[Nottingham] Anti-virus (and kmail address book)

Robert Postill robert at grinning-cat.com
Thu Aug 18 15:25:37 BST 2005


David,
Personally, I think there a couple of things to say here:
1) Linux viruses are not prevalent like they are on windows.  The most
common attack model I see is different.  Scan for a vulnerability, break
a daemon then get root from there.  That's a lot more work than an
automated worm but is still doable by a script kiddie.
2) I got the impression from various chats that you (like many others on
the list) had to deal with a number of other users not necessarily using
Linux.  If you're dealing with clients you can't be sure of (e.g.
Windows boxes) you're saving everyone time and hassle by filtering out
some of the muck and/or drawing attention to suspicious incidents.
3) A lot of the PR about AV is pushed by the vendors (as usual), they
talk up  the threat and in my mind there's nothing that's essential
that's proprietary out there right now.  The FLOSS community produces
some of the best stuff out there, security-wise.

Harking back to point 1 there's still a lot of idiots out there who feel
the need to be a l33t hax0r :( I use Snort to detect dodgy network
activity in addition to the usual iptables, ssh routine.  I also run
clamav to filter the result of my mail to strip out the infected mail
(which generally is spam too).  I'd suggest an occasional nessus, john
the ripper and kismet (if you've got wi-fi) scan help make sure you're
doing the right thing.

Hope that's interesting.
Robert.

On Thu, 2005-08-18 at 11:33 +0100, David Wolfson wrote:
> Anti-virus:
> I've been meaning to ask this for a while, but the latest news item about 
> Billy G's trouble with virus gangs reminded me. I'd never leave a windows box 
> running without anti-virus running, but have never bothered too much on Linux 
> machines. I guess this is probably niave, but thought I'd do a quick 
> survey/get some advise. 
> 
> What does the nlug collective use? 
> Do they use anything? 
> Are there enough linux viruses out there to worry about?
> 
> On windows I use the latest Sophos, which has an active monitor, all the usual 
> guis, and does auto updates. Is this level of functionallity available in 
> 'nix?
> 
> kmail:
> So, I went to write this mail, and found that I can't see/edit my address book 
> in kmail. The only way I can 'see' it is with the '...' button in a compose 
> window. If I add an address book button to the tool bar, its grey'd out... 
> How do I get at it?
> 
> Cheers,
> 
> Dave
> 
> 
> 
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/nottingham/attachments/20050818/9e07bb71/attachment.bin


More information about the Nottingham mailing list