Solved

Anti-virus for Linux Server

Posted on 2016-11-15
15
86 Views
Last Modified: 2016-11-19
Hello All,

Would like some inputs on installing an Anti-virus on Linux Server. Is it a normal practice? If so, what are the most compatible Anti-virus Solutions for them?

Thanks,
T
0
Comment
Question by:TiazfaD
  • 3
  • 3
  • 2
  • +6
15 Comments
 
LVL 5

Assisted Solution

by:Antzs
Antzs earned 35 total points
ID: 41889178
Best practice is always to have some sort of Anti Virus on any OS that you install.  Cause there is no 100% risk free.  

In terms of Anti Virus, as long as the requirement state that it is supported it will work.  Find a reputable Anti Virus brand, most are giving similar feature these days.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 35 total points
ID: 41889192
Question: Do I need to install any antivirus on linux?
Answer: No its not required

However if you still need AV; You can install  ClamAV
0
 
LVL 23

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 35 total points
ID: 41889225
On a linux server, where the only person ever logging in should be the administrator, an antivirus should not be necessary.  The administrator should be knowledgeable enough to not do anything that might bring an infection into the system.

Security updates on linux systems are, imo, more important.  There's no one centralized, automatic "Linux Update" as there is on Windows, and many distributions do not do security updates automatically.

Example:  On debian the administrator is expected to periodically su (or sudo) and

apt-get update && apt-get upgrade

Open in new window


to get security updates.  Since these updates close exploitable security holes, I have to say that this is the single most important thing to do to protect the integrity of a linux system.
1
 
LVL 32

Assisted Solution

by:phoffric
phoffric earned 35 total points
ID: 41889237
I imagine that the server may need more than what I have on a PC, which is ClamAV. It starts up on bootup, and hopefully is monitoring activity on the PC.
https://www.unixmen.com/installing-scanning-clamav-ubuntu-14-04-linux/
0
 

Assisted Solution

by:carlettus
carlettus earned 35 total points
ID: 41889350
Hi ,
I 'm sharing my experience with you and I hope it will help.

Installing an Antivirus on a linux system is important based on the reole of the system has in your company.
Example1 : if you use your linux system as a File Server where your users stores every kind of data ( documents, executables ) that can be a vector of spreading malware , in this case is imperative having one.
Example2 : I used an antivirus on a Linux web document managment system to scan documents.
Example3: Rootkit detection, combining the av with other tools.

I've been using TrendMicro Server Protect for Linux and I'm totally satisfied, available if you want to know more about it.

Bye
Carlettus
0
 
LVL 61

Assisted Solution

by:btan
btan earned 255 total points
ID: 41889490
Linux malware isn’t all over the Internet like Windows malware is. Using an antivirus is more a risk measured approach to get that extra machine inspection more for Linux-based file server or mail server as you shared compared to desktop Linux users. It will be more worthwhile to be specific to say the addition inspection is to prevent and deter Linux based Ransomware and variants. Linux had its native baseline using SELinux, AppArmour, etc.

Some thoughts shared too

Why do I need anti-virus software?
Isn't Linux virus-free?
For the most part, Linux is engineered in a fashion that makes it hard for viruses to run. However, there are many reasons you might want a virus scanner on your Linux PC:

you are required to have a virus scanner installed by the terms of use of the company you work for or are doing business with
to scan a Windows drive in your PC
to scan a Windows-based network attached server or hard drive
to scan Windows machines over a network
to protect a Windows virtual machine from within the virtual machine
to scan files you are going to send to other people
to scan e-mail you are going to forward to other people
some Windows viruses can run with Wine.
Linux virus infections are theoretically possible.
https://help.ubuntu.com/community/Antivirus
0
 
LVL 24

Assisted Solution

by:lionelmm
lionelmm earned 35 total points
ID: 41889541
I want to agree with carlettus it depends on what you are going to use your linux server for and the examples given show why. also malware and virus for linux are rare as indicated by btan but in my opinion this an added layer of security is a good idea, rather too much than too little.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 25

Assisted Solution

by:madunix
madunix earned 35 total points
ID: 41889677
>>>it depends on what you are going to use your linux server<<<  I agree
Check maldet is a good option
https://www.rfxn.com/projects/linux-malware-detect/
0
 
LVL 61

Assisted Solution

by:btan
btan earned 255 total points
ID: 41889824
Can also check out Sophos for Linux @ https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx
Other than AV, also encourage you see BleachBit @ http://www.bleachbit.org/features for privacy protection, it is kinda of like CCLeaner
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 35 total points
ID: 41890094
Linux malware isn't all that rare.  The C&C servers that the botnets connect to are mostly on Linux.  They don't even need to be root to run.  If you're running a server, you should have at least an external scanner or firewall to spot suspicious network traffic coming from your Linux systems.  I've help other people clean their Linux based systems of IRC bot servers.

ESET costs money but it will run on Linux, Windows, and Mac.
0
 

Author Comment

by:TiazfaD
ID: 41891208
Hi,

Thanks All for all your valuable comments!! What if I were to run an Oracle Application on this Server. In this case, would running an Anti-virus, in any way corrupt my databases. Also thinking of Performance issues.

Thanks,
T
0
 

Assisted Solution

by:carlettus
carlettus earned 35 total points
ID: 41891223
Hello,
In an Oracle enviroment exclude the following files from the real time scan

Data files       Oracle data files with extension .dbf        
Log files       Files with extension .log.
Redo files       Real-time Oracle execution file.       
Control files       Control files with extension .ctl

Now It's up to you to decide how to procede, I guess this servr is not a file sistem ... it hosts a Database and probably a web app

Bye
Carlettus
0
 
LVL 61

Accepted Solution

by:
btan earned 255 total points
ID: 41891249
You need to explicitly include exclusion in AV scans. E.g. Exclusions could be set for the following extensions:
•.dbf - database file
•.log - Online Redo Log
•.rdo - Online Redo Log
•.arc - Archive log
•.ctl - Control files
If you don't configure the software to bypass the Oracle executables and dbf files (everything in $ORACLE_BASE), the antivirus software will stop Oracle and scan each dbf file every time it is read. Having said that, it is not advisable to exclude entire directories (such as the Oracle database directory and subdirectories) from scanning as this poses a potential high security risk. Likewise you should not exclude any temp files or folders as these can be a target for security risks.

There may be performance hit easily if not configured properly. But it does not mean not to have no AV or any form of protection otherwise the DB tier can also be a weakest point for infection spread.
0
 

Author Comment

by:TiazfaD
ID: 41894536
Thank You All ! Every comment was helpful!!

Regards,
T
0
 

Author Closing Comment

by:TiazfaD
ID: 41894537
Thanks again!

Regards,
T
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Microsoft scam computer 10 62
Issue to mail 11 40
svg file 10 39
AWS CLI issues with Tags 3 30
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now