Endpoint Protection

 View Only

Do we really need a Antivirus for Linux 

Mar 09, 2012 05:42 PM

 

Do we really need a Antivirus for Linux

If someone feels Linux is Malware free or there is nothing called Linux Malwares then it is totally incorrect.

Due to increasing popularity of Linux as Desktop using Gnome Environment the malware authors are becoming more interested about Linux. Vulnerabilities in Network Daemons can also be exploited by Worms.

Recently there have been  few Cross-Platform Threats that can run on both Windows and Linux Environment for example Perl.BadBunny, SB.BadBunny, IRC.BadBunny, Ruby.BadBunny etc.

It is also possible that when you read emails or surf Internet you might get malware content downloaded or sent to you.

Then SAMBA and NFS servers should also be scanned periodically to check if it is infected.

 

Symantec Antivirus for Linux provides complete Malware protection against Linux Malwares.

It will give a Real Time protection using Real Time scan whenever a File is Accessed or Modified that is moved, renamed, copied, deleted etc. it will be scanned by Antivirus.

SAV for Linux also provides freedom to schedule periodic Scans using Schedule Scans or On-Demand scan it scans all files on your machine based on the Virus Signatures Loaded in the Antivirus.

You can configure Centralized Logging and Reporting for Symantec Antivirus for Linux using Symantec Endpoint Protection Manager or to a Specific SYSLOG server.

SAV for Linux can be configured to download the Virus Signatures from a Centralized Internal Liveupdate Server so that all machines do not have to connect to the internet for updates or when the machines are in Secure Network.

You can make configuration changes centrally using ConfigEd tool and distribute the GRC.DAT on the clients where you want to make the Policy changes for more information check this

https://www-secure.symantec.com/connect/articles/use-configedexe-config-sav-linux

If you feel the Antivirus might impact performance on your critical application running on the machines or if you want to exclude folders from scanning you can configure NoScanDir and those folders will be excluded from scanning.

The SAV for Linux configurations can be easily managed from both Command Line and KDE/Gnome Environment.

Symantec Antivirus for Linux supports almost all Kernels of RED HAT, FEDORA, SuSE.OES2, UBUNTU, and DEBIAN.

Click here to find list of Supported Kernels.

Statistics
0 Favorited
6 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Sep 28, 2015 01:57 PM

We use Red Hat 64 bit, no GUI in VMware.   Red hat is running middleware.  How difficult is to install GUI for all servers.  IS KDE/GNOME is a only desktop manager we can use? Do we really need Antivirus on Red Hat Servers,  If don’t have Linux Desktop/Laptop’s  are we still vulnerable?

 

 

Jan 24, 2014 10:14 AM

Who knows what the future holds?  &: )  I would not rule out the creation of such articles, if there is sufficient need. See the To Protect Your POS, Add Layers post and Symantec's white paper Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of-Sale Devices, written in response to dangers against that sort of machine (cash registers, etc)

Jan 24, 2014 09:36 AM

Mick,

Will there be articles in the future on how to secure your appliances? I would imagine with appliances having internet access, manufacturers are not paying close attention on how to keep them secure and won't until something major happens.

Jan 24, 2014 09:14 AM

SAV for Refrigerator-?

Very interesting article about how appliances around your house may soon be infected with malware.

Despite the News, Your Refrigerator is Not Yet Sending Spam

https://www-secure.symantec.com/connect/blogs/despite-news-your-refrigerator-not-yet-sending-spam
....

Even though the refrigerator was innocent, having IoT devices send spam isn’t impossible. Recently, we uncovered one of the first and most interesting IoT threats, Linux.Darlloz, which infects Linux-based IoT devices such as routers, cameras, and entertainment systems. Beyond its ability to infect IoT devices, what makes Darlloz interesting is that it is involved in a worm war with another threat known as Linux.Aidra. Darlloz checks if a device is infected with Aidra and if found, removes it from the device.

This is the first time we’ve seen worm writers fight an IoT turf war and is reminiscent of the 2004 worm wars. Considering these devices have limited processing power and memory, we’d expect to see similar turf battles in the future.

While malware for IoT devices is still in its infancy, IoT devices are susceptible to a wide range of security concerns. So don’t be surprised if, in the near future, your refrigerator actually does start sending spam.

Aug 15, 2013 06:10 PM

People think that open sourc OS(eg Linux) is  free from viruses and they give the reason that viruses are with .exe extension and Linux does not support it, but 1 thing to remember regarding this, Using wine we can open .exe in linux(nd using .exe many a times is necessary) Not all viruses are in .exe format. For such viruses, Antivirus is must. Here are Some situations where we nee dAntivirus for Linux

Mail servers
The vast majority of Linux anti-virus programs run on mail servers. These are the computers that your mail client connects to when you want to send or receive an email. Since email is one of the main way viruses and trojan horses spread, these servers are the “front-line” in the battle to stop computer viruses. And, since so many of these servers run Linux, it’s clear to see the need for a Linux program to detect Windows viruses. If you’re running a mail server, whether it be for your home or office, you should definitely be using an anti-virus program to intercept any naughty files that might be trying to move in or out of your network via email.

File servers
Another place where you’d want to run an anti-virus program is on a file server shared my multiple users, even if you trust all of these users. File servers are basically repositories for data; some of that data might come to exist on your server through legitimate sources, but there’s no way for you to know where each and every file originated. Running an anti-virus ensures that if someone uploads an infected file, say, downloaded from a Peer-to-Peer network, your file server will detect the threat and stop any other users from becoming infected.

 

Still if anyone is having doubt you can refer to http://en.wikipedia.org/wiki/Linux_malware regarding Linux Malwares.

Mar 21, 2013 05:35 AM

Adding a link to a blog post from Security Response: 

Remote Linux Wiper Found in South Korean Cyber Attack
https://www-secure.symantec.com/connect/blogs/remote-linux-wiper-found-south-korean-cyber-attack

Nov 05, 2012 10:37 AM

 

Another product that offers protection for Linux based servers instead of Symantec AntiVirus for Linux 1.0x is the Symantec Critical System Protection .

It should be considered as well to lock-down access to systems and applications on a least-required privileges base.....

Oct 02, 2012 11:47 AM

@FbacchinZF - I totally agree SCSP can also be used..but saying SCSP is a alternative for Antivirus does not justify SCSP..SCSP is much more than antivirus..if you have SCSP on your machine you need no more Security on the Server (other than Physical Security)

 

Jul 25, 2012 05:17 PM

Jul 02, 2012 07:06 PM

Just sharing this list that I can across today - there are one hundred distinct threats that target Linux. 

Linux.Abditive.Worm
Linux.Abulia
Linux.ADM.Worm
Linux.Adore.Worm
Linux.Adrastea
Linux.Alaeda
Linux.Amalthea
Linux.Backdoor.IN
Linux.Backdoor.Kaiten
Linux.Backdoor.Rexob
Linux.BinFly.Trojan
Linux.Binom
Linux.Bliss.A
Linux.Bliss.B
Linux.Bliss.b
Linux.Cassini
Linux.Cheese.Worm
Linux.Crimea
Linux.Cron
Linux.DDoS.MStream
Linux.Ddssh
Linux.Debilove
Linux.Derfun
Linux.Dido
Linux.Dies.969
Linux.Diesel
Linux.Doggie
Linux.DoS.tfn2k.td
Linux.DoS.tfn2k.tfn
Linux.DoS.trinoo.ms
Linux.DoS.trinoo.ns
Linux.Dummy
Linux.Dup.Trojan
Linux.Durock
Linux.Durock!inf
Linux.Elend
Linux.Emwerm.Worm
Linux.Eriz.Int
Linux.Flooder
Linux.Gildo
Linux.Hermalite
Linux.Hijacker.Worm
Linux.HLLO.Dirax
Linux.Holawor
Linux.Hyp.6168
Linux.Jac.8759
Linux.Kagob
Linux.Kitw.Worm
Linux.Kork.Worm
Linux.Lion.Worm
Linux.Lotek
Linux.Mandragore.666
Linux.Mare
Linux.Mare.K
Linux.Metis
Linux.Millen.Worm
Linux.Mixter
Linux.Nel.A
Linux.Neox.A
Linux.Nuxbee.1411
Linux.Obsid.gen
Linux.Orig
Linux.Ovets
Linux.Pavid
Linux.Perbot
Linux.Phalax
Linux.Phobi
Linux.Plupii
Linux.Plupii.B
Linux.Plupii.C
Linux.Podloso
Linux.Psybot
Linux.Quasi
Linux.Ramen.Worm
Linux.Rike
Linux.RST.A
Linux.RST.B
Linux.RST.Trojan
Linux.Satyr
Linux.Scalper.int
Linux.Sickabs
Linux.Siilov.5916
Linux.Silv5444
Linux.Silvio.B
Linux.Simile
Linux.Slapper.D
Linux.Slapper.Worm
Linux.Snoopy.A
Linux.Snoopy.B
Linux.Snoopy.C
Linux.Sorso
Linux.Spork
Linux.Staog
Linux.Svat
Linux.Tarog
Linux.Thebe
Linux.Vit.4096
Linux.Ynit.827
Linux.Zipworm
Linux.Zone.A
 

Mar 22, 2012 05:40 AM

Just a quick clarification, in case any readers of this thread are not familiar: to see those Linux events in the SEPM notifications and reports, be sure to install and configure the optional SAVFL Reporter when you install SAVFL.  It is not installed automatically when SAVFL is installed.  The necessary pacakge is right on the same .iso / CD though.

Here are some helpful articles:

Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes
Article: DOC3474   |  Created: 2010-12-15   |  Updated: 2011-11-01   | 
Article URL http://www.symantec.com/docs/DOC3474 
 

Release notes for Symantec AntiVirus for Linux 1.0x
Article: TECH103599   |  Created: 2007-01-03   |  Updated: 2012-02-24   | 
Article URL http://www.symantec.com/docs/TECH103599 
 

 

Mar 21, 2012 11:28 PM

Hi all,

How can I qualify the Happiness while reading the Topic Title?

For years, I battle against this "Said to Be" state of "Virus-Free" DREAM some (and too much) Linux users expect to be a reality!

Too much of the persons I met during last 15 years answered me, while I asked them if they were well-protected facing threats, virus and Trojans, backdoors ... that:

"There is NO Virus or risk on Linux Desktops! There is NO malicious Code developed to run on Linux systems! Linux is Self-Resistant! " ...

Some others answered, because they were "Aware" that (putting more complex the understanding of their Un-knowledge to their neighborhood by the use of some technical words in their sentences, to avoid confrontation with their users, thinking then that the concerned speakers were thought to be operational Forces) "The Kernel of Linux releases and distributions was enough strong to Protect ALL components of the OS, the Applications layer AND the Data's in itself! ..."

I'm sure you All understand what I mean...

Generally speaking, after some explanations, comparing questions that make the Tech understand the argumentation offered to his collaborators does not answer the way I ask him, I give my BC, and wait for the EMERGENCY CALL! Some did...

Of course, the Dimension and Decision making Policies deciding the budgets of the Enterprise of Organizational service or unit concerned by Security, Protection, Compliance, DLP ... DO NOT HAVE the same glance over the Linux-based Systems while comparing them to Microsoft(R) Servers, for example ...

The conjunction of Both aspects could have created a constant state of feeling Secure, engaging the situation that NO Strategy had been built to face those Basics aspects for SMB and Very Small BIZ enterprises ... comparing to the PRO-Efficient and Certification based hiring policies engaged by "XXL companies".

With a similar approach, for another part of NON-Linux based desktops users, Months ago, I commented on some blog publishing an article speaking about MAC users feeling a similar Safety, with such a "Non-Considering Security and Protection" attitude for too much users, in my opinion ...

Could it be a part of a my Enterprise next Communication Campaign?! Sure I'll think about ...

 

Thank You for this writing I will advise to some audience over twitter in some minutes...

Every purpose on this page is a Value in itself, by the experiences and all the interrogations shared!

Mar 21, 2012 03:50 PM

@FbacchinZF -- Yes why not..just NO ETA yet..as I said due to increase in popularity of Linux as desktops anything is possible in near future.

Mar 21, 2012 03:47 PM

Totally Agree with you..Compliance is major reason why you need Antivirus on your Linux.

Audit says every host on your network should have a Antivirus protection.

If its a Server for Financial Institutation then governing bodies are actually strict on compliance.

Mar 21, 2012 03:05 PM

Can we expect to see a Symantec Enpoint Protection version for Linux in the future ?

Mar 21, 2012 01:44 PM

Another point to keep in mind is... Compliancy.

Some governing bodies require that a Linux Server have some type of AV installed with logging enabled. 

For instance, a Linux server used for Credit Card processing 

With SAVFL you get a robust AV client with the ability to report back to the SEPM if there are any risks found on that system.

winner, winner, chicken dinner! cheeky

Mar 14, 2012 01:09 PM

"Thumbs up" from me.

Another consideration: if that Linux box is a file server that provides storage accessed by Windows clients, SAVFL can detect and remove any Windows threats that are stored there.  SAVFL can be another layer of protection in the network, should the SAV or SEP on those Windows machines malfunction or have definitions that are out of date.

Mar 14, 2012 07:51 AM

But correctly our enspoint license itself will support for linux or we need to buy seperate one?

Mar 14, 2012 12:25 AM

How often would you need to change a Policy for only Antivirus..that too on Linux

Mar 13, 2012 10:46 PM

But, do we have to push GRC.DAT each time to all Linux clients, when we want to make changes in the policy?

Related Entries and Links

No Related Resource entered.