Anti-virus for Linux Server

Hello All,

Would like some inputs on installing an Anti-virus on Linux Server. Is it a normal practice? If so, what are the most compatible Anti-virus Solutions for them?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AntzsInfrastructure ServicesCommented:
Best practice is always to have some sort of Anti Virus on any OS that you install.  Cause there is no 100% risk free.  

In terms of Anti Virus, as long as the requirement state that it is supported it will work.  Find a reputable Anti Virus brand, most are giving similar feature these days.
madunix (Fadi SODAH)Chief Information Security Officer Commented:
Question: Do I need to install any antivirus on linux?
Answer: No its not required

However if you still need AV; You can install  ClamAV
Dr. KlahnPrincipal Software EngineerCommented:
On a linux server, where the only person ever logging in should be the administrator, an antivirus should not be necessary.  The administrator should be knowledgeable enough to not do anything that might bring an infection into the system.

Security updates on linux systems are, imo, more important.  There's no one centralized, automatic "Linux Update" as there is on Windows, and many distributions do not do security updates automatically.

Example:  On debian the administrator is expected to periodically su (or sudo) and

apt-get update && apt-get upgrade

Open in new window

to get security updates.  Since these updates close exploitable security holes, I have to say that this is the single most important thing to do to protect the integrity of a linux system.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

I imagine that the server may need more than what I have on a PC, which is ClamAV. It starts up on bootup, and hopefully is monitoring activity on the PC.
Hi ,
I 'm sharing my experience with you and I hope it will help.

Installing an Antivirus on a linux system is important based on the reole of the system has in your company.
Example1 : if you use your linux system as a File Server where your users stores every kind of data ( documents, executables ) that can be a vector of spreading malware , in this case is imperative having one.
Example2 : I used an antivirus on a Linux web document managment system to scan documents.
Example3: Rootkit detection, combining the av with other tools.

I've been using TrendMicro Server Protect for Linux and I'm totally satisfied, available if you want to know more about it.

btanExec ConsultantCommented:
Linux malware isn’t all over the Internet like Windows malware is. Using an antivirus is more a risk measured approach to get that extra machine inspection more for Linux-based file server or mail server as you shared compared to desktop Linux users. It will be more worthwhile to be specific to say the addition inspection is to prevent and deter Linux based Ransomware and variants. Linux had its native baseline using SELinux, AppArmour, etc.

Some thoughts shared too

Why do I need anti-virus software?
Isn't Linux virus-free?
For the most part, Linux is engineered in a fashion that makes it hard for viruses to run. However, there are many reasons you might want a virus scanner on your Linux PC:

you are required to have a virus scanner installed by the terms of use of the company you work for or are doing business with
to scan a Windows drive in your PC
to scan a Windows-based network attached server or hard drive
to scan Windows machines over a network
to protect a Windows virtual machine from within the virtual machine
to scan files you are going to send to other people
to scan e-mail you are going to forward to other people
some Windows viruses can run with Wine.
Linux virus infections are theoretically possible.
Lionel MMSmall Business IT ConsultantCommented:
I want to agree with carlettus it depends on what you are going to use your linux server for and the examples given show why. also malware and virus for linux are rare as indicated by btan but in my opinion this an added layer of security is a good idea, rather too much than too little.
madunix (Fadi SODAH)Chief Information Security Officer Commented:
>>>it depends on what you are going to use your linux server<<<  I agree
Check maldet is a good option
btanExec ConsultantCommented:
Can also check out Sophos for Linux @
Other than AV, also encourage you see BleachBit @ for privacy protection, it is kinda of like CCLeaner
Linux malware isn't all that rare.  The C&C servers that the botnets connect to are mostly on Linux.  They don't even need to be root to run.  If you're running a server, you should have at least an external scanner or firewall to spot suspicious network traffic coming from your Linux systems.  I've help other people clean their Linux based systems of IRC bot servers.

ESET costs money but it will run on Linux, Windows, and Mac.
TiazfaDAuthor Commented:

Thanks All for all your valuable comments!! What if I were to run an Oracle Application on this Server. In this case, would running an Anti-virus, in any way corrupt my databases. Also thinking of Performance issues.

In an Oracle enviroment exclude the following files from the real time scan

Data files       Oracle data files with extension .dbf        
Log files       Files with extension .log.
Redo files       Real-time Oracle execution file.       
Control files       Control files with extension .ctl

Now It's up to you to decide how to procede, I guess this servr is not a file sistem ... it hosts a Database and probably a web app

btanExec ConsultantCommented:
You need to explicitly include exclusion in AV scans. E.g. Exclusions could be set for the following extensions:
•.dbf - database file
•.log - Online Redo Log
•.rdo - Online Redo Log
•.arc - Archive log
•.ctl - Control files
If you don't configure the software to bypass the Oracle executables and dbf files (everything in $ORACLE_BASE), the antivirus software will stop Oracle and scan each dbf file every time it is read. Having said that, it is not advisable to exclude entire directories (such as the Oracle database directory and subdirectories) from scanning as this poses a potential high security risk. Likewise you should not exclude any temp files or folders as these can be a target for security risks.

There may be performance hit easily if not configured properly. But it does not mean not to have no AV or any form of protection otherwise the DB tier can also be a weakest point for infection spread.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TiazfaDAuthor Commented:
Thank You All ! Every comment was helpful!!

TiazfaDAuthor Commented:
Thanks again!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.