Server needs anti-virus?

William Scott Lockwood III vladinator at gmail.com
Thu Apr 26 21:31:29 UTC 2012


On Thu, Apr 26, 2012 at 4:17 PM, Ric Moore <wayward4now at gmail.com> wrote:
> On 04/26/2012 05:02 PM, Sam Sebastian wrote:
>>
>> I run a ubuntu (10.04) server on my LAN and generally its off and does
>> not usually do anything while its on except for me to mess around with
>> samba and cups and the like. I was told that it would be a good idea for
>> me to put some kind of anti virus on it. I was wondering if this is
>> necessary? There are 3-4 other windows 7 computers on the network. And
>> all of them have anti-virus installed on them (Norton IIRC)
>>
>> And what about a general linux desktop computer, I know that there are
>> *some* viruses out there for linux but the most common reason that I'm
>> cited for putting anti-virus on it is to stop it from giving viruses to
>> the other computers in the network.
>>
>> And if so which anti-virus would you recommend?
>
>
> I'd recommend doing nothing. Just let the Windows machines catch fire and
> burn to the ground. Then the users would be asking what to do?? <grins
> evilly> ...then you install Linux for them. No more worries. You don't see
> google installing anti-virus for gmail, do you?
>
> If you DID install anti-virus and it failed, would it then be YOUR fault?
> You imply some sort of warranty and acknowledgement of responsibility by
> installing the anti-virus (clamav?) and everything thereafter is your fault.
> If Norton worked, there would be no problem, right? :) Ric

You hear this a lot. It's seriously bad advice.

There is a reason you DO in fact monitor security on your Linux
systems. They are not immune to things like malicious code in the form
of trojans, worms, etc. Root kits. All of the common "AV" solutions
for Linux look for these as well. If you really need to be secure,
things like App Armor or SELinux should be investigated. Also, Windows
machines are not the only vector for these things to affect Linux
hosts. bind, sendmail, postfix, and several other programs can be
exploited in ways that give others control of your box. Having a basic
set of sane safeguards in place (like file integrity monitoring,
security scanning, clamav, etc.) isn't a half bad start.

There's a reason why PCI mandates these for Linux boxes as well as
Windows boxes, and it's NOT just that the majority of their audience
are people running Windows.

-- 
Regards,
W. Scott Lockwood




More information about the ubuntu-users mailing list