Clamav

[jdow]

From: "Michael Miles" <mmamiga6 at gmail.com>
Sent: Sunday, 2010/April/18 10:13


> On 04/17/2010 07:54 PM, jdow wrote:
>> From: "Sam Sharpe"<lists.redhat at samsharpe.net>
>> Sent: Saturday, 2010/April/17 13:20
>>
>>
>>
>>> On 17 April 2010 21:05, jdow<jdow at earthlink.net>  wrote:
>>>
>>>> From: "Sam Sharpe"<lists.redhat at samsharpe.net>
>>>> Sent: Saturday, 2010/April/17 02:25
>>>>
>>>>
>>>>
>>>>> On 17 April 2010 10:17, jdow<jdow at earthlink.net>  wrote:
>>>>>
>>>>>> <<jdow
>>>>>> How many people get frustrated with SELinux and simply disable it?
>>>>>>
>>>>> I don't know, but stupidity appears to be an infinite resource. I tend
>>>>> to believe that if you disable SELinux and you get exploited by
>>>>> something that SELinux would prevent, then the only thing at fault is
>>>>> *you*.
>>>>>
>>>>> However in this case, both a sysctl and SELinux prevent what this
>>>>> attack claims to do, so if you disable SELinux it still won't work.
>>>>>
>>>> Are you sanguine to declare Linux cannot be taken over by malware
>>>> given that the most recent rather dramatic hole found is less than a
>>>> year old AND new features (hence bugs) are being introduced every
>>>> day? How much is the data on the machine worth to you?
>>>>
>>> You seem to have a general problem with comprehension. That is not
>>> what I said - I simply said that the exploit you referred to wouldn't
>>> work.
>>>
>>>
>>>> If it means nothing, then why not run Windows wide open and make 
>>>> yourself
>>>> a hero to the botnet operators? {^_-}
>>>>
>>> Don't be an idiot.
>>>
>> I simply gave the extremes. And this discussion is not all that silly
>> considering "J. Random User" yclept Michael Miles has found a way to
>> get a virus on his machine that ClamAV might have detected on its way
>> in or from a scan.
>>
>> When giving advice it's best to presume the user is going to do something
>> unusual, such as run Wine, and receive an infection. A Wine install needs
>> ClamAV. Without Wine I'd suggest chkrootkit and rkhunter, at the least. I
>> have seen too many perhaps careless people ask "is this an infection?" 
>> And
>> in more than a few cases the answer has been yes. Linux is ahead in the
>> arms race. Windows is behind. Nonetheless, some protection is worthwhile
>> depending on how important your system's function, your relationship with
>> your ISP, and your data might be. I happen to be biased towards "very".
>> So I bristle when somebody suggests, intentionally or not, that Linux is
>> probably safe. So is flying, unless you happened to be on the last flight
>> of Pan Am 103, for example. Low probability of a high value loss - what 
>> you
>> do is your call.
>>
>> {^_^}
>>
>>
> I think that it is a must to have protection on your machines
> considering I am looking at a machine that was supposed to be bullet
> proof, and proved to be infectable with windows crap through wine. If
> you are running wine without protection then you are taking a chance.
> I am not sure how it happened but it did.
>
>
> The Virus even went to work renaming core files from the xp install

To be fair we've not determined exactly whether the files are something
wine installed rather than a virus. If wine has not been used much,
particularly for browsing or email, then I'd suspect "rpm -qf" on those
files would show that they are part of wine.

{^_^}