Announcement

Collapse
No announcement yet.

Trying the Linux version of Sophos AV

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Trying the Linux version of Sophos AV

    I found an interesting video on YouTube title "Mythbusting Linux"



    He makes some good points, and some that are not so good.

    In it he claims that Linux can get infected with Viruses, which is obviously true. There are at least a dozen examples, although the worst infected around 25,000 computers Eastern Europe that were running a version of Linux which installed with root as the prime and only user to "make things easy". This was during the same time that CodeRed infected tens of millions of Windows computers in a couple days. He then gives an example of a program which refuses to run. Then he runs the Sophos AV against that program and Sophos discovers a couple of viruses and removes them. Then, the program runs without problems. Running Linux since May of 1998 it is my experience that a Linux malware is hard to find and even harder to get to infect your machine, if you were want to do such foolishness.

    All though I don't have any programs which refuse to run or give me any indications of trouble, I decided to try out Sophos and see if it would detect any viruses or Trojans on this installation of Trusty Tahr that has been running since January of 2014, when the beta was released. Disclaimer: I have no firewall on Kubuntu but my Linksys E2500 browser uses the DD-WRT firmware and it includes a firewall. I have never installed any AV product on this machine, either.

    The scan of my entire system produced zero indications of anything in Sophos's vaccine files. So, after 18 months online with Kubuntu I have not picked up a single thing which Sophos considers harmful. Sophos did have trouble checking a simple pdf file and other files like sockets and locks gave it trouble. So did links from wine to my other account files. Here I scan my home account to create an example to post:

    $ sudo savscan /home/jerry/
    [sudo] password for jerry:
    SAVScan virus detection utility
    Version 5.12.0 [Linux/AMD64]
    Virus data version 5.17, July 2015
    Includes detection for 9569387 viruses, Trojans and worms
    Copyright (c) 1989-2015 Sophos Limited. All rights reserved.


    System time 09:04:11 AM, System date 07 August 2015


    IDE directory is: /opt/sophos-av/lib/sav


    Using IDE file ldmon-s.ide
    Using IDE file banl-bxt.ide
    Using IDE file bank-gll.ide
    Using IDE file bamita-j.ide
    Using IDE file rans-awb.ide
    Using IDE file vb-ise.ide
    Using IDE file dyrez-ft.ide
    Using IDE file rans-awu.ide
    Using IDE file zapcha-g.ide
    Using IDE file zbot-jvc.ide
    Using IDE file docdl-ry.ide
    Using IDE file malrar-e.ide
    Using IDE file rans-axc.ide
    Using IDE file rans-axd.ide
    Using IDE file bank-glr.ide
    Using IDE file age-anpq.ide
    Using IDE file zbot-juk.ide
    Using IDE file msil-dlk.ide
    Using IDE file docdl-rl.ide
    Using IDE file dride-eu.ide
    Using IDE file docdl-rr.ide
    Using IDE file zbot-jvj.ide
    Using IDE file inje-bok.ide
    Using IDE file farei-fv.ide
    Using IDE file msil-djm.ide
    Using IDE file rans-axi.ide
    Using IDE file vbinj-lo.ide
    Using IDE file msili-ik.ide
    Using IDE file msil-dlo.ide
    Using IDE file dloa-dyg.ide
    Using IDE file msil-dls.ide
    Using IDE file rans-axk.ide
    Using IDE file upatr-oa.ide
    Using IDE file darkc-ah.ide
    Using IDE file docdl-se.ide
    Using IDE file age-anwo.ide
    Using IDE file jsred-qu.ide
    Using IDE file turla-k.ide
    Using IDE file rans-axp.ide
    Using IDE file ursni-ak.ide
    Using IDE file limitl-b.ide
    Using IDE file dride-ev.ide
    Using IDE file chisb-ab.ide
    Using IDE file msil-dnf.ide
    Using IDE file ifram-my.ide
    Using IDE file vb-isl.ide
    Using IDE file msil-dno.ide
    Using IDE file msil-dns.ide
    Using IDE file crowti-b.ide
    Using IDE file dyrez-gg.ide
    Using IDE file msil-dnw.ide
    Using IDE file auto-bba.ide
    Using IDE file malrar-f.ide
    Using IDE file age-anxs.ide
    Using IDE file msil-doa.ide
    Using IDE file dyrez-gh.ide
    Using IDE file banc-ccm.ide
    Using IDE file dride-ex.ide
    Using IDE file rans-axv.ide
    Using IDE file vb-iso.ide
    Using IDE file zbot-jvd.ide
    Using IDE file msil-dox.ide
    Using IDE file upatr-oq.ide
    Using IDE file age-anvq.ide
    Using IDE file dwnl-mqy.ide
    Using IDE file upatr-ot.ide
    Using IDE file bundpi-f.ide
    Using IDE file msil-dpe.ide
    Using IDE file msil-dph.ide
    Using IDE file ldmon-v.ide
    Using IDE file rans-axa.ide
    Using IDE file age-anvu.ide
    Using IDE file msil-dpm.ide
    Using IDE file tepfe-cl.ide
    Using IDE file wonto-sp.ide
    Using IDE file banl-bxw.ide
    Using IDE file msil-dpo.ide
    Using IDE file docdl-sz.ide
    Using IDE file age-anys.ide
    Using IDE file papra-bb.ide
    Using IDE file cride-fj.ide
    Using IDE file upatr-ow.ide
    Using IDE file zbot-jvm.ide
    Using IDE file rans-axl.ide
    Using IDE file banl-bxy.ide
    Using IDE file zbot-jvy.ide
    Using IDE file upatr-pd.ide
    Using IDE file inje-boq.ide
    Using IDE file docdl-tl.ide
    Using IDE file upatr-pm.ide
    Using IDE file msil-dqk.ide
    Using IDE file simda-da.ide
    Using IDE file age-anxa.ide
    Using IDE file banl-bxz.ide
    Using IDE file age-anzq.ide
    Using IDE file farei-gs.ide
    Using IDE file upatr-pn.ide
    Using IDE file rans-ayg.ide
    Using IDE file drodac-t.ide
    Using IDE file banl-byc.ide
    Using IDE file vbzbo-bf.ide
    Using IDE file vbzbo-bg.ide
    Using IDE file dride-fb.ide
    Using IDE file symmi-ar.ide
    Using IDE file symmi-au.ide
    Using IDE file rans-ayl.ide
    Using IDE file upatr-on.ide
    Using IDE file rans-aym.ide
    Using IDE file age-aoal.ide
    Using IDE file farei-gy.ide
    Using IDE file upatr-px.ide
    Using IDE file rans-ayn.ide
    Using IDE file wonto-sx.ide
    Using IDE file age-aoaz.ide
    Using IDE file msil-drk.ide
    Using IDE file wonto-tb.ide
    Using IDE file inje-bos.ide
    Using IDE file delf-fyp.ide
    Using IDE file helygu-a.ide
    Using IDE file vb-isp.ide
    Using IDE file feebs-ce.ide
    Using IDE file mdro-guv.ide
    Using IDE file wneutr-b.ide
    Using IDE file skeeya-c.ide
    Using IDE file skeeya-d.ide
    Using IDE file andro-dn.ide
    Using IDE file dynam-al.ide
    Using IDE file upatr-qj.ide
    Using IDE file zbot-jws.ide
    Using IDE file age-aobn.ide
    Using IDE file vbs-fq.ide
    Using IDE file rans-ayu.ide
    Using IDE file farei-hd.ide
    Using IDE file vbzbo-bj.ide
    Using IDE file tinba-ai.ide
    Using IDE file upatr-qr.ide
    Using IDE file age-aocd.ide
    Using IDE file age-aocg.ide
    Using IDE file rans-ayx.ide
    Using IDE file msil-dsh.ide
    Using IDE file msil-dsi.ide
    Using IDE file age-anza.ide
    Using IDE file redym-ak.ide
    Using IDE file msil-dsm.ide
    Using IDE file msil-dsp.ide
    Using IDE file dwnl-mrn.ide
    Using IDE file zbot-jxc.ide
    Using IDE file age-aobk.ide
    Using IDE file rans-ayz.ide
    Using IDE file vbs-fr.ide
    Using IDE file vbzbo-bo.ide
    Using IDE file farei-hl.ide
    Using IDE file pws-cib.ide
    Using IDE file age-aodj.ide
    Using IDE file dwnl-mrq.ide
    Using IDE file dwnl-mrx.ide
    Using IDE file ceein-ab.ide
    Using IDE file skeeya-h.ide
    Using IDE file zegos-gu.ide
    Using IDE file msil-dtk.ide
    Using IDE file darkko-k.ide
    Using IDE file age-aodo.ide
    Using IDE file rans-azh.ide
    Using IDE file age-aodp.ide
    Using IDE file age-aodr.ide
    Using IDE file zbot-jxg.ide
    Using IDE file keylo-qv.ide
    Using IDE file rans-azk.ide
    Using IDE file aspshe-h.ide
    Using IDE file inje-bou.ide
    Using IDE file docdl-un.ide
    Using IDE file upatr-qe.ide
    Using IDE file zbot-jxn.ide
    Using IDE file rans-azo.ide
    Using IDE file age-aoed.ide
    Using IDE file rans-azp.ide
    Using IDE file rans-azs.ide
    Using IDE file farei-hr.ide
    Using IDE file docdl-ty.ide
    Using IDE file docdl-us.ide
    Using IDE file mdro-gvf.ide
    Using IDE file age-aoei.ide
    Using IDE file delf-fyq.ide
    Using IDE file keylo-qw.ide
    Using IDE file msil-dsg.ide
    Using IDE file dwnl-msi.ide
    Using IDE file dride-fk.ide
    Using IDE file limita-i.ide
    Using IDE file docdl-vc.ide
    Using IDE file msil-duw.ide
    Using IDE file dofoi-bd.ide
    Using IDE file boaxx-ap.ide
    Using IDE file potao-c.ide
    Using IDE file tinba-ao.ide
    Using IDE file age-aocr.ide
    Using IDE file rans-ban.ide
    Using IDE file dwnl-msm.ide
    Using IDE file farei-hv.ide
    Using IDE file rans-baq.ide
    Using IDE file msil-dsx.ide
    Using IDE file dwnl-mrr.ide
    Using IDE file zbot-jxk.ide
    Using IDE file upatr-sa.ide
    Using IDE file rans-baw.ide
    Using IDE file banl-byn.ide
    Using IDE file block-ai.ide
    Using IDE file bank-glw.ide
    Using IDE file msil-dvc.ide
    Using IDE file age-aodq.ide
    Using IDE file msil-dvd.ide
    Using IDE file rans-bax.ide
    Using IDE file msili-iu.ide
    Using IDE file bred-apv.ide
    Using IDE file farei-hx.ide
    Using IDE file msil-dvj.ide
    Using IDE file tinba-as.ide
    Using IDE file rans-baz.ide
    Using IDE file upatr-se.ide
    Using IDE file farei-hz.ide
    Using IDE file dride-fr.ide
    Using IDE file vbzbo-bq.ide
    Using IDE file age-aofx.ide
    Using IDE file rans-bbh.ide
    Using IDE file zbot-jyc.ide
    Using IDE file msil-dvv.ide
    Using IDE file dride-fs.ide
    Using IDE file dride-fu.ide
    Using IDE file limita-l.ide
    Using IDE file limita-m.ide
    Using IDE file rans-bbk.ide
    Using IDE file andro-dv.ide
    Using IDE file farei-ig.ide
    Using IDE file inje-bqb.ide
    Using IDE file upatr-qw.ide
    Using IDE file upatr-ry.ide
    Using IDE file msil-dwe.ide
    Using IDE file vbzbo-br.ide
    Using IDE file jsdld-bq.ide
    Using IDE file msil-dwi.ide
    Using IDE file expjs-me.ide
    Using IDE file msil-dwm.ide
    Using IDE file miure-ah.ide
    Using IDE file rans-bbz.ide
    Using IDE file limita-g.ide
    Using IDE file rans-bcc.ide
    Using IDE file docdl-wa.ide
    Using IDE file rans-bce.ide
    Using IDE file dride-fw.ide
    Using IDE file upatr-sq.ide
    Using IDE file rans-bcl.ide
    Using IDE file andro-dw.ide
    Using IDE file yakes-bx.ide
    Using IDE file rans-bcp.ide
    Using IDE file msil-dwt.ide
    Using IDE file blada-ai.ide
    Using IDE file phish-fk.ide
    Using IDE file age-aohr.ide
    Using IDE file msili-iv.ide
    Using IDE file age-aohs.ide
    Using IDE file msil-dwu.ide
    Using IDE file msil-dwv.ide
    Using IDE file farei-iw.ide
    Using IDE file rans-bcr.ide
    Using IDE file rarma-ai.ide
    Using IDE file zbot-jye.ide
    Using IDE file dride-fx.ide
    Using IDE file docdl-wg.ide
    Using IDE file limita-q.ide
    Using IDE file rans-bcv.ide
    Using IDE file dynam-ah.ide
    Using IDE file bergat-b.ide
    Using IDE file docdl-wi.ide
    Using IDE file dwnl-mso.ide
    Using IDE file tofse-am.ide
    Using IDE file fake-hfi.ide
    Using IDE file dyrez-hi.ide
    Using IDE file maldo-ag.ide
    Using IDE file expjs-mf.ide
    Using IDE file jsdow-aa.ide
    Using IDE file tinba-aw.ide
    Using IDE file zegos-he.ide
    Using IDE file matsn-cz.ide
    Using IDE file banl-bys.ide
    Using IDE file age-aoiw.ide
    Using IDE file rans-bbm.ide
    Using IDE file inje-bpt.ide
    Using IDE file rans-bdn.ide
    Using IDE file multp-fj.ide
    Using IDE file age-aojd.ide
    Using IDE file bank-glz.ide
    Using IDE file hoppa-b.ide
    Using IDE file msil-dyi.ide


    Quick Scanning


    Could not check /home/jerry/Documents/IPCC stuff/FOIA_2011/FOIA/documents/simple-climate-models.pdf (virus scan failed)
    Could not open /home/jerry/.config/pulse/ecc204709aad4410b155a15e55a4f5ae-runtime
    Could not open /home/jerry/.local/share/akonadi/socket-jerry-Aspire-7739
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/da/kdiff3/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/de/skanlite/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/de/kdiff3/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/fr/kdiff3/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/nl/kdiff3/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/uk/skanlite/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/uk/krusader/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/pt_BR/krusader/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/sv/krusader/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/pt/krusader/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/pt/kdiff3/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/et/kdiff3/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/es/kdiff3/common
    Could not open /home/jerry/.wine/dosdevices/z:/usr/share/doc/kde/HTML/it/kdiff3/common


    89333 files scanned in 9 minutes and 29 seconds.
    17 errors were encountered.
    No viruses were discovered.
    End of Scan.
    On the negative side, Sophos slows downloading and browsing while it checks files. So, while Linux may acquire an infection, in my case it seems non-existent. Of course, Sophos could be programmed to avoid detecting NSA and other government malware.

    So, I am going to uninstall it.
    Last edited by GreyGeek; Aug 07, 2015, 08:30 AM.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Interesting info--and I'm not at all surprised by your results. Thanks for sharing.

    I've used *nix since 1985 and have yet to have a single problem with viruses/malware/etc.--that I'm aware of! I have to admit I don't run virus scans, but I'm very confident that the way I configure and use Linux simply doesn't lend itself to such issues.
    Xenix/UNIX user since 1985 | Linux user since 1991 | Was registered Linux user #163544

    Comment


      #3
      I think I've seen that video before, an OS is only as secure as the user. Even on windows, I've never had much of a problem with viruses
      Registered Linux User 545823

      Comment


        #4
        Tried Sophos for the first time, as I'd heard good things about it. Have not turned on the real-time scanning (yet), I only ran the scan now function, figured out it is best as sudo:

        Run as user, without sudo:

        mike@mike-desktop:~/Downloads/Sophos_AV$ savscan /
        28175 files scanned in 1 minute and 28 seconds.
        108 errors were encountered.
        No viruses were discovered.
        End of Scan.

        Then:

        Run with sudo:

        mike@mike-desktop:~/Downloads/Sophos_AV$ sudo savscan /
        SAVScan virus detection utility

        Version 5.12.0 [Linux/AMD64]
        Virus data version 5.15, May 2015
        Includes detection for 9239070 viruses, Trojans and worms
        Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

        System time 10:47:16 AM, System date 18 August 2015

        28787 files scanned in 31 seconds.
        14 errors were encountered.
        No viruses were discovered.
        End of Scan.

        I think I'll keep it installed, at least for awhile, though I've never had any malware problems (that I'm aware of) in Kubuntu.
        An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

        Comment


          #5
          Originally posted by jpenguin View Post
          I think I've seen that video before, an OS is only as secure as the user. Even on windows, I've never had much of a problem with viruses
          Neither have I. At work, however, they installed a $28,000 Linux gateway with AV software to act as an Internet gateway because infections on tthe 450 Windows client machines were happening on almost a daily basis, shutting down the Novell network. After the Linux gateway was installed the infections dropped to zero per week until a flurry of action was found to originate from CD's brought by employees from home, usually containing music to play at work. The IT staff disabled all CD and USB ports on machines not used by developers. That pretty much ended the infections.

          On my personal machines, which I always dual booted with Windows for years, I never had problems with infections either, AFAIK. Scans were always negative., But, I never visited questionable sites. I found myself using WinX less and less, and about a year ago I removed Win7 and gave the entire HD to Trusty Tahr. During hat previous year I had booted into Windows only three times and that to get updates and fresh vaccine files. I was wasting my time and finally removed it. I should have done it several years ago.
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.

          Comment


            #6
            That video makes me so angry. The guy has no idea what he is talking about!! The only thing he has proved is that malware files can get onto the file system.

            If you look closely at the files, they are .exe and .dll, which are WINDOWS executable and library files. Also look up the so called infections, Troj/Espion-AD and Troj/Farfli-B are listed as windows malware. The only way a Linux system can execute these files are via Wine or a Virtual Machine and even then it would be in a container and wouldn't affect the operation of the host system!

            Continue on the listen to his understanding of defragging!! Such a load of bull!! This guys obviously has some sort of agenda and has disable comments on the video for a very good reason.
            Last edited by Guest; Aug 19, 2015, 04:20 AM.

            Comment


              #7
              Originally posted by clivejo View Post
              That video makes me so angry. The guy has no idea what he is talking about!! The only thing he has proved is that malware files can get onto the file system.

              If you look closely at the files, they are .exe and .dll, which are WINDOWS executable and library files. Also look up the so called infections, Troj/Espion-AD and Troj/Farfli-B are listed as windows malware. The only way a Linux system can execute these files are via Wine or a Virtual Machine and even then it would be in a container and wouldn't affect the operation of the host system!

              Continue on the listen to his understanding of defragging!! Such a load of bull!! This guys obviously has some sort of agenda and has disable comments on the video for a very good reason.
              For any virus or Trojan that is downloaded (which takes user action), to run it must be marked as an executable (if it is an executable file, and that also takes user action) and then it must be run (which also takes user action). So, infections in Linux from downloadable files are entirely the fault of the user. For the Java virtual machine the story is different. Malicious java applets on nefarious websites can be executed on the fly. The ability to do more damage than just to the user account depends on the sophistication of the malware. It it is a hook to download more powerful software the user's root account could be accessed by escalation of privileges to root level. That's why some browsers have disabled java.

              However, I keep Java enabled on FireFox (which had a security hole in versions before 39.0.3, IIRC) and have never been infected. Probably because I don't visit seedy sites, which is what happens when the little head does all the thinking.
              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.

              Comment

              Working...
              X