Announcement

**sinepgib** · 29 November 2022, 08:32 AM

Originally posted by birdie View Post

After dealing with Linux users I want to vomit hard. The worst fan base of anything I've ever dealt with. Denying issues, lying through their teeth about issues, telling you to "fuck off" when you expose Linux for what it is.

We certainly have a denial issue in the FOSS community. I guess it's comfy.

Originally posted by cynic View Post

Why?

all the official packages are verified by the Fedora community. Did you have any negative experience directly tied to them?

Because lots of people aren't satisfied with only official packages and third-party packages have neither community verification nor an antivirus checking them. Windows at least provides the latter.
That said, nowadays email phishing is a much more common threat than viruses in all consumer platforms and I haven't heard of any victim of Linux ransomware, as opposed to Windows, so there's that.

**cynic** · 29 November 2022, 08:40 AM

Originally posted by uid313 View Post

But after the installation these files can be overridden by malware and since they're not digitally signed, you don't know.
Sure I trust Fedora, when I install Fedora, but after you use it, then those files can be overridden.

in ANY OS files can be overwritten with usage, or not?

**cynic** · 29 November 2022, 08:41 AM

Originally posted by birdie View Post

I need to stop now, I don't want to talk to people who don't want to get into the fine details of the huge security fiasco/theater that modern Linux distros are.

cry harder!

**uid313** · 29 November 2022, 08:41 AM

Originally posted by cynic View Post

after you use ANY os files can be overwritten, or not?

Sure, but on Windows these files are digitally signed, so they can be verified that have not been tampered with, the integrity can be verified, and the operating system can refuse to run tampered binaries.

**cynic** · 29 November 2022, 08:46 AM

Originally posted by uid313 View Post

Sure, but on Windows these files are digitally signed, so they can be verified that have not been tampered with, the integrity can be verified, and the operating system can refuse to run tampered binaries.

ok, fine with that.

however in order to change the OS files you need to run something with privileged user (doing it consciuosly or not) and at that point you're screwed anyway, even if I recognize that a stealth attack could be worse.

**CochainComplex** · 29 November 2022, 08:47 AM

Originally posted by birdie View Post

And even when we speak about top AV vendors such as BitDefender, Norton, Kaspersky, etc. their products are basically useless for catching Linux malware. They are only good for Windows and surprisingly MacOS malware.

Back in the days as teenager I have "desinfected" the Windowssystem Partions of HDDs of friends by simply using Bitdefender for Linux. Not sure if it still exists for Linux today? At that time I also tried CalmAV first but it usually has never found any Virus. Bitdefender has usually found multiple different "species".

**Artim** · 29 November 2022, 09:05 AM

Originally posted by CochainComplex View Post

I have once used it multiple years ago - decade ?. How good is it in comparison to commercial solutions?

Maybe there's a way Michael can test that. No idea how difficult it is to get a representative test set of malware. But it shouldn't only include Linux malware but also Malware for other systems as ClamAV could be used on a Linux based file server to not spread malware to other systems.

**ClosedSource** · 29 November 2022, 09:08 AM

Originally posted by Danny3 View Post

Is this any good for single-boot Linux only installation?

Unfortunately no. The detection rate is not as good as you would like it to be. You are better off seeking other solutions.

**birdie** · 29 November 2022, 09:15 AM

Most commercial "Linux" AVs are basically Windows engines wrapped in CLI, that's it. They work well, only without GUI

A standalone Bitdefender AV for Unices has long been deprecated, now they only offer Endpoint Security Tools for Linux workstations which makes it instantly unavailable for most people out there.

Just for fun I've just spent 15 minutes trying to find a commercial Linux AV with GUI and I've found nothing. Bitdefender and Avira have long discontinued their products, Comodo offers something which was last updated 9 years ago and is unlikely to work, in short there's nothing.

There's Kaspersky Rescue Disk which comes with GUI but it's not a persistent AV, it's a "boot from, check and shutdown" single use AV.

**birdie** · 29 November 2022, 09:27 AM

Here's the last serious test ClamAV that I've been able to find: https://www.virusbulletin.com/blog/2...atest-results/

It's not as horrible as I thought it was but it's far from the best AV solutions.

Malware on Demand 88.5%; AdWare/SpyWare on Demand: 92.8% - which means it missed on average 10% of samples. It's still a far cry from top AV solutions with detection rates over 99%.

Considering there are thousands of pieces of malware released daily, it means ClamAV misses hundreds which makes it pretty useless:

Product	Malware on demand	Adware/Spyware on demand	False positives	Scan speed	Proactive detection	Response times	Malware on demand	Adware/spyware on demand
AntiVir (Avira)	++	++(4)	+	++	+	++	99.8%	99.0%
Avast! (Alwil)	++	++	+	+	o	o	99.3%	98.3%
AVG	+	-(4)	+	+	o	o	95.8%	87.0%
AVK 2008 (G Data) (1)	++	++	o	-	+	++	99.2%	99.1%
AVK 2009 (G Data) (2)	++	++	+	+	++	++	99.8%	99.8%
BitDefender 2008	+	-	+	-	++	+	97.7%	87.8%
BitDefender 2009	+	-	+	o	++	+	97.6%	88.0%
CA-AV (VET)	--	--	++	o	-	--	65.5%	68.0%
ClamAV	-	o	-	--	-	++	88.5%	92.8%
Dr Web	--	-	o	o	+	o	84.9%	89.6%
eScan	+	+	o	-	+	++	97.8%	97.4%
Fortinet-GW	o	--	o	+	++	+	92.6%	81.9%
F-Prot (Frisk)	o	o	+	+	o	o	94.8%	92.6%
F-Secure 2008	++	++	+	o	++	+	98.2%	98.4%
F-Secure 2009	++	++	+	+	++	++	99.2%	99.6%
Ikarus	++	++	o	+	+	+	99.5%	98.6%
K7 Computing	o	o	o	++	-	o	92.1%	94.0%
Kaspersky	++	++	o	o	+	++	98.4%	98.3%
McAfee	o	o	++	o	+	-	93.6%	94.5%
Microsoft	+	+	++	o	-	-	97.7%	97.1%
Nod32 (Eset)	o	o	++	++	++	+	94.4%	94.7%
Norman	+	+	+	o	+	o	96.3%	95.8%
Norton 2008 (Symantec)	+	o	++	+	+	o	97.8%	94.6%
Norton 2009 (Symantec)	++	+	++	++	+	++	98.7%	95.4%
Panda 2008	-	o	+	+	++	o	86.4%	93.4%
Panda 2009	o	+	+	+	++	+	91.8%	95.6%
Rising	--	--	+	o	o	o	83.4%	77.5%
Sophos	+	+	+	+	++	+	97.5%	95.0%
Trend Micro	o	-	+	+	o	+	91.3%	88.5%
TrustPort	++	++	-	--	++	++	99.5%	98.4%
VBA32	o	-	o	o	+	o	90.5%	85.2%
VirusBuster	-	-	+	+	o	o	89.0%	85.8%
WebWasher-GW (3)	++	++	o	++	++	++	99.7%	99.2%
ZoneAlarm	+	+	o	o	+	++	97.8%	97.7%
Index	malware on demand	adware / spyware on demand	false positives	scan speed	proactive detection	response times	malware on demand	adware / spyware on demand
++	>98%	>98%	no FP			< 2 h
+	>95%	>95%	1-2 FP			2 - 4 h
o	>90%	>90%	3-4 FP			4 - 6 h
-	>85%	>85%	5-6 FP			6 - 8 h
--	<85%	<85%	> 6 FP			> 8 h

Announcement

ClamAV Anti-Virus Reaches Version 1.0 With New LTS Release

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment