On Wed, 2004-07-21 at 22:02 -0500, L. Clayton Parker wrote:
On Wed, 2004-07-21 at 21:29, Ron Johnson wrote:Veering a little OT (but still relevant to AV), why the heck do you need to scan a Linux system for "over 90,000 viruses, worms, and trojans"? I'd sell you my son for a dollar a kilo if there was a virus on your box. Depending on (a)how effective your firewall is, (b) how current you keep your system, and (c) whether you do stupid things like telnet into your system from the outside, I'd be equally sur- prised if you have a worm or trojan on it, either.There are, in fact, viruses out there for Linux. It is true that there aren't many, but they do exist. The first worm was designed specifically for Unix. Firewalls do not stop virii and trojans from getting onto your system. Keeping your system up to date will not prevent it either. Installing Tripwire will tell you when it has happened, but will not prevent it. Proper configuration of root priveleges will help enormously, but even that can be spoofed (see the Elf virus).
By their nature, worms and trojans *can't* spread via a *ix MTA. Only a vigorously, willfully idiotic person could get infected via email on a *ix box. You're thinking like a Windows administrator. *ix worms and tro- jans infect by exploiting bugs in daemons listening on ports. Remember The Great Worm? Sendmail was the vector, not mailx. Sophos won't do a darned bit of good against something trying to exploit httpd, ftpd, PHP, imapd, popd, etc, etc, ad nauseum. -- ----------------------------------------------------------------- Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B "Abstract art? A product of the untalented, sold by the unprincipled to the utterly bewildered." Al Capp
Attachment:
signature.asc
Description: This is a digitally signed message part