On-access AV scanning

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Jul 27 13:20:59 UTC 2012

On 27/07/2012 13:15, Erich Dollansky wrote:
> You will not find them. The scanners running on FreeBSD are looking for
> Windows pests.

> Does it scan for FreeBSD viruses? I would wonder.

AV Scanners are looking for the signature of any known malware.  The
important word there is 'known' -- it's malware that has come to the
attention of the AV software manufacturers and that they have published
a "fingerprint" of.  They don't generally work heuristically; ie. so
that they could detect and stop a 0-day malware automatically.

Now, as the vast majority of known malware affects Windows -- there are
3 or 4 known worms that used to affect Linux and I think one that would
also have affected FreeBSD (but those all relied on old and vulnerable
versions of Apache to spread and they are from many years ago in any
case) plus a recent virus or two that attacks MacOS X -- then any AV
scanner is, pretty much by definition, going to be looking for Windows

In the light of that, the OP's workplace AV policy is clearly
nonsensical when applied to a FreeBSD desktop.  Scanning shared
filesystems at regular intervals and scanning incoming mail or web
content is generally sufficient to keep a FreeBSD box clean and also
protect a whole network-full of Windows clients that access it as a
server from most avenues of infection.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20120727/ea313eb1/signature.pgp

More information about the freebsd-questions mailing list