Video Screencast Help

Do we really need a Antivirus for Linux

Created: 09 Mar 2012 • Updated: 13 Mar 2012 | 20 comments
Language Translations
Vikram Kumar-SAV to SEP's picture
+14 14 Votes
Login to vote

 

Do we really need a Antivirus for Linux

If someone feels Linux is Malware free or there is nothing called Linux Malwares then it is totally incorrect.

Due to increasing popularity of Linux as Desktop using Gnome Environment the malware authors are becoming more interested about Linux. Vulnerabilities in Network Daemons can also be exploited by Worms.

Recently there have been  few Cross-Platform Threats that can run on both Windows and Linux Environment for example Perl.BadBunny, SB.BadBunny, IRC.BadBunny, Ruby.BadBunny etc.

It is also possible that when you read emails or surf Internet you might get malware content downloaded or sent to you.

Then SAMBA and NFS servers should also be scanned periodically to check if it is infected.

 

Symantec Antivirus for Linux provides complete Malware protection against Linux Malwares.

It will give a Real Time protection using Real Time scan whenever a File is Accessed or Modified that is moved, renamed, copied, deleted etc. it will be scanned by Antivirus.

SAV for Linux also provides freedom to schedule periodic Scans using Schedule Scans or On-Demand scan it scans all files on your machine based on the Virus Signatures Loaded in the Antivirus.

You can configure Centralized Logging and Reporting for Symantec Antivirus for Linux using Symantec Endpoint Protection Manager or to a Specific SYSLOG server.

SAV for Linux can be configured to download the Virus Signatures from a Centralized Internal Liveupdate Server so that all machines do not have to connect to the internet for updates or when the machines are in Secure Network.

You can make configuration changes centrally using ConfigEd tool and distribute the GRC.DAT on the clients where you want to make the Policy changes for more information check this

https://www-secure.symantec.com/connect/articles/use-configedexe-config-sav-linux

If you feel the Antivirus might impact performance on your critical application running on the machines or if you want to exclude folders from scanning you can configure NoScanDir and those folders will be excluded from scanning.

The SAV for Linux configurations can be easily managed from both Command Line and KDE/Gnome Environment.

Symantec Antivirus for Linux supports almost all Kernels of RED HAT, FEDORA, SuSE.OES2, UBUNTU, and DEBIAN.

Click here to find list of Supported Kernels.

Comments 20 CommentsJump to latest comment

AR Sharma's picture

But, do we have to push GRC.DAT each time to all Linux clients, when we want to make changes in the policy?

Thanks & Regards,

AR Sharma, CISSP

IBM Certified System Admin- Lotus Domino V7

ITIL V2 Certified

0
Login to vote
Vikram Kumar-SAV to SEP's picture

How often would you need to change a Policy for only Antivirus..that too on Linux

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
Srikanth_Subra's picture

But correctly our enspoint license itself will support for linux or we need to buy seperate one?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

0
Login to vote
Mick2009's picture

"Thumbs up" from me.

Another consideration: if that Linux box is a file server that provides storage accessed by Windows clients, SAVFL can detect and remove any Windows threats that are stored there.  SAVFL can be another layer of protection in the network, should the SAV or SEP on those Windows machines malfunction or have definitions that are out of date.

With thanks and best regards,

Mick

+2
Login to vote
TNicikowski's picture

Another point to keep in mind is... Compliancy.

Some governing bodies require that a Linux Server have some type of AV installed with logging enabled. 

For instance, a Linux server used for Credit Card processing 

With SAVFL you get a robust AV client with the ability to report back to the SEPM if there are any risks found on that system.

winner, winner, chicken dinner! cheeky

+2
Login to vote
Vikram Kumar-SAV to SEP's picture

Totally Agree with you..Compliance is major reason why you need Antivirus on your Linux.

Audit says every host on your network should have a Antivirus protection.

If its a Server for Financial Institutation then governing bodies are actually strict on compliance.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
Mick2009's picture

Just a quick clarification, in case any readers of this thread are not familiar: to see those Linux events in the SEPM notifications and reports, be sure to install and configure the optional SAVFL Reporter when you install SAVFL.  It is not installed automatically when SAVFL is installed.  The necessary pacakge is right on the same .iso / CD though.

Here are some helpful articles:

Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes
Article: DOC3474   |  Created: 2010-12-15   |  Updated: 2011-11-01   | 
Article URL http://www.symantec.com/docs/DOC3474 
 

Release notes for Symantec AntiVirus for Linux 1.0x
Article: TECH103599   |  Created: 2007-01-03   |  Updated: 2012-02-24   | 
Article URL http://www.symantec.com/docs/TECH103599 
 

 

With thanks and best regards,

Mick

0
Login to vote
FbacchinZF's picture

Can we expect to see a Symantec Enpoint Protection version for Linux in the future ?

+1
Login to vote
Vikram Kumar-SAV to SEP's picture

@FbacchinZF -- Yes why not..just NO ETA yet..as I said due to increase in popularity of Linux as desktops anything is possible in near future.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

+1
Login to vote
Mzerma Amine's picture

Hi all,

How can I qualify the Happiness while reading the Topic Title?

For years, I battle against this "Said to Be" state of "Virus-Free" DREAM some (and too much) Linux users expect to be a reality!

Too much of the persons I met during last 15 years answered me, while I asked them if they were well-protected facing threats, virus and Trojans, backdoors ... that:

"There is NO Virus or risk on Linux Desktops! There is NO malicious Code developed to run on Linux systems! Linux is Self-Resistant! " ...

Some others answered, because they were "Aware" that (putting more complex the understanding of their Un-knowledge to their neighborhood by the use of some technical words in their sentences, to avoid confrontation with their users, thinking then that the concerned speakers were thought to be operational Forces) "The Kernel of Linux releases and distributions was enough strong to Protect ALL components of the OS, the Applications layer AND the Data's in itself! ..."

I'm sure you All understand what I mean...

Generally speaking, after some explanations, comparing questions that make the Tech understand the argumentation offered to his collaborators does not answer the way I ask him, I give my BC, and wait for the EMERGENCY CALL! Some did...

Of course, the Dimension and Decision making Policies deciding the budgets of the Enterprise of Organizational service or unit concerned by Security, Protection, Compliance, DLP ... DO NOT HAVE the same glance over the Linux-based Systems while comparing them to Microsoft(R) Servers, for example ...

The conjunction of Both aspects could have created a constant state of feeling Secure, engaging the situation that NO Strategy had been built to face those Basics aspects for SMB and Very Small BIZ enterprises ... comparing to the PRO-Efficient and Certification based hiring policies engaged by "XXL companies".

With a similar approach, for another part of NON-Linux based desktops users, Months ago, I commented on some blog publishing an article speaking about MAC users feeling a similar Safety, with such a "Non-Considering Security and Protection" attitude for too much users, in my opinion ...

Could it be a part of a my Enterprise next Communication Campaign?! Sure I'll think about ...

 

Thank You for this writing I will advise to some audience over twitter in some minutes...

Every purpose on this page is a Value in itself, by the experiences and all the interrogations shared!

+2
Login to vote
Mick2009's picture

Just sharing this list that I can across today - there are one hundred distinct threats that target Linux. 

Linux.Abditive.Worm
Linux.Abulia
Linux.ADM.Worm
Linux.Adore.Worm
Linux.Adrastea
Linux.Alaeda
Linux.Amalthea
Linux.Backdoor.IN
Linux.Backdoor.Kaiten
Linux.Backdoor.Rexob
Linux.BinFly.Trojan
Linux.Binom
Linux.Bliss.A
Linux.Bliss.B
Linux.Bliss.b
Linux.Cassini
Linux.Cheese.Worm
Linux.Crimea
Linux.Cron
Linux.DDoS.MStream
Linux.Ddssh
Linux.Debilove
Linux.Derfun
Linux.Dido
Linux.Dies.969
Linux.Diesel
Linux.Doggie
Linux.DoS.tfn2k.td
Linux.DoS.tfn2k.tfn
Linux.DoS.trinoo.ms
Linux.DoS.trinoo.ns
Linux.Dummy
Linux.Dup.Trojan
Linux.Durock
Linux.Durock!inf
Linux.Elend
Linux.Emwerm.Worm
Linux.Eriz.Int
Linux.Flooder
Linux.Gildo
Linux.Hermalite
Linux.Hijacker.Worm
Linux.HLLO.Dirax
Linux.Holawor
Linux.Hyp.6168
Linux.Jac.8759
Linux.Kagob
Linux.Kitw.Worm
Linux.Kork.Worm
Linux.Lion.Worm
Linux.Lotek
Linux.Mandragore.666
Linux.Mare
Linux.Mare.K
Linux.Metis
Linux.Millen.Worm
Linux.Mixter
Linux.Nel.A
Linux.Neox.A
Linux.Nuxbee.1411
Linux.Obsid.gen
Linux.Orig
Linux.Ovets
Linux.Pavid
Linux.Perbot
Linux.Phalax
Linux.Phobi
Linux.Plupii
Linux.Plupii.B
Linux.Plupii.C
Linux.Podloso
Linux.Psybot
Linux.Quasi
Linux.Ramen.Worm
Linux.Rike
Linux.RST.A
Linux.RST.B
Linux.RST.Trojan
Linux.Satyr
Linux.Scalper.int
Linux.Sickabs
Linux.Siilov.5916
Linux.Silv5444
Linux.Silvio.B
Linux.Simile
Linux.Slapper.D
Linux.Slapper.Worm
Linux.Snoopy.A
Linux.Snoopy.B
Linux.Snoopy.C
Linux.Sorso
Linux.Spork
Linux.Staog
Linux.Svat
Linux.Tarog
Linux.Thebe
Linux.Vit.4096
Linux.Ynit.827
Linux.Zipworm
Linux.Zone.A
 

With thanks and best regards,

Mick

+3
Login to vote
Mick2009's picture

SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide

https://www-secure.symantec.com/connect/articles/sav-linux-scanning-best-practices-somewhat-illustrated-guide

With thanks and best regards,

Mick

0
Login to vote
FbacchinZF's picture

 

Another product that offers protection for Linux based servers instead of Symantec AntiVirus for Linux 1.0x is the Symantec Critical System Protection .

It should be considered as well to lock-down access to systems and applications on a least-required privileges base.....

+1
Login to vote
Vikram Kumar-SAV to SEP's picture

@FbacchinZF - I totally agree SCSP can also be used..but saying SCSP is a alternative for Antivirus does not justify SCSP..SCSP is much more than antivirus..if you have SCSP on your machine you need no more Security on the Server (other than Physical Security)

 

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
Mick2009's picture

Adding a link to a blog post from Security Response: 

Remote Linux Wiper Found in South Korean Cyber Attack
https://www-secure.symantec.com/connect/blogs/remote-linux-wiper-found-south-korean-cyber-attack

With thanks and best regards,

Mick

0
Login to vote
kailasandhale's picture

People think that open sourc OS(eg Linux) is  free from viruses and they give the reason that viruses are with .exe extension and Linux does not support it, but 1 thing to remember regarding this, Using wine we can open .exe in linux(nd using .exe many a times is necessary) Not all viruses are in .exe format. For such viruses, Antivirus is must. Here are Some situations where we nee dAntivirus for Linux

Mail servers
The vast majority of Linux anti-virus programs run on mail servers. These are the computers that your mail client connects to when you want to send or receive an email. Since email is one of the main way viruses and trojan horses spread, these servers are the “front-line” in the battle to stop computer viruses. And, since so many of these servers run Linux, it’s clear to see the need for a Linux program to detect Windows viruses. If you’re running a mail server, whether it be for your home or office, you should definitely be using an anti-virus program to intercept any naughty files that might be trying to move in or out of your network via email.

File servers
Another place where you’d want to run an anti-virus program is on a file server shared my multiple users, even if you trust all of these users. File servers are basically repositories for data; some of that data might come to exist on your server through legitimate sources, but there’s no way for you to know where each and every file originated. Running an anti-virus ensures that if someone uploads an infected file, say, downloaded from a Peer-to-Peer network, your file server will detect the threat and stop any other users from becoming infected.

 

Still if anyone is having doubt you can refer to http://en.wikipedia.org/wiki/Linux_malware regarding Linux Malwares.

+3
Login to vote
Mick2009's picture

SAV for Refrigerator-?

Very interesting article about how appliances around your house may soon be infected with malware.

Despite the News, Your Refrigerator is Not Yet Sending Spam

https://www-secure.symantec.com/connect/blogs/despite-news-your-refrigerator-not-yet-sending-spam
....

Even though the refrigerator was innocent, having IoT devices send spam isn’t impossible. Recently, we uncovered one of the first and most interesting IoT threats, Linux.Darlloz, which infects Linux-based IoT devices such as routers, cameras, and entertainment systems. Beyond its ability to infect IoT devices, what makes Darlloz interesting is that it is involved in a worm war with another threat known as Linux.Aidra. Darlloz checks if a device is infected with Aidra and if found, removes it from the device.

This is the first time we’ve seen worm writers fight an IoT turf war and is reminiscent of the 2004 worm wars. Considering these devices have limited processing power and memory, we’d expect to see similar turf battles in the future.

While malware for IoT devices is still in its infancy, IoT devices are susceptible to a wide range of security concerns. So don’t be surprised if, in the near future, your refrigerator actually does start sending spam.

With thanks and best regards,

Mick

0
Login to vote
.Brian's picture

Mick,

Will there be articles in the future on how to secure your appliances? I would imagine with appliances having internet access, manufacturers are not paying close attention on how to keep them secure and won't until something major happens.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

+1
Login to vote
Mick2009's picture

Who knows what the future holds?  &: )  I would not rule out the creation of such articles, if there is sufficient need. See the To Protect Your POS, Add Layers post and Symantec's white paper Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of-Sale Devices, written in response to dangers against that sort of machine (cash registers, etc)

With thanks and best regards,

Mick

+1
Login to vote