Solved

Anti-virus for Linux Server

Posted on 2016-11-15
15
137 Views
Last Modified: 2016-11-19
Hello All,

Would like some inputs on installing an Anti-virus on Linux Server. Is it a normal practice? If so, what are the most compatible Anti-virus Solutions for them?

Thanks,
T
0
Comment
Question by:TiazfaD
  • 3
  • 3
  • 2
  • +6
15 Comments
 
LVL 6

Assisted Solution

by:Antzs
Antzs earned 35 total points
ID: 41889178
Best practice is always to have some sort of Anti Virus on any OS that you install.  Cause there is no 100% risk free.  

In terms of Anti Virus, as long as the requirement state that it is supported it will work.  Find a reputable Anti Virus brand, most are giving similar feature these days.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 35 total points
ID: 41889192
Question: Do I need to install any antivirus on linux?
Answer: No its not required

However if you still need AV; You can install  ClamAV
0
 
LVL 25

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 35 total points
ID: 41889225
On a linux server, where the only person ever logging in should be the administrator, an antivirus should not be necessary.  The administrator should be knowledgeable enough to not do anything that might bring an infection into the system.

Security updates on linux systems are, imo, more important.  There's no one centralized, automatic "Linux Update" as there is on Windows, and many distributions do not do security updates automatically.

Example:  On debian the administrator is expected to periodically su (or sudo) and

apt-get update && apt-get upgrade

Open in new window


to get security updates.  Since these updates close exploitable security holes, I have to say that this is the single most important thing to do to protect the integrity of a linux system.
1
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 32

Assisted Solution

by:phoffric
phoffric earned 35 total points
ID: 41889237
I imagine that the server may need more than what I have on a PC, which is ClamAV. It starts up on bootup, and hopefully is monitoring activity on the PC.
https://www.unixmen.com/installing-scanning-clamav-ubuntu-14-04-linux/
0
 

Assisted Solution

by:carlettus
carlettus earned 35 total points
ID: 41889350
Hi ,
I 'm sharing my experience with you and I hope it will help.

Installing an Antivirus on a linux system is important based on the reole of the system has in your company.
Example1 : if you use your linux system as a File Server where your users stores every kind of data ( documents, executables ) that can be a vector of spreading malware , in this case is imperative having one.
Example2 : I used an antivirus on a Linux web document managment system to scan documents.
Example3: Rootkit detection, combining the av with other tools.

I've been using TrendMicro Server Protect for Linux and I'm totally satisfied, available if you want to know more about it.

Bye
Carlettus
0
 
LVL 62

Assisted Solution

by:btan
btan earned 255 total points
ID: 41889490
Linux malware isn’t all over the Internet like Windows malware is. Using an antivirus is more a risk measured approach to get that extra machine inspection more for Linux-based file server or mail server as you shared compared to desktop Linux users. It will be more worthwhile to be specific to say the addition inspection is to prevent and deter Linux based Ransomware and variants. Linux had its native baseline using SELinux, AppArmour, etc.

Some thoughts shared too

Why do I need anti-virus software?
Isn't Linux virus-free?
For the most part, Linux is engineered in a fashion that makes it hard for viruses to run. However, there are many reasons you might want a virus scanner on your Linux PC:

you are required to have a virus scanner installed by the terms of use of the company you work for or are doing business with
to scan a Windows drive in your PC
to scan a Windows-based network attached server or hard drive
to scan Windows machines over a network
to protect a Windows virtual machine from within the virtual machine
to scan files you are going to send to other people
to scan e-mail you are going to forward to other people
some Windows viruses can run with Wine.
Linux virus infections are theoretically possible.
https://help.ubuntu.com/community/Antivirus
0
 
LVL 24

Assisted Solution

by:Lionel MM
Lionel MM earned 35 total points
ID: 41889541
I want to agree with carlettus it depends on what you are going to use your linux server for and the examples given show why. also malware and virus for linux are rare as indicated by btan but in my opinion this an added layer of security is a good idea, rather too much than too little.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 35 total points
ID: 41889677
>>>it depends on what you are going to use your linux server<<<  I agree
Check maldet is a good option
https://www.rfxn.com/projects/linux-malware-detect/
0
 
LVL 62

Assisted Solution

by:btan
btan earned 255 total points
ID: 41889824
Can also check out Sophos for Linux @ https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx
Other than AV, also encourage you see BleachBit @ http://www.bleachbit.org/features for privacy protection, it is kinda of like CCLeaner
0
 
LVL 28

Assisted Solution

by:serialband
serialband earned 35 total points
ID: 41890094
Linux malware isn't all that rare.  The C&C servers that the botnets connect to are mostly on Linux.  They don't even need to be root to run.  If you're running a server, you should have at least an external scanner or firewall to spot suspicious network traffic coming from your Linux systems.  I've help other people clean their Linux based systems of IRC bot servers.

ESET costs money but it will run on Linux, Windows, and Mac.
0
 

Author Comment

by:TiazfaD
ID: 41891208
Hi,

Thanks All for all your valuable comments!! What if I were to run an Oracle Application on this Server. In this case, would running an Anti-virus, in any way corrupt my databases. Also thinking of Performance issues.

Thanks,
T
0
 

Assisted Solution

by:carlettus
carlettus earned 35 total points
ID: 41891223
Hello,
In an Oracle enviroment exclude the following files from the real time scan

Data files       Oracle data files with extension .dbf        
Log files       Files with extension .log.
Redo files       Real-time Oracle execution file.       
Control files       Control files with extension .ctl

Now It's up to you to decide how to procede, I guess this servr is not a file sistem ... it hosts a Database and probably a web app

Bye
Carlettus
0
 
LVL 62

Accepted Solution

by:
btan earned 255 total points
ID: 41891249
You need to explicitly include exclusion in AV scans. E.g. Exclusions could be set for the following extensions:
•.dbf - database file
•.log - Online Redo Log
•.rdo - Online Redo Log
•.arc - Archive log
•.ctl - Control files
If you don't configure the software to bypass the Oracle executables and dbf files (everything in $ORACLE_BASE), the antivirus software will stop Oracle and scan each dbf file every time it is read. Having said that, it is not advisable to exclude entire directories (such as the Oracle database directory and subdirectories) from scanning as this poses a potential high security risk. Likewise you should not exclude any temp files or folders as these can be a target for security risks.

There may be performance hit easily if not configured properly. But it does not mean not to have no AV or any form of protection otherwise the DB tier can also be a weakest point for infection spread.
0
 

Author Comment

by:TiazfaD
ID: 41894536
Thank You All ! Every comment was helpful!!

Regards,
T
0
 

Author Closing Comment

by:TiazfaD
ID: 41894537
Thanks again!

Regards,
T
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Weird Samba Connectivity Issue... 7 39
Video Streaming 6 72
AWS ELB 5 74
wireless name in LAN adapter 14 47
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now