Clamav

Steven W. Orr steveo at syslang.net
Sun Apr 18 21:46:56 UTC 2010


I have this feeling that most people are missing the point of why CLAMAV is a
useful tool. If you do it to protect yourself against a virus then that's the
wrong reason. We can debate this till we're blue in the face, but AFAICT there
is no threat of a virus against anything other than Windows.

I started running my home sendmail server and all was good. Then someone
invented spam and things have escalated ever since. My sendmail installation
now runs spamassassin from spamass-milter and I reject all messages that are
tagged as spam before reception completes. I used to run a bunch of RBLs from
inside sendmail but I learned that spamassassin never got the opportunity to
*learn* from the rejected messages, so now all the RBL activity is enabled
from inside spamassassin. I added the tests to use CLAMAV from inside
spamassassin, not to protect myself from viruses, but as an adjunct to being
able to decide what is spam and what is not. If there's a virus in the message
then it simply counts as a contributory weight to my decision to reject it. In
addition, there are messages that spamassassin has not caught but I found a
dandy tool called scamp that adds another 20+K signatures to the clamav
database. The scamp stuff is not looking for viruses but it does a good job of
picking up a lot of spam that the rest of the system might miss.

I don't know why, but people love to think all computers are susceptible to
viruses, but more viruses target windows because there are more of them. There
may be a virus out there that could hurt a linux of os/x platform, but I
haven't seen one yet. At least not since the Morris Worm of '81?

Windows gets viruses because they are architecturally open to such things.
People who run Windows tend to run with full admin privs. Windows has gone out
of their way to make programs that run under DOS be compatible with running
under Windows 7. And last but not least, people who run Windows are frequently
not even aware of the concept of the difference between code and data. It's an
attachment. You just *open* it. And *opening* an attachment could be a jpg
that is displayed with something trusted or running some nasty binary that
could do literally anything.

So yes, I run clamav and it does good things for me.

-- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20100418/fc0ea58f/attachment.bin 


More information about the users mailing list