I usually install RK Hunter and leave it at that. If the win-tards get viruses, it's not my fault or problem. I'm more than happy to help them install and set up any linux distro, of course.

I have never known or heard of any linux user who has actually had a virus of any kind on their system. Not even anecdotally. Excepting Android possibly, but that may be "scareware" too.

Hey, did I just coin a new term? 8)

ClamAV has been updated a number of times since that review was written. It's the standard for mail servers -- I used it when I built my Postfix/Dovecot server -- so it's at least worth checking out. It does include a daemon.

I used to bother with AV on Linux, not to protect Linux, but in order to prevent passing a virus on to my Windows using friends. However, I decided that there wasn't a need to slow my email system down to protect them because 95% of them already have one or more infections. Another one isn't going to make much of a difference.

To maintain my Kubuntu as secure as possible I keep a firewall up so that NONE of my ports respond to an ACK or echo a PING, and java applets are not allowed to run while browsing. I also run RKHunter and ChkRootKit daily. They run as a cron script and email me reports of any changes. They have conf files in /etc and their cron scripts are in /etc/cron.daily. The only change reports I get are those when files upgrade via the repository auto upgrade.

I've been using Linux since 1998 and I have never even seen a Linux virus, much less get an infection.

I tried just high level formatting but the MBR infection just made a call to its parent in the hidden Windows drive and re-infected the machine. After that I just cut to the chase, told them they would have to either switch to Linux or be prepared to buy another copy of Windows. All but one opted for Linux and their HDs got the hidden partition removed and combined to create one big partition, and the entire HD was given the dd destroy command, nuking everything including the MBR. After that a Kubuntu installation was only 20 minutes away.


I did a lot of that for my Windows using friends, but when the MBR Trojans began showing up that pretty much spelled the end of me cleaning up their Windows boxes. Only one wanted to buy a new copy of Windows. He used his misfortune as an opportunity to buy Win7. Since then he asked me ONCE to help him out, but I said there would be no end to it and refused. His wife did all the banking (on line with Windows) and her computer had a viruses too, but she never asked me to clean her's up or to install Linux. When I told her she had a Trojan as well and advised her to change her bank and CC passwords she asked about a LiveUSB that she had seen her husband run. I gave her one of those, running Kubuntu 10.4, and she's been using it to do her online banking and shopping, but she uses Windows for everything else.

I tend to be uniformly critical of SPF, Sender ID, Domain Keys, and DKIM. It's something of an overstatement, but these can be boiled down to an assertion something like "Hey, you can trust me, and here's a DNS record that proves it!" As if DNS were completely trustworthy and devoid of integrity violations -- yeah, right. Enabling these reputation things tends to actually raise your profile among Spamhaus and their ilk. Higher profile = greater scrutiny, which I would prefer not to accrue.

One thing I have noticed, though, is that the simple presence of a ClamAV/SpamAssassin/Amavisd SMTP header lowers your potential spam score. Lower is good. So I avoid the reputation stuff, and thus avoid the risk of falling afoul of any reputation filters, while still raising the quality of my outbound email by sending it through a scanner on my Postfix server and relaying it via a known good relay that requires authentication (DynDNS and Comcast appear to work equally well for this final requirement). Passing inbound and outbound email through ClamAV/SpamAssassin/Amavisd takes less than a second.

https://startpage.com/do/search?query=scareware

Wikipedia and, uh, Microsoft beat you to it

True, it doesn't take long. But, I'm lazy. I use my gmail address as the primary and have it pass what isn't filtered out to my ISP email account, which I do not hand out to often.

Thanks all for your words about AV, I am interested in making sure I don't pass on viruses too but not sure how to get the daemon to work with Thunderbird, my default email program for years now, in and out of Win-DOHs.

It appears not to be as simple as installing clamav-daemon and then being done. I [strike]Googled[/strike] StartPaged a bit and most of what I found about integrating ClamAV with Thunderbird was very out of date. If you want to go this route, you'll probably need to research it a bit more first.

Dang it! Foiled AGAIN!!!

Yeah, don't you kinda hate that "Googled" has replaced "searched the web" as lingo? Only one worse is "PC" somehow became "Computer running that crappy OS" rather than just "Personal Computer." F-U ad campaign a-holes, my "PC" runs linux!


Geez, maybe I shouldn't post after we finish the second bottle of wine, huh?


Next week we'll be on the road - RV vacation. Maybe I'll post a "Linux from the Road" thread....

....no doubt there will be alcohol involved, lol.

Just not while you're driving!

Agreed, those idiotic Win-DOHs commercials are soooooooooo annoying, remember the ones with the little kids? A good spoof would have the kid burst in tears after a lock up/BSOD, or better yet, one of those scary screen 'melting' viruses complete with scary skull and cross bones, lol.

Thanks for checking it out Steve, but after thinking about it, if more people get viruses, more likely they will get fed up with Win-DOHs and abandon it, lol.

A somewhat related note... some of the most intense periods during my time in Microsoft's Trustworthy Computing Group covered the days of Nimda/Blaster/Code Red/Slammer. Lots of effort to get out on the road, deliver seminars, develop some powerful content -- much good creative work on helping people understand how to get and stay secure.

Once the attacks began subsiding, TwC became somewhat boring. A number of folks openly wished for another massive worm that would help to "regenerate the troops."