New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Antivirus for hosting servers
There is numerous options for battle with most common viruses and other crap on linux.
ClamAV
CXS
Lynis
Etc. Anyone using one of these in real world?
Thanked by 1fucksgiven
Comments
No.. just no.. How would it even help you if you have a linux server? You get ur packages from mirrors anyway and its unlikely for them to be compromised. And even if they are, the backdoors would be so complicated, none of those AVs would help you.
Keyword here is hosting...
for shared resource space
Comodo AV
additional :
Chkrootkit
Rootkit Hunter
I don't think you need an antivirus if you have well configured server with all nasty php functions disabled, for me I use clamav to scan email attachments, but since the users should install their own antivirus I can remove it anyway.
It depends. If you are doing web hosting then Immunify AV or ClamAV would help, if you are just talking about a regular Linux server then those AVs are pretty useless.
Oh really?
ClamAV I think is ok, even if a little slow at times, you could use it to scan the files for shells or malicious uploads.
If you want to protect a webhosting server from the outside, I think this would be the way to go:
https://github.com/SpiderLabs/ModSecurity
I use cPshieldv2.
We have had good results running ClamAV with the following signature set:
https://malware.expert/signatures/
Not too many false positives either, but there may be some so be wary of that.
Edit: Maldet is also another good option, but it is just a wrapper for ClamAV.
https://www.rfxn.com/projects/linux-malware-detect/
Where or why do you plan on using anti virus? Shared environment? SaaS? Web servers? Or database server?
This. Had a nasty skid who uploaded some PHP crap and proxied bruteforce to another system. I guess maldet will do the job in finding base64 for further analysis.
Patchman is a good alternative, but paid, for shared hosting. For mail spam and viruses, ClamAV and Amavis in conjunction. This is what is used in production environment and is working pretty good when configured.
How about Sophos AV?
Immunify360 is quite good.
Maldet, chkrootkit and ClamAV.
ClamAV for scanning emails, although the detection-rate is like 50-50...
Wish there were other free antivirus that is good for linux...
ClamAV is great if you run a mail server, but 99% of what is scans for is Windows viruses. So it doesn't protect your Linux server, it protects the Windows-based users of your Linux server.
The big threat to Linux servers isn't virii, it's service vulnerabilities (buffer overruns, etc). No virus scanner is going to help you with that.
There are various tools that can detect that your server has been compromised AFTER the fact (Maldet, chrootkit, etc) but to prevent it, a diligent update policy is your friend.
CXS works quite good for shared servers
for shared hosting, CXS and ImunifyAV