Speaking of viruses

Chuck Mead csm at lunar-linux.org
Sun Dec 28 22:16:35 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Watson wrote:
| On Sunday 28 December 2003 03:46 pm, Simon Perreault wrote:
|
|>>On December 28, 2003 16:29, WA9ALS - John wrote:
|>>
|>>>Another naive question from a Linux newbie - Are you guys all
|>>>running antivirus software on your Fedora box?  I've had some
|>>>pretty knowledgeable Linux guys tell me it's unnecessary - Could
|>>>that be correct?  I understand that Linux is inherently less
|>>>susceptible to system-wide problems that can be more easily spread
|>>>on a Windows machine.  Give me a clue - Do I need Linux antivirus,
|>>>and if so, what's generally accepted as the best?  Tnx -
|>>
|>>Viruses on Linux don't exist. There are some antivirus for Linux, but
|>>these people are selling snake oil.
|
|
| No so.  There has been at least one verified virus written specifically
| for Linux.  I believe there is also one that exploits one version of
| Apache, but I believe that Apache has closed that exploit.
|
| With that said, if you are not a mailserver or Samba fileserver, you can
| probably do without a Virus Scanner.  But...if you are a mailserver
| with Windows clients or a Samba server for Windows, then you do need a
| Virus Scanner to protect your Windows users.

Well using postfix mime-check capbility I opted out of the whole virus
game altogether:

/etc/postfix/mime_header_checks:

/name=[^>]*\.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|inf|ins|isp|lnk|js|jse|lnk|ocx|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pi|pif|prf|reg|scf|scr|sct|shb|shm|shs|swf|uue|vb|vbe|vbs|vbx|vxd|wab|wsc|wsf|wsh)/
REJECT Potentially dangerous file attachment

/name=[^>]*your_details.zip/ REJECT your email appears to be infected
with the Sobig virus. Please see
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html

Using these filters the crap is stopped at the smtp port.

- --
csm
Lunar Project Leader
Disclaimer: "I am not a curmudgeon! No... really..."
Addendum: "Bwahahaha! Fire up the orbital mind-control lasers!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/71ZDq3bny/5+GAcRAnT/AKCU9q4er+wm3I0hmINGPe07TUUS9gCeJBhP
HnOeDY40c6JGq1uvm03ERCQ=
=dQbD
-----END PGP SIGNATURE-----





More information about the fedora-list mailing list