Clamav

Craig White craigwhite at azapple.com
Sun Apr 18 17:57:29 UTC 2010 

On Sun, 2010-04-18 at 10:39 -0700, Michael Miles wrote:
> On 04/18/2010 10:22 AM, Patrick O'Callaghan wrote:
> > On Sun, 2010-04-18 at 10:13 -0700, Michael Miles wrote:
> >    
> >> [...]
> >>      
> >    
> >>
> >> I think that it is a must to have protection on your machines
> >> considering I am looking at a machine that was supposed to be bullet
> >> proof, and proved to be infectable with windows crap through wine. If
> >> you are running wine without protection then you are taking a chance.
> >> I am not sure how it happened but it did.
> >>
> >>
> >> The Virus even went to work renaming core files from the xp install
> >>
> >>
> >> So the myth is just that, a myth
> >>      
> > IOW, when you run Windows apps, you get infected. Where's the myth? Did
> > your Linux system crash? Were any of your system files corrupted? Was
> > any of your non-Wine data leaked? Was your root password compromised?
> > Did anything happen that would still have happened if you weren't
> > running a Windows API?
> >
> > poc
> >
> >    
> No, non of  linux was actually infected and not harmed in any way that I 
> can see.
> 
> My point is if wine is part of a Fedora install because it installs with 
> Fedora automatically it is part of the system in general.
> 
> Considering the way it works I really dont know why it is there is there 
> if it can be infected as easily as this.
> 
> I have removed wine altogether.
> 
> Also I did have Clamav running with this machine and even after finding 
> the viruses with Avira, Clamav would not see them at all.
> 
> That to me does spell trouble if
> 1. A person is relying on linux reputation for not getting a virus then 
> does something dumb like using wine and getting infected.
> 
> 2. Thinks that protection is needed and uses Clamav for that protection 
> and the software fails them by not finding the culprit
----
when all you have is a hammer, everything tends to look like a nail.

pattern matching is always going to provide some false positives -
that's the nature of the beast.

It seems to me that it's folly to run Windows without protection and if
all your Windows systems are protected, it's pretty much not needed on
Linux but knock yourself out.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the users mailing list