Re: Antivirus?

From: Circuit Breaker (bagboy6437_at_shipaol.com)
Date: 05/30/04 

Date: Sun, 30 May 2004 10:50:21 -0400

Grant wrote:

> Circuit Breaker wrote:
>> On Sun, 30 May 2004 13:45:39 +0100, Grant wrote:
>>
>>
>>>Hi,
>>>
>>>I was just wondering this morning, do i really need antivirus? the
>>>reason i thought that was because i run only linux and freebsd boxes and
>>>i heard that there is very limited virus's that can affect/infect a
>>>bsd/linux box...
>>>
>>>So i was wondering do i really need to install them virus filters on my
>>>mail server? or on any of my bsd/linux boxes, if i do could someone
>>>explain why....
>>>
>>>Thanks.
>>>Grant.
>>
>>
>> From what I've read in previous postings here and across the net (read,
>> "Google can tell you"), the only reason that anyone has any pressing need
>> to run any kinf of antivirus on their linux/unix/bsd/whatever box is when
>> they are acting as a mail server for people who use Microsoft Outlook
>> Express (or any other Windows-based mail reader, but most readers have
>> the decency *not* to open executable file attachments by default).
>>
>> The reason is because the mail server will transfer files along with the
>> mail because they're part of the message. The virus scanner should be
>> set to open the mail as it passes through your linux system and remove
>> any
>> virus infections from any attachments. While it's there, you could do
>> the BOFH thing (http://www.theregister.co.uk/odds/bofh) and direct it to
>> grep the e-mail for personally identifiable information along with
>> references to less-than-moral acts :-DDD, but only if you have a decent
>> lawyer or an
>> extensive set of LARTs. :-D
>>
>> OTOH, if you do not serve anything to any windows machines, you
>> *probably* don't have any need for antivirus whatsoever.
>>
>> Something you DO have to keep an eye out for is trojans and/or worms.
>> Trojans, only if you run malicious, uncertified, unrecognized programs as
>> root (gee, what's that red button do? >*click*<), and worms, because all
>> software has vulnerabilities. However, as home users, we typically do
>> not run the kinds of services that have the aforementioned
>> vulnerabilities and therefore are at a much decreased risk, whereas it's
>> mostly the business and corporate users -- who are likely to attract
>> attention to their web sites, etc. -- who are at an increased risk /
>> exposure that need to worry about those.
>>
>> If you need more info, hit Google, specifically groups.google.com and
>> google.com/linux
>>
>> HIH
>>
>> CJ
>>
>
> Neat thanks for that... seeing as i do serve a few windows clients i
> think i will have a look at shoving something on there to protect them...
>
> but for now i think i will just suggest they keep their virus guards
> updated..

Depending on the amount of people you serve, etc., you may find it best to
follow that practice /anyway/, considering that some people might view your
checking of attachments as an invasion of privacy (even though I would
expect all mail providers to state very clearly in their TOS that all mail
can be viewed at any time during the normal course of operations and server
maintenance, including virus scans).

Plus, making the users rely on their own methods makes them responsible and
eases the issues you have to deal with. Unfortunately, this also means
incompetent individuals are now responsible for something that the internet
community really doesn't want incompetent individuals responsible for.

So, where do we draw the line between being "big brother" and letting people
ruin their systems (and possibly others')?

If you do decide to monitor for and remove viruses, make sure your
scanner/deleter/whatever will send a message to the recipient stating it
discovered a virus in an attachment -- that way, if the discovery was a
false positive, the user can try to find other methods of getting the file
from whoever it was that sent it, and, if it was a true positive, the user
knows you're protecting them. And, in any case, I would recommend each
user on winders boxes to run their own virus scanners regardless of what or
how many you run on the server.

My 2 cents.

> Thanks for the quick reply!

NP. It was just luck of the draw. I hit "get new" so I could reply an
addendum to a post I had just sent, and saw yours.

Considering the subject, I must say, I'm surprised I'm the only respondent
even after half an hour.

CJ