Andy Eager wrote:
> I've been looking around for any information on virus scanners for
> Linux. Apart from McAfee, I couldn't see much.
>
> While I was doing this it occurred to me that it might be possible to
> scan for viruses by doing the following:
>
> a) Periodically, examine all running tasks.
> b) For each task, do an 'rpm --verify' for the package that this
> process belongs to.
>
> Assuming that it is not possible to create a task in Linux without
> creating a process ID entry (and therefore visible in the /proc directory.).
>
> Am I being to simplistic here?
> I'm not a virus aware person, so I don't spend a lot of time trying to
> work out the various ways of screwing up a linux box.
Yes, you are being simplistic. But considering most virii and worms are
written to use the gapping holes in Outlook and other Windoze junk just
using *nix makes you immune to over 95% (99.9%?) of problems.
A few lines in your procmail rules to reject email with attachments of
vbs & exe extensions will fix most of them. AMP will not let
attachments go direct to the users. The email is redirected to IT and
they will forward it if the users need them.
--
Richard Hayes
Nada Marketing - 113-115 Oxford St Sydney Australia 2010
Phone: +(61-2) 9360 5555 Fax: +(61-2) 9361 0094 Mob: +(61) 0414 618 425
http://www.nada.com.au
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
