally. Linux/Mac and now windows (only took 20 yrs) put you user account in a non-root/admin account by default which does help mitigate 90% of all virus issue.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
There is no consensus on the signature id identifying even if the aware are of similar strain and family. This is regardless of os and why it make it even different is the os executable can be different but the signature of the aware payload is the same.even the aware want to stay interopetable to remain global rather than targeting only windows... Hence java get popular with those writer.
Looking at clam it is using md5 hash and that is easily update using stool and even yard that can do scanning room value add it. There are difference in available not because of os support but more of behaviour, heuristic and classifier schemes adopted. There is a MACE standard which is rightfully the best practice for available folks. Believe the major players are supporting it and it does go forward with interoperability of the least they detect eicar. ..
Nonetheless, there is online virus scanners services like virustotal which probably are running them in different os by commanding so as not to conflict since not all available can co exist in same os... Multi av  is not simply to accommodate since all are hooking to os services...ideally they should be at hypervisor level like using unsa
btanExec ConsultantCommented:
Vmsafe apiece or Vmsafe appliance to co exist...just some thoughts
BazingerooAuthor Commented:
@ CoccoBill, pfrancois, richrumble, & breadtan:

Hello. Nice to meet CoccoBill and richrumble! Nice to see you again, pfrancois and breadtan!

Thanks for all your comments. I have received some really great responses from this question I posted!

Now, let me look at the last responses by breadtan. I see your knowledge on this topic is extensive and overwhelming to comprehend for the average user. I follow your thoughts at times and then I lose your lead. Because of this loss of a simpler explanation, I am awarding you credit or a few of the ideas you clearly develop well. I am giving you 100 points for your first response which contains a lot of extrapolation and 25 points for your second response with a program solution – both comments receive Assisted Solution titles.

Next, I wish to discuss pfrancois. He explains his specific methodology how he utilizes programs to get the best solutions I may need. I absolutely appreciate that. I would like to ask you sometime how to setup the program assembly and where you retrieved your solution someday. Impressed! However, I did see very limited rationale or understanding to your specific methodology you provide in relation to my questions. I am going to give you 50 points for your first comment and 25 points for your significant second comment correction – both comments receive Assisted Solution.

CoccoBill and richrumble have supplied an well developed explanation in more practical terminology that I can appreciate more that are most applicable to the question of this thread I have asked. (Sorry breadtan, I tired to understand you. ;-) ) These two experts made me realize the answers I needed to know. However pfrancois corrected CoccoBill's comment which was reinforced to be factually true by pfrancois and richrumble regarding the Windows factor that I deem important to know the facts based on my questions. Therefore I am giving CoccoBill 100 points and the Assisted Solution. richrumble goes into some more topics in his comment I found significant he discusses that make richrumble's comment as the Accepted Solution and the remaining 200 points.

Again, thank you all very much!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.