If your Linux systems are on network segments co-hosting windows devices or sharing files/filesystems, running Clamscan helps prevent having your Linux clients hosting viruses for your windows machines or meeting standards/requirements such as SI-3 in NIST 800-53.
We run it on our entry/exit points on about 300 servers in a DMZ for the past two years or so. It's easy to maintain, install, and CLI friendly. In the past two years we've only ever hit three issues (1) someone put a bunch of EICAR files in place and it tripped Clamscan (that was a good thing, at least it's working), (2) a false positive (you'll have to determine provenance of detected file to ensure it really is a false positive) and (3) filling up the logfiles when it found the EICAR because we didn't exclude the quarantine directory from Clamscan execution cronjob and it recursively looped over itself for a week recopying files since we don't remove just copy to a quarantine. Using AV doesn't exempt you from ensuring systems are hardened appropriately, but if you have Windows machines on the same network, sharing files with Windows machines, or have to meet requirements to run AV we've found clamav is the best choice for Linux systems after reviewing about a dozen or so alternatives. Of course your use case may vary. On Jun 13, 2017 6:10 AM, "Al Varnell" <alvarn...@mac.com> wrote: > Although ClamAV was originally introduced as mail scanner and does have > some unique capabilities there, it has progressed far beyond that over the > years. > > I can't give you any personal Linux or Unix experience, so I'll leave that > to others, but I can tell you that today their are signatures for 22,677 > Unix unique malware Trojans, Exploits, Worms, Tools, etc. > > On Tue, Jun 13, 2017 at 02:37 AM, Paul Moreno wrote: > > > > I'm in the process of providing a recommendation to a client on the use > of ClamAV. From what I've read in various forums and online material, > ClamAV appears to be better suited for mail systems, such as postfix, and > Windows hosts. Can anyone comment on the reliability and accuracy of using > it on a Linux operating system? I understand Linux "malware" would more or > less be in the form of custom scripts, library exploits, and other > vulnerabilities that lack signatures to detect against. > > > > > > -Paul > > -Al- > -- > Al Varnell > ClamXav User > > > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
