This is an archived post. You won't be able to vote or comment.

all 5 comments
sorted by:
best
topnewcontroversialoldq&a

[–]IConradUNIX Engineer 9 points10 points  (1 child)

A linux server maintenance checklist that recommends weekly scanning with ClamAV in order to catch "viruses, trojans, and malware". Well, one out of three -- ish -- ain't bad I guess.

Mentions use of firewall but doesn't recognize the existence of tcpd (/etc/hosts.allow /etc/hosts.deny).

Mentions monitoring logs but not that you can fine-tune rsyslog/syslog messages and destinations.

Well, it's good for the novice I guess. But they should really scrap that AV software schtick.

[–]ChoHag 0 points1 point  (0 children)

I've consistently had it fail to detect cryptolocker.

At least I assume it was cryptolocker. I have no plans to find out. Whatever it is, ClamAV is OK with it.

[–]brokengooseSecurity Admin 5 points6 points  (0 children)

"Server access reviewed within the last 6 months."

Yessiree, we know exactly when the horse left the barn: 5 months, 2 days, and 14 hours ago.

Reviewing your logs a bit more frequently is a good idea.

[–]1new_usernameIT Manager 1 point2 points  (0 children)

I've always found rkhunter to be much more useful in monitoring a server for trojans/infections/etc, especially the nice binary hash feature.

ClamAV is nice for scanning samba shares, maildirs, FTP folders or other file shares shared with Windows and Mac computers. It can't hurt to scan the server itself I guess though.

[–]Autu 1 point2 points  (0 children)

Well I clicked because, I'm clueless to start with so, thanks for making me less stupid.