Thank You for Your time and answer, Camaleón: > On Sat, 17 Jul 2010 14:06:58 +0700, Sthu Deus wrote: > > > I have 3 questions on virus/spy-ware detection and detection > > technique. > > He, sounds like a test...
Would You like to take it? > > 1. Which software (may that is even packaged for Debian) is the > > best at Your opinion and why for virus/spy-ware (the software that > > scans for interesting data and sends it to some host) detection? > > - For scanning/detecting virus/malware for Windows systems or linux > systems? Please, do not be amazed, but... LINUX. And preferably.... DEBIAN 5/6. > - For local scanning (e-mails, Internet browsing) or a bunch of > network share files? For the local files on HDD and the whole CD/DVD of a distro (live or installable). > - By "(sic) and sends it to some host" you mean "keep the admin > informed by sending an alert to a host" or you mean "collaborative > tools to benefit others"? Here I mean malicious software that scans for sensitive data like saved passwords in files and the typed on keyboard as well, then sends it to the people that have created / infested my OS w/ the software. > > 3. Is it possible to scan for this very purposes (virus & spy-ware) > > the distro CD/DVD -s - as it is from the media, without explicit > > manual unpacking - to be sure the software is OK (in case when > > check sums are not available OR it is impossible for some reasons > > to re-download the images)? > > I think yes. Many AV scanners will scan ISO files (no "unpacking" > required) but that depends on the AV engine itself. Do You know such a skillful AV engine available for Debian? > But (and I think this is important) when you scan and ISO file for > malware and the result is clean/passed, that is not proving the ISO > image could have been manipulated and/or changed. Checksum (or If so, then AV engines gives false negatives, why should I use it? In case we misunderstand each other, I try to rephrase my this question: I have s live/installable-CD/DVD. I use its normal/rescue mode - I do somethings w/ my OS on HDD in order to make it working. I had no ability to check its checksum, so, is there a way I can be sure that the software I used is "clean"? > I hope I've passed the test :-P You truly did. Thank You, once again. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c4484b9.ce7c0e0a.15d2.1...@mx.google.com
