I'll request permission to get some sanitised data.
________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Joel Esler (jesler) <jes...@cisco.com> Sent: Tuesday, June 13, 2017 13:07 To: ClamAV users ML Subject: Re: [clamav-users] Use on linux operating systems Cause you provide five examples? So we can see if it's one particular error? -- Sent from my iPhone > On Jun 13, 2017, at 07:02, Paul Moreno <p...@paulmoreno.net> wrote: > > There are so many it's proven difficult to recommend the use of ClamAV. > >> On 13 Jun 2017, at 12:57, Joel Esler (jesler) <jes...@cisco.com> wrote: >> >> Plus reports of those false positives would be fantastic. >> >> -- >> Sent from my iPhone >> >>> On Jun 13, 2017, at 06:53, Paul Moreno <p...@paulmoreno.net> wrote: >>> >>> Thanks for the responses. As it stands now, the client get massive amounts >>> of false positives with seemingly no trigger. I’m working on sifting >>> through log files to see if there’s a reason for it or if this specific >>> environment isn’t suited to use this as a scanner. >>> >>> -Paul >>> >>> >>>> On 13 Jun 2017, at 12:33, Brad Scalio <sca...@gmail.com> wrote: >>>> >>>> If your Linux systems are on network segments co-hosting windows devices or >>>> sharing files/filesystems, running Clamscan helps prevent having your Linux >>>> clients hosting viruses for your windows machines or meeting >>>> standards/requirements such as SI-3 in NIST 800-53. >>>> >>>> We run it on our entry/exit points on about 300 servers in a DMZ for the >>>> past two years or so. It's easy to maintain, install, and CLI friendly. >>>> In the past two years we've only ever hit three issues (1) someone put a >>>> bunch of EICAR files in place and it tripped Clamscan (that was a good >>>> thing, at least it's working), (2) a false positive (you'll have to >>>> determine provenance of detected file to ensure it really is a false >>>> positive) and (3) filling up the logfiles when it found the EICAR because >>>> we didn't exclude the quarantine directory from Clamscan execution cronjob >>>> and it recursively looped over itself for a week recopying files since we >>>> don't remove just copy to a quarantine. >>>> >>>> Using AV doesn't exempt you from ensuring systems are hardened >>>> appropriately, but if you have Windows machines on the same network, >>>> sharing files with Windows machines, or have to meet requirements to run AV >>>> we've found clamav is the best choice for Linux systems after reviewing >>>> about a dozen or so alternatives. Of course your use case may vary. >>>> >>>> >>>> >>>> >>>>> On Jun 13, 2017 6:10 AM, "Al Varnell" <alvarn...@mac.com> wrote: >>>>> >>>>> Although ClamAV was originally introduced as mail scanner and does have >>>>> some unique capabilities there, it has progressed far beyond that over the >>>>> years. >>>>> >>>>> I can't give you any personal Linux or Unix experience, so I'll leave that >>>>> to others, but I can tell you that today their are signatures for 22,677 >>>>> Unix unique malware Trojans, Exploits, Worms, Tools, etc. >>>>> >>>>>> On Tue, Jun 13, 2017 at 02:37 AM, Paul Moreno wrote: >>>>>> >>>>>> I'm in the process of providing a recommendation to a client on the use >>>>> of ClamAV. From what I've read in various forums and online material, >>>>> ClamAV appears to be better suited for mail systems, such as postfix, and >>>>> Windows hosts. Can anyone comment on the reliability and accuracy of >>>>> using >>>>> it on a Linux operating system? I understand Linux "malware" would more >>>>> or >>>>> less be in the form of custom scripts, library exploits, and other >>>>> vulnerabilities that lack signatures to detect against. >>>>>> >>>>>> >>>>>> -Paul >>>>> >>>>> -Al- >>>>> -- >>>>> Al Varnell >>>>> ClamXav User >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> clamav-users mailing list >>>>> clamav-users@lists.clamav.net >>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users clamav-users Info Page<http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> lists.clamav.net Your email address: Your name (optional): You may enter a privacy password below. This provides only mild security, but should prevent others from messing ... >>>>> >>>>> >>>>> Help us build a comprehensive ClamAV guide: >>>>> https://github.com/vrtadmin/clamav-faq [https://avatars1.githubusercontent.com/u/2014183?v=3&s=400]<https://github.com/vrtadmin/clamav-faq> GitHub - vrtadmin/clamav-faq: ClamAV FAQ<https://github.com/vrtadmin/clamav-faq> github.com clamav-faq - ClamAV FAQ ... Clone with HTTPS Use Git or checkout with SVN using the web URL. >>>>> >>>>> http://www.clamav.net/contact.html#ml >>>>> >>>> _______________________________________________ >>>> clamav-users mailing list >>>> clamav-users@lists.clamav.net >>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>>> >>>> >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>> >>> _______________________________________________ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
