Rodder Posted February 1 Share Posted February 1 Good morning everyone. Looking for a good Linux antivirus program that's free for ubuntu server. Let me know what you would recommend based on your experiences. Thanks in advance, Rodder Quote Link to comment Share on other sites More sharing options...
digininja Posted February 1 Share Posted February 1 I've never used AV on Linux, are you just being cautious or has something happened to trigger you needing it? Quote Link to comment Share on other sites More sharing options...
Rodder Posted February 1 Author Share Posted February 1 Cautious, I will have to share the server address outside of the network. Quote Link to comment Share on other sites More sharing options...
digininja Posted February 1 Share Posted February 1 What are you looking to protect against? That doesn't sound like you need virus protection, more like NIDS/NIPS and good firewalling. Quote Link to comment Share on other sites More sharing options...
Rodder Posted February 1 Author Share Posted February 1 The server houses a program where files have to be uploaded and submitted. I didn't want anything nasty sneaking in. Quote Link to comment Share on other sites More sharing options...
digininja Posted February 1 Share Posted February 1 So it is to scan the files that have been uploaded rather than to protect the server itself as the files won't actually get executed on the server so wouldn't be able to do it any harm. Unfortunately I still can't recommend anything as I don't run AV on any of my Linux boxes, but I was just curious about the use case. I think one of the things you need to watch out for is that whatever you chose has to be generic enough to scan for malware that could affect any OS. Don't pick something that will only detect things that affect Linux boxes. 1 Quote Link to comment Share on other sites More sharing options...
Rodder Posted February 1 Author Share Posted February 1 2 minutes ago, digininja said: So it is to scan the files that have been uploaded rather than to protect the server itself as the files won't actually get executed on the server so wouldn't be able to do it any harm. Unfortunately I still can't recommend anything as I don't run AV on any of my Linux boxes, but I was just curious about the use case. I think one of the things you need to watch out for is that whatever you chose has to be generic enough to scan for malware that could affect any OS. Don't pick something that will only detect things that affect Linux boxes. Thank you for the tip. I will keep looking, want something lite but robust enough to cover all bases. I appreciate you @digininja! Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 1 Share Posted February 1 What upload volumes are we talking about and are the files known to be large in size? Any sensitive data/information? Quote Link to comment Share on other sites More sharing options...
Rodder Posted February 5 Author Share Posted February 5 On 2/1/2024 at 11:58 AM, dark_pyrro said: What upload volumes are we talking about and are the files known to be large in size? Any sensitive data/information? Very sensitive in nature - PII. Files are not large, PDF forms. Quote Link to comment Share on other sites More sharing options...
digininja Posted February 5 Share Posted February 5 I'm guessing the suggestion was going to be to upload something like Virus Total but that won't work for this. If all you are handling is PDF files, you could look at disassembly and reassembly. I can't remember the name but there is a company who do it for email attachments, they strip documents down and then put them back together without anything unnecessary in them. 1 Quote Link to comment Share on other sites More sharing options...
Rodder Posted February 5 Author Share Posted February 5 7 minutes ago, digininja said: I'm guessing the suggestion was going to be to upload something like Virus Total but that won't work for this. If all you are handling is PDF files, you could look at disassembly and reassembly. I can't remember the name but there is a company who do it for email attachments, they strip documents down and then put them back together without anything unnecessary in them. Thanks again @digininja i have a call today with the software developer. going to ask them about this and what other customers use. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 5 Share Posted February 5 As said, a possible way could be VT, but if there is sensitive info involved, it's not a relevant way to move forward (hence the question). Quote Link to comment Share on other sites More sharing options...
digininja Posted February 5 Share Posted February 5 This isn't the product I was thinking of but it does the same thing. https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-content-disarm-and-reconstruction-cdr/ Quote Link to comment Share on other sites More sharing options...
DramaKing Posted February 9 Share Posted February 9 There isn't much in the way of Linux AV, but you could try ClamAV. For a web server, though, you should be less worried about viruses and more about things like LFI/RFI. Quote Link to comment Share on other sites More sharing options...
digininja Posted February 10 Share Posted February 10 There are actually quite a few options, most of the big names make a Linux version of their tools. They are generally unnecessary so unused and so not talked about. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.