General discussion


What Anti-Virus for Linux in Enterprise do you recommend?

By jdclyde ·
Running Linux for some time now and have been real happy with the performance and stability.

The question I have, What is a good Anti-Virus to run on an Enterprise deployment of Linux?

What have you been using and for how long?

Dependabiltiy is more important than "free".

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

No virus' YET!

by frozenJim In reply to There are no linux viruse ...

Who wants to bet that the day Symantec creates a commercial "Anti-Virus" product for Linux, there will instantly be 40,000 "in-the-wild" viruses for Linux as well?

I am still waiting for the Microsoft-generated viruses to come along just to make Linux look bad.

Collapse -

by Jaqui In reply to No virus' YET!

there are some viruses for unix, unix like systems. about 250 a year as a matter of fact.
it isn't an issue as the security hole gets plugged very quickly.

and there are commercial anti virus solutions for linux.
until there are more than 250 a year the big names in anti virus aren't going to port to unix like systems.

Collapse -

true, but:

by apotheon In reply to

The fact of the matter is that effective Unix viruses are difficult enough to write that there's unlikely to ever be a very substantial number of them per year. Furthermore, the 250 per year are largely only capable of doing any damage because they exploit holes in what amounts to third-party software in the Unix world. This all leads to the state of affairs as it currently exists: viruses for Unix systems are rendered obsolete the day they're noticed because the vulnerability that they exploit gets fixed within hours, thus making Unix AV software irrelevant for protection of Unix systems.

Commercial Unix-based AV software isn't designed to be used as an AV "client" the way Norton, PC Cillin, and others of that ilk, are. They're server AV, which means they exist to protect other systems in a network from viruses that pass through the servers without actually having an effect on the servers. The most common use of AV software on Unix systems is in cleaning up email that passes through a Unix mail server so that it won't trash a Windows system where the email account is accessed.

Just for general purposes, I run AV software on Linux systems. The reason I do so isn't out of fear of the 250 viruses a year: it's just general principle, in case someone comes up with a virus that will actually have persistent threat capability so that it might eventually be a problem to me. It hasn't really happened yet, but it might some day. Anything is possible.

Basically, it's more a matter of "I'd rather have it and not need it than need it and not have it" paranoia than of actual practical protection.

Keep in mind that, technically, viruses aren't even usually much of a problem in Windows. The major problems are, usually, actually worms and "macro viruses". Because worms are just malicious programs that must be "installed" and run on the system, and because Unix systems don't allow that sort of thing to happen unless you intentionally run everything with administrator permissions (and I do mean pretty much everything, which takes a lot of configuration tweaking), worms are mostly confined to the Windows platform. Macro viruses run within applications that use macros, and they cannot do anything outside the application without having system administrator equivalent permissions. In Unix systems, that requires the user to actually (again) do something stupid and deliberate to let them run rampant within the system. In Windows systems, stuff is run with administrator permissions all the damned time just because that's the way Windows software works. Furthermore, the most macro-vulnerable applications for Windows (IE and, by way of IE, Office and Microsoft's various email clients) are actually hooked into the operating system itself, bypassing permissions entirely. As far as a macro virus acting within the application, this pretty much means that macro viruses can only do stuff like send themselves to other people if they are written for your mail client. Most mail clients aren't macro-vulnerable like that, though: the big exploitable clients are Outlook and Outlook Express.

Collapse -

hah, funny

by apotheon In reply to No virus' YET!

You may have to wait a while. They've probably been trying for a decade or so. Notice how well it's working?

Collapse -

Another I know of

by saphil In reply to There are no linux viruse ...

BitDefender has a Linux version. I have not tested it, but I have used their windows version av/firewall.

Collapse -

by Choppit In reply to What Anti-Virus for Linux ...

Take a look at Sophos. Unfortuntely I can't (yet) vouch for its stability on Linux, but I've used it on Windows, Netware and Mac for 5 years with few problems.

Collapse -


by Choppit In reply to

Also take a look at ClamAV Again, I can't vouch for it (yet) but I'm currently giving it a tryout on my FC3 box at the moment.

Collapse -


by cookspc In reply to ClamAV

I haven't used any antivirus with my linux systems but I understand that Watchguard has selected CLAMAV for one of their new security appliances.

Collapse -

heard a rumor!

by husp1 In reply to What Anti-Virus for Linux ...

never having seen or used linux or uniux I have very little info that might be of help, bur I did read somewhere that kapensky has an AV released for linux.

Collapse -


by The DOBC In reply to What Anti-Virus for Linux ...

Have a look at MailScanner,

It is a great front-end for a corporate server, and it is not only free, but well supported. Viruses are most likely to move through Enterprise linux through e-mail first, then through Samba file shares.

I have Clam-AV, Bitdefender, and a site license for McAfee, and Clam-AV seems to be ahead of the rest most of the time. There is also a patch for Samba to have on-access scanning of file shares.

Related Discussions

Related Forums