Anti-virus for FreeBSD

Valeri Galtsev galtsev at kicp.uchicago.edu
Wed Mar 23 16:02:39 UTC 2016 

On Wed, March 23, 2016 1:01 am, Wayne Sierke wrote:
> On Tue, 2016-03-22 at 09:07 +0000, krad wrote:
>
>> Other than that clamav
>> is good enough.
>
> I'm curious as to whether that's an objective or subjective view?
>
> I've got clam-av set up on a couple of mail boxes scanning incoming
> messages and find a worrying amount of viral content still gets
> through. Even after submitting false-negative reports, manual tests
> conducted (days!) later have failed to detect them.
>
> To be fair, some of that also fails to be detected initially by
> commercial AV scanners on MS Windows. However in one instance, for
> example, one AV provider had an update deployed and distributed less
> than two hours after they were notified.
>
> I've submitted suspect attachments to the Virus-Total web site to find
> that it was already submitted previously, sometimes long ago, and clam-
> av is listed with a negative detection result.
>

Partly to toss some more fuel into the fire ;-) and partly to discourage
too harsh judgement of "some anti-vurus software not catching some
viruses" (or should I say virii as a plural of Latin word virus?)

First of all, the whole anti-virus approach is fundamentally flawed. In
fact, you can not enumerate bad (what anti-virus is trying to do). You
only can enumerate good and prohibit everything else. So, don't be too
harsh on those [anti-viruses] that miss some of evil things sometimes:
remember, they are trying to do the task that is fundamentally flawed.

Second, the very existence of Windows viruses is based on architecture
flaws of MS Windows system IMHO. Of course, most of us have to use and
maintain that system in a course of fulfilling our job duties; that can
not prevent us from having some attitude. Based on which I would
discourage running for your Unix/Linux mail server virus scanning software
on Windows machine. I would to my best ability avoid running any services
at all on MS Windows. This one - avoid using Windows for scanning what
Windows is vulnerable to - is yet another reason in addition to a need of
maintaining too many systems.

Just my $0.02

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

More information about the freebsd-questions mailing list