Download Securing Debian Manual

Chapter 8. Security tools in Debian
8.8
160
Antivirus tools
There are not many anti-virus tools included with Debian GNU/Linux, probably because
GNU/Linux users are not plagued by viruses. The Unix security model makes a distinction between privileged (root) processes and user-owned processes, therefore a “hostile” executable
that a non-root user receives or creates and then executes cannot “infect” or otherwise manipulate the whole system. However, GNU/Linux worms and viruses do exist, although there has
not (yet, hopefully) been any that has spread in the wild over any Debian distribution. In any
case, administrators might want to build up anti-virus gateways that protect against viruses
arising on other, more vulnerable systems in their network.
Debian GNU/Linux currently provides the following tools for building antivirus environments:
• Clam Antivirus (http://www.clamav.net), provided since Debian sarge (3.1 release).
Packages are provided both for the virus scanner (clamav) for the scanner daemon
(clamav-daemon) and for the data files needed for the scanner. Since keeping an antivirus up-to-date is critical for it to work properly there are two different ways to get
this data: clamav-freshclam provides a way to update the database through the Internet automatically and clamav-data which provides the data files directly. 2
• mailscanner an e-mail gateway virus scanner and spam detector. Using sendmail
or exim as its basis, it can use more than 17 different virus scanning engines (including
clamav).
• libfile-scan-perl which provides File::Scan, a Perl extension for scanning files for
viruses. This modules can be used to make platform independent virus scanners.
• Amavis Next Generation (http://www.sourceforge.net/projects/amavis),
provided in the package amavis-ng and available in sarge, which is a mail virus scanner
which integrates with different MTA (Exim, Sendmail, Postfix, or Qmail) and supports
over 15 virus scanning engines (including clamav, File::Scan and openantivirus).
• sanitizer (http://packages.debian.org/sanitizer), a tool that uses the
procmail package, which can scan email attachments for viruses, block attachments
based on their filenames, and more.
• amavis-postfix (http://packages.debian.org/amavis-postfix), a script that
provides an interface from a mail transport agent to one or more commercial virus scanners (this package is built with support for the postfix MTA only).
• exiscan, an e-mail virus scanner written in Perl that works with Exim.
2
If you use this last package and are running an official Debian, the database will not be updated with security updates. You should either use clamav-freshclam, clamav-getfiles to generate new clamav-data
packages or update from the maintainers location:
deb http://people.debian.org/~zugschlus/clamav-data/ / deb-src http://people.debian.org/~zugschlus
/