There are so many it's proven difficult to recommend the use of ClamAV. > On 13 Jun 2017, at 12:57, Joel Esler (jesler) <[email protected]> wrote: > > Plus reports of those false positives would be fantastic. > > -- > Sent from my iPhone > >> On Jun 13, 2017, at 06:53, Paul Moreno <[email protected]> wrote: >> >> Thanks for the responses. As it stands now, the client get massive amounts >> of false positives with seemingly no trigger. I’m working on sifting >> through log files to see if there’s a reason for it or if this specific >> environment isn’t suited to use this as a scanner. >> >> -Paul >> >> >>> On 13 Jun 2017, at 12:33, Brad Scalio <[email protected]> wrote: >>> >>> If your Linux systems are on network segments co-hosting windows devices or >>> sharing files/filesystems, running Clamscan helps prevent having your Linux >>> clients hosting viruses for your windows machines or meeting >>> standards/requirements such as SI-3 in NIST 800-53. >>> >>> We run it on our entry/exit points on about 300 servers in a DMZ for the >>> past two years or so. It's easy to maintain, install, and CLI friendly. >>> In the past two years we've only ever hit three issues (1) someone put a >>> bunch of EICAR files in place and it tripped Clamscan (that was a good >>> thing, at least it's working), (2) a false positive (you'll have to >>> determine provenance of detected file to ensure it really is a false >>> positive) and (3) filling up the logfiles when it found the EICAR because >>> we didn't exclude the quarantine directory from Clamscan execution cronjob >>> and it recursively looped over itself for a week recopying files since we >>> don't remove just copy to a quarantine. >>> >>> Using AV doesn't exempt you from ensuring systems are hardened >>> appropriately, but if you have Windows machines on the same network, >>> sharing files with Windows machines, or have to meet requirements to run AV >>> we've found clamav is the best choice for Linux systems after reviewing >>> about a dozen or so alternatives. Of course your use case may vary. >>> >>> >>> >>> >>>> On Jun 13, 2017 6:10 AM, "Al Varnell" <[email protected]> wrote: >>>> >>>> Although ClamAV was originally introduced as mail scanner and does have >>>> some unique capabilities there, it has progressed far beyond that over the >>>> years. >>>> >>>> I can't give you any personal Linux or Unix experience, so I'll leave that >>>> to others, but I can tell you that today their are signatures for 22,677 >>>> Unix unique malware Trojans, Exploits, Worms, Tools, etc. >>>> >>>>> On Tue, Jun 13, 2017 at 02:37 AM, Paul Moreno wrote: >>>>> >>>>> I'm in the process of providing a recommendation to a client on the use >>>> of ClamAV. From what I've read in various forums and online material, >>>> ClamAV appears to be better suited for mail systems, such as postfix, and >>>> Windows hosts. Can anyone comment on the reliability and accuracy of using >>>> it on a Linux operating system? I understand Linux "malware" would more or >>>> less be in the form of custom scripts, library exploits, and other >>>> vulnerabilities that lack signatures to detect against. >>>>> >>>>> >>>>> -Paul >>>> >>>> -Al- >>>> -- >>>> Al Varnell >>>> ClamXav User >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> clamav-users mailing list >>>> [email protected] >>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>>> >>>> >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>>> >>> _______________________________________________ >>> clamav-users mailing list >>> [email protected] >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> >> _______________________________________________ >> clamav-users mailing list >> [email protected] >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
