Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: howto
Top Forums UNIX for Dummies Questions & Answers howto Post 40571 by Perderabo on Thursday 18th of September 2003 07:58:11 AM
Old 09-18-2003
Unix is a collection of operating systems that run on any hardware. Unix people rarely download executables except from very trusted sources.

Windows users will download executables very frequently and virtually all of them use a cpu that uses intel's instruction set.

True viruses are machine specific. So you can create a SunOS true virus or an HP-UX true virus. But a unix true virus cannot be written.

The first internet based attack was the morris worm which targeted several versions of unix simultaneously. It took down many unix based systems. It even crossed over to Milnet and took down hundreds of military systems. That was well over 10 years ago and unix security has improved a lot since then.

Unix tends to treat email as something for a human to read. It is very rare for a unix system to attempt to execute an incoming email message automatically. It also helps that there are other operating systems that are very vulnerable to viruses. They divert the attention of virus authors away from unix. Finally, unix still has several security problems of its own. A cracker who wants to breech unix security will target one of those.

These are the big factors that act to protect unix from viruses. True viruses that is....

However, people use the term virus loosely. I know the difference between a virus and a worm. However, I would not be amused if the virus scanning software that I bought for my laptop intentionally ignored worms.

And evil software doesn't always perfectly match the classical definitions. Those email viruses that target windows are not true viruses. But it's not clear what to call them... they are sort of a cross between a trojan horse and a worm or something.

Now consider your mail server: if an email virus targeted toward Windows arrives on your server, it will not magically disappear. Sure, it won't affect your unix based mail server. That doesn't mean that you want to forward it to your user's computer. I would call a unix mail server waiting to download windows viruses "infected". What other term would you use? (Actually, I kinda like the term "subclinical infection".)

So unix can be infected with anything and after you loosen up the definition of "virus" enough to include all evil software, unix can be affected by viruses.

As for antispam, click on home, then click on answers to frequently asked questions, then click on email antispam techniques and email filtering
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

pop3 service- howto?

Hello , I have this RH6.2 box with sendmail8.9.3-20 (configured and running properly ) I have also (procmail3.14-2 , fetchmail5.3.1-1 ) installed but I don't know about them. (( all installed as rpm packages)) okay ,,, here what I need: I need to be able to use OUTLOOK or any other... (3 Replies)
Discussion started by: t_zone
3 Replies

2. UNIX for Dummies Questions & Answers

Full Duplex Howto

Dear Members, I was reading a few posts and saw something about installing two Nics so one could use Full Duplex. I remember back in the day of dial up, you could have two modems and use one for upstream and one for downstream. This was called shotgunning. It seems that you can now do the same... (4 Replies)
Discussion started by: Phobos
4 Replies

3. Windows & DOS: Issues & Discussions

windows howto find

Hi all! How would you do the equivalent of find ! -type f..... under windows? Meaning, how under a directory could you find all files except those named *.mp3 for example? the command under linux would be: find $DIR ! -name "*.mp3" what would be that under windows? Thanx for any ideas... (3 Replies)
Discussion started by: penguin-friend
3 Replies

4. UNIX for Dummies Questions & Answers

system () howto ??

How do you write a command to : A text line to a file in ./DATA1/archive.log using system () in awk TodayDate Time scriptname.ksh filename.dat system(echo `date '+%D %T` scriptname.ksh >> ./DATA/archive.log) --> syntax error +%D Thanks for your help (0 Replies)
Discussion started by: britney
0 Replies

5. Linux

boot cd linux HOWTO?

i have linux bootable cd. I want similar bootalbe cd with some chnage in the disk. i.e, some file from the old cd has to replaced in newer one. how do i do it? (3 Replies)
Discussion started by: yogesh_powar
3 Replies

6. Shell Programming and Scripting

Howto create a file

Hi folks, How do we create a file using shell script? i mean to say that do we use is it a good approch to do echo "abc" >file echo "xxxx" >>file or is there any better method? Thanks, Amit (5 Replies)
Discussion started by: amit4g
5 Replies

7. Solaris

Looking for CIFS howto

I just skimmed through the Administration Guide about LDAP and CIFS. Well that's a whole lot of text. Does someone know a tutorial/introduction with some steps to make? TIA (14 Replies)
Discussion started by: PatrickBaer
14 Replies

8. Shell Programming and Scripting

Howto use grep command

Hi all , i am having a table which contains start date and end date for ex .. startdate enddate 12/03/2011 12/04/2012 11/03/2011 20/05/2011 11/04/2011 28/07/2011 how to grep startdate = 12/03/2011 enddate = 28/07/2011 i need output :- startdate:12/03/2012... (4 Replies)
Discussion started by: Venkatesh1
4 Replies

9. UNIX for Dummies Questions & Answers

Q: Howto compare 2 files

Greetings, I made an extraction on 2 different databases. What I need to do is to compare those extractions to know what is on database1 which is not on database2 and vice versa. In those files, there are only numbers. So each line is just a number witch should be present on both file. If... (6 Replies)
Discussion started by: Sekullos
6 Replies

10. Shell Programming and Scripting

Howto cancel I/O redirection ?

Hi on AIX systems (6.x and 7.x) I have ksh scripts redirecting I/O, and running another script script000.ksh ie : # my script ... >${LOG} >${LOGCTRL} exec >>${LOG} 2>>${LOG} . ${PROJECT}/.../script000.ksh # hereafter, restore default I/O ... Is it possible at the end of the... (2 Replies)
Discussion started by: Fundix
2 Replies

LEARN ABOUT SUSE

clamscan

clamscan(1)							  Clam AntiVirus						       clamscan(1)

NAME

       clamscan - scan files and directories for viruses

SYNOPSIS

       clamscan [options] [file/directory/-]

DESCRIPTION

       clamscan is a command line anti-virus scanner.

OPTIONS

       Most  of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed
       by =yes/=no; if they get called without the boolean argument the scanner will assume 'yes'. The asterisk marks the default internal setting
       for a given option.

       -h, --help
	      Print help information and exit.

       -V, --version
	      Print version number and exit.

       -v, --verbose
	      Be verbose.

       --debug
	      Display debug messages from libclamav.

       --quiet
	      Be quiet (only print error messages).

       --stdout
	      Write all messages (except for libclamav output) to the standard output (stdout).

       -d FILE/DIR, --database=FILE/DIR
	      Load virus database from FILE or load all virus database files from DIR.

       --official-db-only=[yes/no(*)]
	      Only load the official signatures published by the ClamAV project.

       -l FILE, --log=FILE
	      Save scan report to FILE.

       --tempdir=DIRECTORY
	      Create temporary files in DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.

       --leave-temps
	      Do not remove temporary files.

       -f FILE, --file-list=FILE
	      Scan files listed line by line in FILE.

       -r, --recursive
	      Scan directories recursively. All the subdirectories in the given directory will be scanned.

       --cross-fs=[yes(*)/no]
	      Scan files and directories on other filesystems.

       --bell Sound bell on virus detection.

       --no-summary
	      Do not display summary at the end of scanning.

       --exclude=REGEX, --exclude-dir=REGEX
	      Don't scan file/directory names matching regular expression. These options can be used multiple times.

       --include=REGEX, --include-dir=REGEX
	      Only scan file/directory matching regular expression. These options can be used multiple times.

       -i, --infected
	      Only print infected files.

       --remove[=yes/no(*)]
	      Remove infected files. Be careful.

       --move=DIRECTORY
	      Move infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.

       --copy=DIRECTORY
	      Copy infected files into DIRECTORY. Directory must be writable for the '' user or unprivileged user running clamscan.

       --bytecode[=yes(*)/no]
	      With  this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, oth-
	      erwise you may miss detections for many new viruses.

       --bytecode-trust-all[=yes/no(*)]
	      This option disables safety checks and makes ClamAV trust all bytecode. It should only be used for debugging.

       --bytecode-timeout=N
	      Set bytecode timeout in milliseconds (default: 60000 = 60s)

       --detect-pua[=yes/no(*)]
	      Detect Possibly Unwanted Applications.

       --exclude-pua=CATEGORY
	      Exclude a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete list
	      of PUA

       --include-pua=CATEGORY
	      Only include a specific PUA category. This option can be used multiple times. See http://www.clamav.net/support/pua for the complete
	      list of PUA

       --detect-structured[=yes/no(*)]
	      Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers inside documents/text files.

       --structured-ssn-format=X
	      X=0: search for valid SSNs formatted as xxx-yy-zzzz (normal); X=1: search for valid SSNs formatted  as  xxxyyzzzz  (stripped);  X=2:
	      search for both formats. Default is 0.

       --structured-ssn-count=#n
	      This option sets the lowest number of Social Security Numbers found in a file to generate a detect (default: 3).

       --structured-cc-count=#n
	      This option sets the lowest number of Credit Card numbers found in a file to generate a detect (default: 3).

       --scan-mail[=yes(*)/no]
	      Scan mail files.

       --phishing-sigs[=yes(*)/no]
	      Use the signature-based phishing detection.

       --phishing-scan-urls[=yes(*)/no]
	      Use the url-based heuristic phishing detection (Phishing.Heuristics.Email.*)

       --heuristic-scan-precedence[=yes/no(*)]
	      Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it
	      will stop scan immediately. Recommended, saves CPU scan-time. When  disabled,  virus/phish  detected  by	heuristic  scans  will	be
	      reported	only at the end of a scan. If an archive contains both a heuristically detected  virus/phish, and a real malware, the real
	      malware will be reported Keep this disabled if you intend to handle "*.Heuristics.*" viruses  differently from "real" malware. If  a
	      non-heuristically-detected  virus  (signature-based) is found first,  the scan is interrupted immediately, regardless of this config
	      option.

       --phishing-ssl[=yes/no(*)]
	      Block SSL mismatches in URLs (might lead to false positives!).

       --phishing-cloak[=yes/no(*)]
	      Block cloaked URLs (might lead to some false positives).

       --algorithmic-detection[=yes(*)/no]
	      In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV  uses	special  algorithms  to  provide  accurate
	      detection. This option can be used to control the algorithmic detection.

       --scan-pe[=yes(*)/no]
	      PE  stands  for  Portable  Executable  - it's an executable file format used in all 32-bit versions of Windows operating systems. By
	      default ClamAV performs deeper analysis of executable files and attempts to decompress  popular  executable  packers  such  as  UPX,
	      Petite, and FSG.

       --scan-elf[=yes(*)/no]
	      Executable and Linking Format is a standard format for UN*X executables. This option controls the ELF support.

       --scan-ole2[=yes(*)/no]
	      Scan Microsoft Office documents and .msi files.

       --scan-pdf[=yes(*)/no]
	      Scan within PDF files.

       --scan-html[=yes(*)/no]
	      Detect, normalize/decrypt and scan HTML files and embedded scripts.

       --scan-archive[=yes(*)/no]
	      Scan archives supported by libclamav.

       --detect-broken[=yes/no(*)]
	      Mark broken executables as viruses (Broken.Executable).

       --block-encrypted[=yes/no(*)]
	      Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).

       --max-files=#n
	      Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option pro-
	      tects your system against DoS attacks (default: 10000)

       --max-filesize=#n
	      Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is  a  num-
	      ber. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB)

       --max-scansize=#n
	      Extract  and  scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a
	      number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB)

       --max-recursion=#n
	      Set archive recursion level limit. This option protects your system against DoS attacks (default: 16).

       --max-dir-recursion=#n
	      Maximum depth directories are scanned at (default: 15).

EXAMPLES

       (0) Scan a single file:

	      clamscan file

       (1) Scan a current working directory:

	      clamscan

       (2) Scan all files (and subdirectories) in /home:

	      clamscan -r /home

       (3) Load database from a file:

	      clamscan -d /tmp/newclamdb -r /tmp

       (4) Scan a data stream:

	      cat testfile | clamscan -

       (5) Scan a mail spool directory:

	      clamscan -r /var/spool/mail

RETURN CODES

       0 : No virus found.

       1 : Virus(es) found.

       2 : Some error(s) occured.

CREDITS

       Please check the full documentation for credits.

AUTHOR

       Tomasz Kojm <tkojm@clamav.net>

SEE ALSO

       clamdscan(1), freshclam(1), freshclam.conf(5)

ClamAV 0.96.1							 December 30, 2008						       clamscan(1)
All times are GMT -4. The time now is 03:59 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy