Plus reports of those false positives would be fantastic. -- Sent from my iPhone
> On Jun 13, 2017, at 06:53, Paul Moreno <p...@paulmoreno.net> wrote: > > Thanks for the responses. As it stands now, the client get massive amounts > of false positives with seemingly no trigger. I’m working on sifting through > log files to see if there’s a reason for it or if this specific environment > isn’t suited to use this as a scanner. > > -Paul > > >> On 13 Jun 2017, at 12:33, Brad Scalio <sca...@gmail.com> wrote: >> >> If your Linux systems are on network segments co-hosting windows devices or >> sharing files/filesystems, running Clamscan helps prevent having your Linux >> clients hosting viruses for your windows machines or meeting >> standards/requirements such as SI-3 in NIST 800-53. >> >> We run it on our entry/exit points on about 300 servers in a DMZ for the >> past two years or so. It's easy to maintain, install, and CLI friendly. >> In the past two years we've only ever hit three issues (1) someone put a >> bunch of EICAR files in place and it tripped Clamscan (that was a good >> thing, at least it's working), (2) a false positive (you'll have to >> determine provenance of detected file to ensure it really is a false >> positive) and (3) filling up the logfiles when it found the EICAR because >> we didn't exclude the quarantine directory from Clamscan execution cronjob >> and it recursively looped over itself for a week recopying files since we >> don't remove just copy to a quarantine. >> >> Using AV doesn't exempt you from ensuring systems are hardened >> appropriately, but if you have Windows machines on the same network, >> sharing files with Windows machines, or have to meet requirements to run AV >> we've found clamav is the best choice for Linux systems after reviewing >> about a dozen or so alternatives. Of course your use case may vary. >> >> >> >> >>> On Jun 13, 2017 6:10 AM, "Al Varnell" <alvarn...@mac.com> wrote: >>> >>> Although ClamAV was originally introduced as mail scanner and does have >>> some unique capabilities there, it has progressed far beyond that over the >>> years. >>> >>> I can't give you any personal Linux or Unix experience, so I'll leave that >>> to others, but I can tell you that today their are signatures for 22,677 >>> Unix unique malware Trojans, Exploits, Worms, Tools, etc. >>> >>>> On Tue, Jun 13, 2017 at 02:37 AM, Paul Moreno wrote: >>>> >>>> I'm in the process of providing a recommendation to a client on the use >>> of ClamAV. From what I've read in various forums and online material, >>> ClamAV appears to be better suited for mail systems, such as postfix, and >>> Windows hosts. Can anyone comment on the reliability and accuracy of using >>> it on a Linux operating system? I understand Linux "malware" would more or >>> less be in the form of custom scripts, library exploits, and other >>> vulnerabilities that lack signatures to detect against. >>>> >>>> >>>> -Paul >>> >>> -Al- >>> -- >>> Al Varnell >>> ClamXav User >>> >>> >>> >>> >>> _______________________________________________ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >>> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
