Antivirus Suggestions' for Linux Ubuntu Server

[Rodder]

Good morning everyone. 

Looking for a good Linux antivirus program that's free for ubuntu server. Let me know what you would recommend based on your experiences. 

Thanks in advance,

Rodder

[digininja]

I've never used AV on Linux, are you just being cautious or has something happened to trigger you needing it?

[Rodder]

Cautious, I will have to share the server address outside of the network. 

[digininja]

What are you looking to protect against? That doesn't sound like you need virus protection, more like NIDS/NIPS and good firewalling.

[Rodder]

The server houses a program where files have to be uploaded and submitted. I didn't want anything nasty sneaking in. 

[digininja]

So it is to scan the files that have been uploaded rather than to protect the server itself as the files won't actually get executed on the server so wouldn't be able to do it any harm.

Unfortunately I still can't recommend anything as I don't run AV on any of my Linux boxes, but I was just curious about the use case.

I think one of the things you need to watch out for is that whatever you chose has to be generic enough to scan for malware that could affect any OS. Don't pick something that will only detect things that affect Linux boxes.

[Rodder]

2 minutes ago, digininja said:

So it is to scan the files that have been uploaded rather than to protect the server itself as the files won't actually get executed on the server so wouldn't be able to do it any harm.

Unfortunately I still can't recommend anything as I don't run AV on any of my Linux boxes, but I was just curious about the use case.

I think one of the things you need to watch out for is that whatever you chose has to be generic enough to scan for malware that could affect any OS. Don't pick something that will only detect things that affect Linux boxes.

Thank you for the tip. I will keep looking, want something lite but robust enough to cover all bases. I appreciate you @digininja!

[dark_pyrro]

What upload volumes are we talking about and are the files known to be large in size? Any sensitive data/information?

[Rodder]

On 2/1/2024 at 11:58 AM, dark_pyrro said:

What upload volumes are we talking about and are the files known to be large in size? Any sensitive data/information?

Very sensitive in nature - PII. Files are not large, PDF forms. 

[digininja]

I'm guessing the suggestion was going to be to upload something like Virus Total but that won't work for this.

If all you are handling is PDF files, you could look at disassembly and reassembly. I can't remember the name but there is a company who do it for email attachments, they strip documents down and then put them back together without anything unnecessary in them.

[Rodder]

7 minutes ago, digininja said:

I'm guessing the suggestion was going to be to upload something like Virus Total but that won't work for this.

If all you are handling is PDF files, you could look at disassembly and reassembly. I can't remember the name but there is a company who do it for email attachments, they strip documents down and then put them back together without anything unnecessary in them.

Thanks again @digininja i have a call today with the software developer. going to ask them about this and what other customers use. 

[dark_pyrro]

As said, a possible way could be VT, but if there is sensitive info involved, it's not a relevant way to move forward (hence the question).

[digininja]

This isn't the product I was thinking of but it does the same thing.

https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-content-disarm-and-reconstruction-cdr/

[DramaKing]

There isn't much in the way of Linux AV, but you could try ClamAV. For a web server, though, you should be less worried about viruses and more about things like LFI/RFI.

[digininja]

There are actually quite a few options, most of the big names make a Linux version of their tools. They are generally unnecessary so unused and so not talked about.