Do we really need a Antivirus for Linux
Do we really need a Antivirus for Linux
If someone feels Linux is Malware free or there is nothing called Linux Malwares then it is totally incorrect.
Due to increasing popularity of Linux as Desktop using Gnome Environment the malware authors are becoming more interested about Linux. Vulnerabilities in Network Daemons can also be exploited by Worms.
Recently there have been few Cross-Platform Threats that can run on both Windows and Linux Environment for example Perl.BadBunny, SB.BadBunny, IRC.BadBunny, Ruby.BadBunny etc.
It is also possible that when you read emails or surf Internet you might get malware content downloaded or sent to you.
Then SAMBA and NFS servers should also be scanned periodically to check if it is infected.
Symantec Antivirus for Linux provides complete Malware protection against Linux Malwares.
It will give a Real Time protection using Real Time scan whenever a File is Accessed or Modified that is moved, renamed, copied, deleted etc. it will be scanned by Antivirus.
SAV for Linux also provides freedom to schedule periodic Scans using Schedule Scans or On-Demand scan it scans all files on your machine based on the Virus Signatures Loaded in the Antivirus.
You can configure Centralized Logging and Reporting for Symantec Antivirus for Linux using Symantec Endpoint Protection Manager or to a Specific SYSLOG server.
SAV for Linux can be configured to download the Virus Signatures from a Centralized Internal Liveupdate Server so that all machines do not have to connect to the internet for updates or when the machines are in Secure Network.
You can make configuration changes centrally using ConfigEd tool and distribute the GRC.DAT on the clients where you want to make the Policy changes for more information check this
https://www-secure.symantec.com/connect/articles/use-configedexe-config-sav-linux
If you feel the Antivirus might impact performance on your critical application running on the machines or if you want to exclude folders from scanning you can configure NoScanDir and those folders will be excluded from scanning.
The SAV for Linux configurations can be easily managed from both Command Line and KDE/Gnome Environment.
Symantec Antivirus for Linux supports almost all Kernels of RED HAT, FEDORA, SuSE.OES2, UBUNTU, and DEBIAN.
Comments
Nice Article!
But, do we have to push GRC.DAT each time to all Linux clients, when we want to make changes in the policy?
Thanks & Regards,
AR Sharma, CISSP
IBM Certified System Admin- Lotus Domino V7
ITIL V2 Certified
How often would you need to
How often would you need to change a Policy for only Antivirus..that too on Linux
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
But correctly our enspoint
But correctly our enspoint license itself will support for linux or we need to buy seperate one?
Thanks & Regards,
Srikanth.S
"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)
"Thumbs up" from me. Another
"Thumbs up" from me.
Another consideration: if that Linux box is a file server that provides storage accessed by Windows clients, SAVFL can detect and remove any Windows threats that are stored there. SAVFL can be another layer of protection in the network, should the SAV or SEP on those Windows machines malfunction or have definitions that are out of date.
With thanks and best regards,
Mick
Great Article!
Another point to keep in mind is... Compliancy.
Some governing bodies require that a Linux Server have some type of AV installed with logging enabled.
For instance, a Linux server used for Credit Card processing
With SAVFL you get a robust AV client with the ability to report back to the SEPM if there are any risks found on that system.
winner, winner, chicken dinner!
Totally Agree with
Totally Agree with you..Compliance is major reason why you need Antivirus on your Linux.
Audit says every host on your network should have a Antivirus protection.
If its a Server for Financial Institutation then governing bodies are actually strict on compliance.
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
Just a quick clarification,
Just a quick clarification, in case any readers of this thread are not familiar: to see those Linux events in the SEPM notifications and reports, be sure to install and configure the optional SAVFL Reporter when you install SAVFL. It is not installed automatically when SAVFL is installed. The necessary pacakge is right on the same .iso / CD though.
Here are some helpful articles:
With thanks and best regards,
Mick
Is Symantec planning a SEPFL version to replace SAVFL ?
Can we expect to see a Symantec Enpoint Protection version for Linux in the future ?
@FbacchinZF -- Yes why
@FbacchinZF -- Yes why not..just NO ETA yet..as I said due to increase in popularity of Linux as desktops anything is possible in near future.
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
What a Chance to have it said by "Insiders" ...
Hi all,
How can I qualify the Happiness while reading the Topic Title?
For years, I battle against this "Said to Be" state of "Virus-Free" DREAM some (and too much) Linux users expect to be a reality!
Too much of the persons I met during last 15 years answered me, while I asked them if they were well-protected facing threats, virus and Trojans, backdoors ... that:
"There is NO Virus or risk on Linux Desktops! There is NO malicious Code developed to run on Linux systems! Linux is Self-Resistant! " ...
Some others answered, because they were "Aware" that (putting more complex the understanding of their Un-knowledge to their neighborhood by the use of some technical words in their sentences, to avoid confrontation with their users, thinking then that the concerned speakers were thought to be operational Forces) "The Kernel of Linux releases and distributions was enough strong to Protect ALL components of the OS, the Applications layer AND the Data's in itself! ..."
I'm sure you All understand what I mean...
Generally speaking, after some explanations, comparing questions that make the Tech understand the argumentation offered to his collaborators does not answer the way I ask him, I give my BC, and wait for the EMERGENCY CALL! Some did...
Of course, the Dimension and Decision making Policies deciding the budgets of the Enterprise of Organizational service or unit concerned by Security, Protection, Compliance, DLP ... DO NOT HAVE the same glance over the Linux-based Systems while comparing them to Microsoft(R) Servers, for example ...
The conjunction of Both aspects could have created a constant state of feeling Secure, engaging the situation that NO Strategy had been built to face those Basics aspects for SMB and Very Small BIZ enterprises ... comparing to the PRO-Efficient and Certification based hiring policies engaged by "XXL companies".
With a similar approach, for another part of NON-Linux based desktops users, Months ago, I commented on some blog publishing an article speaking about MAC users feeling a similar Safety, with such a "Non-Considering Security and Protection" attitude for too much users, in my opinion ...
Could it be a part of a my Enterprise next Communication Campaign?! Sure I'll think about ...
Thank You for this writing I will advise to some audience over twitter in some minutes...
Every purpose on this page is a Value in itself, by the experiences and all the interrogations shared!
One Hundred Unique Linux Threats
Just sharing this list that I can across today - there are one hundred distinct threats that target Linux.
Linux.Abditive.Worm
Linux.Abulia
Linux.ADM.Worm
Linux.Adore.Worm
Linux.Adrastea
Linux.Alaeda
Linux.Amalthea
Linux.Backdoor.IN
Linux.Backdoor.Kaiten
Linux.Backdoor.Rexob
Linux.BinFly.Trojan
Linux.Binom
Linux.Bliss.A
Linux.Bliss.B
Linux.Bliss.b
Linux.Cassini
Linux.Cheese.Worm
Linux.Crimea
Linux.Cron
Linux.DDoS.MStream
Linux.Ddssh
Linux.Debilove
Linux.Derfun
Linux.Dido
Linux.Dies.969
Linux.Diesel
Linux.Doggie
Linux.DoS.tfn2k.td
Linux.DoS.tfn2k.tfn
Linux.DoS.trinoo.ms
Linux.DoS.trinoo.ns
Linux.Dummy
Linux.Dup.Trojan
Linux.Durock
Linux.Durock!inf
Linux.Elend
Linux.Emwerm.Worm
Linux.Eriz.Int
Linux.Flooder
Linux.Gildo
Linux.Hermalite
Linux.Hijacker.Worm
Linux.HLLO.Dirax
Linux.Holawor
Linux.Hyp.6168
Linux.Jac.8759
Linux.Kagob
Linux.Kitw.Worm
Linux.Kork.Worm
Linux.Lion.Worm
Linux.Lotek
Linux.Mandragore.666
Linux.Mare
Linux.Mare.K
Linux.Metis
Linux.Millen.Worm
Linux.Mixter
Linux.Nel.A
Linux.Neox.A
Linux.Nuxbee.1411
Linux.Obsid.gen
Linux.Orig
Linux.Ovets
Linux.Pavid
Linux.Perbot
Linux.Phalax
Linux.Phobi
Linux.Plupii
Linux.Plupii.B
Linux.Plupii.C
Linux.Podloso
Linux.Psybot
Linux.Quasi
Linux.Ramen.Worm
Linux.Rike
Linux.RST.A
Linux.RST.B
Linux.RST.Trojan
Linux.Satyr
Linux.Scalper.int
Linux.Sickabs
Linux.Siilov.5916
Linux.Silv5444
Linux.Silvio.B
Linux.Simile
Linux.Slapper.D
Linux.Slapper.Worm
Linux.Snoopy.A
Linux.Snoopy.B
Linux.Snoopy.C
Linux.Sorso
Linux.Spork
Linux.Staog
Linux.Svat
Linux.Tarog
Linux.Thebe
Linux.Vit.4096
Linux.Ynit.827
Linux.Zipworm
Linux.Zone.A
With thanks and best regards,
Mick
New Linux Article that may be of interest....
With thanks and best regards,
Mick
Another product that offers
Another product that offers protection for Linux based servers instead of Symantec AntiVirus for Linux 1.0x is the Symantec Critical System Protection .
It should be considered as well to lock-down access to systems and applications on a least-required privileges base.....
@FbacchinZF - I totally agree
@FbacchinZF - I totally agree SCSP can also be used..but saying SCSP is a alternative for Antivirus does not justify SCSP..SCSP is much more than antivirus..if you have SCSP on your machine you need no more Security on the Server (other than Physical Security)
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
Adding a link to a blog post
Adding a link to a blog post from Security Response:
With thanks and best regards,
Mick
Would you like to reply?
Login or Register to post your comment.