On 05/29/2015 10:06 AM, Matt Shields wrote: > I'm fishing for what others are using for anti-virus/anti-malware on their > Windows and Linux servers. Both commercial and open-source is an option.
I had some bad experiences with McAfee for linux (http://www.mcafee.com/us/products/virusscan-enterprise-for-linux.aspx). When the thing does periodic scans, it gives itself the highest priority on the box, effectively shutting down everything else that machine was doing. Which is exactly what I am looking for in an anti-virus product.... Also, the interface is just awful. There is no way to tell it to scan a single file (e.g. something suspicious you just downloaded); you instead have to set up a 'job' that scans a particular directory (your quarantine dir), and you can run that job on-demand. Finally, probably not relevant to most people, there is no "stream" interface; i.e, scan a stream of bytes without actually writing anything to the filesystem. ClamAV solves both issues: single-file on-demand scans and an in-memory/stream interface. Unfortunately it doesn't detect a whole lot. I periodically save off obviously malicious spam in a sandbox VM just to see what ClamAV comes up with. Almost never flags anything. Which isn't surprising, signature-base virus scanning is a losing proposition in this day and age. W.r.t. anti-malware, rootkit-hunter is a bare minimum you might want to look at. I think there are windows equivalents. HTH, Matt _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
