Thanks for the responses. As it stands now, the client get massive amounts of false positives with seemingly no trigger. I’m working on sifting through log files to see if there’s a reason for it or if this specific environment isn’t suited to use this as a scanner.
-Paul > On 13 Jun 2017, at 12:33, Brad Scalio <sca...@gmail.com> wrote: > > If your Linux systems are on network segments co-hosting windows devices or > sharing files/filesystems, running Clamscan helps prevent having your Linux > clients hosting viruses for your windows machines or meeting > standards/requirements such as SI-3 in NIST 800-53. > > We run it on our entry/exit points on about 300 servers in a DMZ for the > past two years or so. It's easy to maintain, install, and CLI friendly. > In the past two years we've only ever hit three issues (1) someone put a > bunch of EICAR files in place and it tripped Clamscan (that was a good > thing, at least it's working), (2) a false positive (you'll have to > determine provenance of detected file to ensure it really is a false > positive) and (3) filling up the logfiles when it found the EICAR because > we didn't exclude the quarantine directory from Clamscan execution cronjob > and it recursively looped over itself for a week recopying files since we > don't remove just copy to a quarantine. > > Using AV doesn't exempt you from ensuring systems are hardened > appropriately, but if you have Windows machines on the same network, > sharing files with Windows machines, or have to meet requirements to run AV > we've found clamav is the best choice for Linux systems after reviewing > about a dozen or so alternatives. Of course your use case may vary. > > > > > On Jun 13, 2017 6:10 AM, "Al Varnell" <alvarn...@mac.com> wrote: > >> Although ClamAV was originally introduced as mail scanner and does have >> some unique capabilities there, it has progressed far beyond that over the >> years. >> >> I can't give you any personal Linux or Unix experience, so I'll leave that >> to others, but I can tell you that today their are signatures for 22,677 >> Unix unique malware Trojans, Exploits, Worms, Tools, etc. >> >> On Tue, Jun 13, 2017 at 02:37 AM, Paul Moreno wrote: >>> >>> I'm in the process of providing a recommendation to a client on the use >> of ClamAV. From what I've read in various forums and online material, >> ClamAV appears to be better suited for mail systems, such as postfix, and >> Windows hosts. Can anyone comment on the reliability and accuracy of using >> it on a Linux operating system? I understand Linux "malware" would more or >> less be in the form of custom scripts, library exploits, and other >> vulnerabilities that lack signatures to detect against. >>> >>> >>> -Paul >> >> -Al- >> -- >> Al Varnell >> ClamXav User >> >> >> >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
