Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Antivirus for hosting servers
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Antivirus for hosting servers

There is numerous options for battle with most common viruses and other crap on linux.

ClamAV
CXS
Lynis

Etc. Anyone using one of these in real world?

Thanked by 1fucksgiven

Comments

  • No.. just no.. How would it even help you if you have a linux server? You get ur packages from mirrors anyway and its unlikely for them to be compromised. And even if they are, the backdoors would be so complicated, none of those AVs would help you.

    Thanked by 1fucksgiven
  • @stefeman said:
    No.. just no.. How would it even help you if you have a linux server? You get ur packages from mirrors anyway and its unlikely for them to be compromised. And even if they are, the backdoors would be so complicated, none of those AVs would help you.

    Keyword here is hosting...

  • for shared resource space
    Comodo AV

    additional :
    Chkrootkit
    Rootkit Hunter

    Thanked by 1fucksgiven
  • I don't think you need an antivirus if you have well configured server with all nasty php functions disabled, for me I use clamav to scan email attachments, but since the users should install their own antivirus I can remove it anyway.

    Thanked by 1fucksgiven
  • It depends. If you are doing web hosting then Immunify AV or ClamAV would help, if you are just talking about a regular Linux server then those AVs are pretty useless.

    Thanked by 1fucksgiven
  • raindog308raindog308 Administrator, Veteran

    stefeman said: You get ur packages from mirrors anyway and its unlikely for them to be compromised

    Oh really?

    Thanked by 3uptime mrTom Ympker
  • tgltgl Member

    ClamAV I think is ok, even if a little slow at times, you could use it to scan the files for shells or malicious uploads.

    If you want to protect a webhosting server from the outside, I think this would be the way to go:

    https://github.com/SpiderLabs/ModSecurity

    Thanked by 1fucksgiven
  • I use cPshieldv2.

    Thanked by 1fucksgiven
  • Prime404Prime404 Member
    edited October 2019

    We have had good results running ClamAV with the following signature set:
    https://malware.expert/signatures/

    Not too many false positives either, but there may be some so be wary of that.

    Edit: Maldet is also another good option, but it is just a wrapper for ClamAV.
    https://www.rfxn.com/projects/linux-malware-detect/

    Thanked by 3Levi ITLabs fucksgiven
  • Where or why do you plan on using anti virus? Shared environment? SaaS? Web servers? Or database server?

    Thanked by 1fucksgiven
  • cazrz said: Web servers?

    This. Had a nasty skid who uploaded some PHP crap and proxied bruteforce to another system. I guess maldet will do the job in finding base64 for further analysis.

    Thanked by 1fucksgiven
  • Patchman is a good alternative, but paid, for shared hosting. For mail spam and viruses, ClamAV and Amavis in conjunction. This is what is used in production environment and is working pretty good when configured.

    Thanked by 1fucksgiven
  • How about Sophos AV?

    Thanked by 1fucksgiven
  • JordJord Moderator, Host Rep

    Immunify360 is quite good.

  • Maldet, chkrootkit and ClamAV.

    Thanked by 1fucksgiven
  • ClamAV for scanning emails, although the detection-rate is like 50-50...

    Wish there were other free antivirus that is good for linux...

  • ras07ras07 Member
    edited October 2019

    ClamAV is great if you run a mail server, but 99% of what is scans for is Windows viruses. So it doesn't protect your Linux server, it protects the Windows-based users of your Linux server.

    The big threat to Linux servers isn't virii, it's service vulnerabilities (buffer overruns, etc). No virus scanner is going to help you with that.

    There are various tools that can detect that your server has been compromised AFTER the fact (Maldet, chrootkit, etc) but to prevent it, a diligent update policy is your friend.

  • someshzsomeshz Member, Host Rep

    CXS works quite good for shared servers :)

  • for shared hosting, CXS and ImunifyAV

Sign In or Register to comment.