Antivirus Reviews and Price Comparisons
How To Protect Yourself From Spyware and Adware
If you don't have any knowledge about adware/spyware completely taking over your computer. This letter will be the most important one that you've ever read. Never Worry About Someone Watching Your Each-And-Every Move Online, Educate Yourself With This Hard Hitting E-Book That Will Leave No Stone Unturned About Adware/Spyware.
One common misconception about GNU Linux is that no viruses exist for this operating system. This is simply not true. For quite some time GNU Linux did not feel the constant pressure of malware attacks that Microsoft Windows did. While researchers did write viruses that could infect the GNU Linux operating systems, they were for research purposes only. However, viruses have since been released that have the ability to infect computers running a GNU Linux operating system. More and more, people are beginning to see viruses in the wild that can damage these operating systems. A virus that has been released to the public is said to be in the wild. This is how security experts can differentiate between a virus that is for research and one whose intent is to cause harm to a computer system. Purely as a hobby some people collect malware in the wild so that they can analyze the code of the malware and help fight against it. Ubuntu, remember, was built on the philosophy that Ubuntu Just...
Antivirus software for Linux is a program that scan the files in the computer for known viruses. It may also scan the memory, or incoming data. When it finds a virus it shows a message or takes some actions on the virus (it can erase the virus or put the virus in quarantine, for example.) Here is a list of some of the companies that have an operating level antivirus for Linux and for more information you should visit the web pages Norton Antivirus, by Symantec http www.symantec.com eTrust InoculateIT for Linux and eTrust Antivirus, by CA http www.ca.com RAV Antivirus Desktop, by GeCAD http www.rav.ro
Despite the lack of viruses out there that can wreak havoc upon your Linux system, your computer could still act as a transmitter of Windows viruses. As a result, there are a number of free antivirus scanners out there for Linux users interested in helping to protect Windows users from viruses. These include Aegis (available via Synaptic), Panda Antivirus (www.pandasoftware.com download linux.htm), f-Prot (www.f-prot.com), and numerous others. For most Linux users, however, the virus scanner of choice is the open source contender ClamAV. Although it can be used on a number of operating systems, ClamAV is considered to be the Linux antivirus software package. It is open source, totally free, and you don't have to worry about licenses or suffer the bother of renewing them. Unfortunately, on its own, ClamAV is a command-driven application, which makes it a bit less user-friendly. Fortunately for all involved, there is also a graphical interface available, albeit a simple one, by the name...
The antivirus software for Domino server, works at application level, in this case at Domino level. It can scans for viruses inside Domino databases and attached files inside E-mail messages. At the time of writing there we were few companies that had a antivirus product for Domino for Linux. The first company to release such a product was Kaspersky. The name of the product is Kaspersky Anti-Virus Business Optimal for Lotus Notes Domino Symantec also has an antivirus product for Domino on Linux. Symantecs product is called Norton Antivirus for Lotus Notes Domino. Symantec's web site can be found from Trend Micro has been developing antivirus software since 1987. In addition to Trend Micro ServerProtect for Linux , which is an OS level antivirus software, Trend Micro has added Linux support to thier ScanMail for Lotus Notes product. This complements the offering they already have for Windows, AIX, Solaris, 0S400 and z OS. For more information please visit Trend Micro ScanMail for Lotus...
All the previously mentioned attack categories can also include some form of malware in the body of the email message. Malware generically refers to software that performs some form of action without the user's consent, meaning the software is hidden in some way or advertises a rather different purpose from its real one. This category includes computer viruses (which we'll describe in detail next), worms, Trojans, spyware and so on. Malware is commonly attached to SPAM and e-mail fraud messages, particularly adware or spyware that is meant to gather and send out statistical data based on your activity. ffflfl Every form of malware should be addressed in your security policy Computer viruses are one of the oldest malwares (widely popular since the 1980s when floppy disk exchange was the main contagion source), born long before the Internet. A computer virus is a program specifically designed to infect your computer, spread throughout your system, and in the meantime, perform some sort...
Because the Linux desktop market is still quite small, and also because it is very secure, there are very few reports of viruses and other malware for it. Still, that doesn't mean you can relax your vigilance. Linux is growing in popularity, and hackers are bound to spend more time trying to hack it in the future. You'll gain the most protection from malware just by sticking to repository software. But for extra protection, you may wish to install ClamTk, a graphical frontend for the ClamAV antivirus program. Figure 9-21. Installing antivirus and rootkit detection software Figure 9-21. Installing antivirus and rootkit detection software
Many people say using an antivirus program with Ubuntu is not necessary. It's hard to argue. There are practically no viruses or malware for Linux at the present time. There's some debate about whether this will change in future, but right now an Ubuntu user is quite simply safe from viruses. No further action is required. However, aside from guarding against future threats, installing an antivirus program allows you to watch out for Windows or even Mac viruses in files sent to you. Therefore, you can avoid passing on virus-infected files that might affect those running non-Linux operating systems. There is a variety of commercially sold antivirus programs for Linux, but perhaps the best choice from an open source perspective is ClamAV. This is industrial-strength antivirus designed for server computers, but you can also install ClamTK, a small program that provides a graphical front end, and thereby makes ClamAV suitable for more humble users.
Why do you need an antivirus It protects your data from viruses, it scan the e-mails for viruses and it tells you when you have a virus and gets rid of them. The antivirus software works similar on Linux as on any other OS. It is uploaded in to the memory and it scans for open files, incoming data, e-mails for different type of viruses. There are two types of antivirus software Antivirus software that works at the operating system level. This means the antivirus software scans the files on the computer for known viruses. Antivirus software that works at the application level. This means it is written for a specific application, such as Domino server. An operating system level antivirus product can be scheduled to run daily or weekly on certain time such as at midnight, at night, at the end of the work hours or the end of the week. We recommend to schedule the antivirus to run outside the work hours because it is a heavy task, it demands a lot of CPU power, memory and disk access and.
No antivirus tools are installed by default with SUSE Linux. You can configure fetchmail to work with the Mail Delivery Agent called AmaViSd, which will, in turn, work with most antivirus tools. The most prominent open source antivirus is ClamAV, and several commercial tools are also available for Linux, including F-Prot and Sophos.
On many levels, Windows is a great operating system, and since the release of Windows XP in particular, Microsoft has cleaned up its act. Windows XP does a much better job compared to previous versions of Windows (and Vista makes even more improvements). But the situation is far from perfect. Windows XP is notoriously insecure and virtually every day a new security hole is uncovered. The United States Computer Emergency Readiness Team (www.us-cert.gov) reported 812 security vulnerabilities for Microsoft Windows during 2005. That's 15 vulnerabilities per week In June 2005, the computer security company Sophos (www.sophos.com) advertised that its Windows antivirus program defended against over 103,000 viruses This has led to an entire industry that creates antivirus programs, which are additional pieces of software you have to install once your computer is up and running for it to run without the risk of data loss or data theft. So is Linux the solution to these...
Firewall solutions and antivirus software have become best-sellers, and yet an important component of every security concept perhaps even the most important component is being neglected know-how. Without the appropriate knowledge you cannot recognize and understand security-critical issues in complex IT infrastructures.
Authentication can take any form, whether based on a white list, black list, or mix of the two it does not need to be a login password by itself. A solution such as antivirus software can, therefore, be seen as black list authentication because like a parser, it searches all data for code matching signatures in its database. If it cannot match the code to a signature, then it allows the data. This explains why antivirus software is notoriously ineffective against new viruses and variants of old viruses. Even behavioral and heuristic scanners need to find a match against a database of known viral behaviors, which is also extremely difficult since behavior can mutate from system to system.
The identification process can be attacked in multiple ways. Commonly, when authentication controls are found on Linux systems, they are in the form of logins passwords for the system and services, malware detectors like Trojan horse and rootkit scanners, SPAM filtering, and proper user detection like CAPTCHA. To defeat these types of authentication controls, you must still attack parts of the process
Protecting a system or service from getting overwhelmed can be difficult since the controls themselves are often what get overwhelmed. Slowing down the input response with a simple pause after acceptance will prevent a brute-force program from consuming too many system resources, making guesses so quickly that an administrator can't respond. However, this does not make any sense for SPAM and malware scanners, which should operate as fast as possible to authenticate the good and delete the bad. Oftentimes this kind of denial comes at the expense of the parser where extremely large files or extremely deep directory structures are used to exhaust the service. Limiting the authentication verification scope is another means of protecting resources from being wasted unnecessarily. When the verification criteria becomes tainted with an outside suggestion, the verification process will no longer work as controlled. The files that the authentication process relies on must be constantly...
Most importantly, all subjugation controls must be initiated from a vector that the user cannot access or influence. Since attacks against this control can be made through physically placing a boot disk in the server and making changes through the terminal to malware run by a person with root privileges, all such vectors must be protected. Remember that even console video games, in which most users are familiar with subjugation controls in the form of special cartridges that require specific decoding knowledge and hardware, get hacked and read because users have access to all of the cartridge's vectors. It is also why Digital Rights Management (DRM) failed on CDs and DVDs.
An antivirus application is only as useful as its virus definition file. If you are running in non-key mode, you cannot install any updates for AntiVir. Those who legally obtain and use the private license are entitled to one update every two months. If you purchase AntiVir, you can obtain daily updates.
For instance, a workstation in Sales should not need to connect to a workstation in HR or to a workstation in any other VLAN for that matter. The only reason for doing so would be for some sort of deliberate attack or if malware accidentally got loose on the network. In either case, the traffic is undesirable and ought to be blocked.
In addition, as with most versions of Linux, Ubuntu doesn't come with antivirus protection out of the box. This is because there are practically no viruses affecting Linux, and it is reasoned that there simply isn't a need for virus protection. However, as with a firewall configuration program, installing an antivirus program is easily done, and we explain how in this chapter. But first, you'll spend some time examining more basic security concepts. Following that, we'll look at how to encrypt files and e-mail so that they can be
This section describes how to use ClamTk, which is a graphical front end for the Clam Antivirus (ClamAV) program (www.clamav.org). ClamAV is an open-source, industrial-strength antivirus scanner designed to work on all kinds of computers and operating systems. It detects Windows and even Macintosh viruses, as well as Linux and Unix viruses. This has obvious benefits if you share files with Windows users you can inform your friends and colleagues if any files they give you are infected (and bask in the warm feeling that arises when you realize the viruses can't affect your system ).
User Bi Email Advanced Settings Spamfilter & Antivirus Moving on to the Spamfilter & Antivirus tab, shown in Figure 4-16, you can consider what spam strategy to use. Activate Spamfilter for an account you can then specify the filter's behavior. Antivirus Figure 4-16. The Spamfilter & Antivirus tab To enable a user to make changes to her email account herself (including password, spam filter, and antivirus settings), you must select the Mailuser option for that user on the Basis tab of the ISP Site form (see Figure 4-10). To make changes, the mail user can then simply log into a site with a name such as http centralsoft.org 81 mailuser.
Sendmail was developed before spam and malware evolved, and consequently it has several security flaws. One of the most serious problems with Sendmail is that, by default, it allows open relaying that is, it will relay mail that originates from anywhere outside the server's local network. This security problem is illustrated in Figure 5-1.
Usenet newsgroups have been part of the fabric of the Internet nearly as long as email and took hold well before the World Wde Web was invented. Although Usenet now has an even bigger problem with spam and malware than email, there remain thriving and helpful communities of Usenet readers and writers that can help you get answers to a multitude of questions for the price of a well-crafted question. Tap into Usenet with one of the news-reading tools discussed here, and then consider hosting your own NNTP server.
As a general precaution, both corporate and home users should not leave their WNICs on when they are not in use, even when for just a short while. Wireless driver vulnerabilities (and web-browser vulnerabilities if a ph00ling attack is used) can be exploited in seconds whenever the WNIC is in use, and malware, which is installed postexploitation, need not rely on any wireless connection being maintained to connect back to a remote controller. Indeed, the wireless avenue is mainly used for the planting of malware such as Trojans and rootkits, which subsequently connect back to remote controllers via any available network connection, wired or wireless.
Today it is not enough to secure the servers in a corporate network. The clients are no longer just a target of viruses. Despite a firewall worms can be brought into the network via notebooks that were infected while directly connecting to the Internet. Hacked web sites can be used to install malware on the clients using vulnerabilities of web browsers. Wireless access cards can open ways into the corporate network bypassing the firewall.
Low-level protocols (icmp, netbios, tcp, udp) High-level protocols (http, ftp, dns, pop3, imap) Web server specific (web-attack, web-cgi, web-client) Exploit specific (shellcode, backdoor, exploit) Service impacting (dos, ddos) Policy specific (policy, info, misc, porn) Scanning and probing activities (scan, bad-traffic) Viruses, worms, and other malware (virus)
Deny message malware_name detected in message demime * malware * The first block rejects messages that contain viruses or other malware, and the second and third add headers to messages indicating whether or not SpamAssassin considers them spam. The final block checks spam_score_int (the spam score multiplied by 10) and rejects the message if it is greater than 120. The defer_ok in the last three blocks tells Exim that it is okay to continue processing in the event that the SpamAssassin daemon could not be contacted. You can remove it if you would prefer to have the server return a temporary failure code in such cases. You can also add defer_ok to the end of the malware * line if you want processing to continue in the event that a message cannot be scanned by ClamAV.
While most antivirus applications that run on Microsoft Windows actively scan the computer for malware, ClamTk does not. Instead, you are required to do a passive scan where you actually tell it to scan the computer for malware. Remember, while some malware can infect a computer running GNU Linux, few can. The odds of you picking up a virus in the wild are slim, and if you only install software from the repositories, then you have a good chance of never having an infection. However, it is still a good idea to scan your computer from time to time. Once a week is a good schedule for most users, while those who download a large number of files and who open e-mail attachments may want to scan their computer more often.
These two kinds of vulnerabilities are exploited by malicious code in order to inject incorrect data or malware into the system. This can, in effect, not only compromise the security of the system but also make the user think the system is secure, in which case secrets can then be revealed. Many malware programs attempt to disarm security tools such as antivirus and firewalls once inside the system and then hide themselves from the system, possibly hibernating so as to not be revealed by their actions.
Debian provides also a number of security tools that can make a Debian box suited for security purposes. These purposes include protection of information systems through firewalls (either packet or application-level), intrusion detection (both network and host based), vulnerability assessment, antivirus, private networks, etc.
This makes reading a program's memory layout more difficult, but it's for a good cause. If the stack is always reliably located at the same address, buffer overflows can force code onto the stack as data and then malware can execute that code. This execution depends on hard-coding memory addresses into the malware code (because there's no loader to adjust code addresses), but if the stack is (almost) never in precisely the same place twice, this hard-coding of addresses won't work and executing malware code on the stack becomes a great deal harder.
Worms are a slightly different story. The major antivirus firms out there study each worm under a microscope. Usually within a couple of business days from a worm's release, the AV firms have a good idea of how the worm spreads, what payload it leaves behind, and how to remove it. The AV firms' Web sites usually contain specific instructions for removing individual worms. (For a list of AV company Web sites, see the section Digging into a triggered alert, earlier in this chapter.) The antivirus programs these companies sell can also sometimes remove the worm for you. One copy of Blaster.E behaves exactly like another copy of Blaster.E (though a different variant, such as Blaster.F, may require a different set of removal instructions), so it is usually safe to follow the AV firms' instructions for removing a specific worm and expect your system to be clean.
If you're familiar with Windows systems, chances are you're also familiar with virus scanners (aka antivirus tools). These programs scan a Windows system, or sometimes just specific files or e-mail attachments, for the presence of viruses, worms, Trojans, and other unfriendly programs. The Windows virus scanner market is large and supports several major commercial programs. There are even a few virus scanners for Linux, such as F-Prot Antivirus for Linux
As with many other risks, phishing can be mitigated with technology only to a certain degree. After that it's user-dependent. Modern antivirus solutions or mailing programs include an antiphishing filter, which checks for links in the email in a database of known phishing sites, IPs, and domains. Additionally, it can check to see if the links on the page go to the same domain as the sender's.
Because Linux systems are often used as mail servers, tools for scanning mail messages for spam and viruses have become quite sophisticated over the years. In this chapter, I describe how to use a tool called SpamAssassin to deal with spam and viruses on your mail server. If this doesn't meet your needs, you might add the ClamAV virus scanner to test mail messages for actual malware attachments. Here are a few links where you can learn about ClamAV and how to use it with different mail software
To manage your outgoing traffic, your policies should explicitly define what kinds of email traffic are acceptable on your network and email relays. It is important to make a best effort to not become the weakest link in the chain, or in this particular case, a point of origin or relay for SPAM, worms, or other types of malware. Some specific configurations can make a spammer's life easy, and we'll discuss those in upcoming sections. Apart from being an annoyance and a policy problem for your MTA (not to mention the receiving side), messages that are infected with viruses or malware could pose a serious threat to your organization's credibility if the bounces contain the full body of the original message. The bounce message, sent from your MTA with your domain address as sender, would retain the malicious content that would be delivered to the originally spoofed address (which is external to your organization), effectively making you look like a malicious sender.
While mistyping a name looks apparently harmless, this mistake is being taken advantage of with so-called typosquatting. Typosquatters usually register a large number of domains that are very close to existing and widely used ones and likely to be found in case of typographical errors. This can lead to phishing attacks, malware sites, unsolicited advertisements, and email hijacking.
Details, and protection against malware sites, where viruses or other dangerous files are offered surreptitiously. See Figure 7-2 for an example of what you'll see if you fall victim to a phishing attack (note that this is a staged demonstration at the www.mozilla.com site, and is not an actual attack www.mozilla.com is safe to visit).
Aside from the fact that you're now aware of the spam virus epidemic, it is also now your responsibility to do something about it because you're responsible for your mail server. Luckily, there are some great ways to configure Postfix to automatically handle much of this for you. If you installed all of the packages that I suggested back in the section Installing Postfix and Friends, you've already installed the postgrey grey-listing service and MailScanner. MailScanner scans incoming mail and rejects the spam that it can identify, and then can invoke other packages, such as SpamAssassin (http spamassassin.apache.org), another package that does an even better job of spam detection, and ClamAV (www.clamav.net), which is an excellent open source antivirus package. All that remains to do now is to integrate these packages and Postfix. At this point, you may be wondering why you should bother with an antivirus package on Linux because Linux systems are essentially virus-free. I suggest...
So with all this talk about Linux's great security, you may wonder whether you need to bother worrying about it at all. Well, if you take a look at the Ubuntu forums, you might find yourself a bit confused. When asked whether Linux users need to install antivirus software or firewalls, most users answer with an emphatic no. On the other hand, you'll find that there are an awful lot of people out there who have installed or are trying to install that software. Hmmm. If you are on a network where you transfer a lot of files among a lot of Windows machines, you might want to think about installing some antivirus software, if for nothing more than the good of the Windows systems involved and the users of those systems your unenlightened (i.e., Windows-using) email pals, for example. You might also want to give it a go if you are, by nature, on the cautious side of the spectrum. Basically, if it makes you feel safer to install some protection, go ahead. If it makes you feel safer to go...
Though not necessarily specific to a firewall, firewalls many times find themselves performing additional tasks, some of which might include Network Address Translation (NAT), antivirus checking, event notification, URL filtering, user authentication, and Network-layer encryption.
In the Connection type box you can see in Figure 16-6, select the connection type used on your server. In most cases, it will be a permanent connection. Since the AMaViS antivirus program is included with SUSE Linux Enterprise Server, I recommend always selecting the option Enable Virus Scanning as well.
In recent years, malware authors have elevated the stakes in computer security. With a rich target environment provided primarily by unpatched Windows systems with broadband connectivity to the Internet, the damaging effects of malware designed specifically to gather financial and other personal data can be enormous. The Dumador trojan is malware that contains both a keylogger (for collecting and transmitting sensitive information typed on a keyboard back to an attacker), and a backdoor server that listens on ports 9125 and 64972. The Bleeding Snort ruleset contains a signature designed to detect when the Dumador trojan attempts to send information back to an attacker via a web session, as shown here
MIMEDefang is a generic filter that allows usage of arbitrary programs for tagging SPAM and blocking viruses. You can use commercial antivirus software and Spamassassin along with it for performing both tasks. It only works with the libmilter API. In the same fashion Amavis (more specifically amavisd-new) is a generic virus scanner that also allows you to use your favorite antivirus software and Spamassassin. Unlike MIMEDefang, Amavis is more generic and supports various mail servers. For thorough auditing of your antivirus implementation, you should always make sure that simple archiving of infected binaries is not going to fool your antivirus software.
Fortunately, browser exploits and email attachment malware mostly affect Windows users, and therefore the programs they try to install on a Linux computer will fail. But you must still be cautious about what you download, as you never know whether someone will succeed in writing a malicious program that exploits Ubuntu and other versions of Linux.
The chief problem with VMware is its resource hogginess. Even with a powerful machine with a fast processor and lots of memory, it is difficult to multitask with VMware running. The target audience for VMware primarily consists of cross-platform software developers and testers, along with system administrators. Developers can test their products on a single machine running Red Hat, Fedora Core, SUSE Linux, Novell NetWare, or any and all varieties of Wndows. The system administrator can run tests to see what effect the latest Windows Service Pack or antivirus upgrade would have on their system.
One of the main tasks for many Windows administrators is keeping Windows patched and updated in order to protect clients from the many spyware and malware attacks perpetrated against hapless Windows machines on a daily basis. As mentioned, VDS offers a single instance of Windows to patch and upgrade, which not only takes less time, but also offers more simplicity than staging patches throughout the organization. Further, because the end users' environment is a product of a combination of the master Windows image and their own locally stored settings, simply logging off and logging back in refreshes their session with the master image and thus eliminates any running malware or spyware in their session. how much damage can spyware, malware or a virus do That's a good question, but consider what can happen if your master image contains malware or a virus. Lock it down, now (Figure 3).
A reboot may be a sign of an attempt to load a Trojaned service or driver. Reboots may also occur due to cracking tools or malware that's buggy or incompatible with your system. On Linux systems, reboots are logged by syslog. On Windows systems, reboots appear in the Event Viewer under the System event log.
In addition to Linux, many netbook computers come with Windows preinstalled. You may wonder why you should bother switching to Linux. There are a few compelling reasons to do so, and they come down to one word freedom. You should also consider the practical reasons, such as having an OS that isn't susceptible to malware and is much more up to date than Windows XP, which dates back to 2001.
You can specify commands or executable files to be automatically executed before and after the backup procedure. For example, you may want to remove some tmp files from the disk before starting backup or configure a third-party antivirus product to be started each time before the backup starts. Click Edit to open the Edit Command window where you can easily input the command, its arguments and working directory or browse folders to find an executable file.
ADLINK Technology has just beefed up your options for network security, adding the ALS-3206 Rackmount Network Security Platform to its solutions palette. The ALS-3206 series is billed as a flexible, mid-range, cost-effective solution for IDS, IPS, UTM, firewall, VPN gateway, load balancing and traffic-mining applications. The line further supports several Intel processors and chipsets and provides six gigabit Ethernet ports, one PCI extension slot and two configurable PCI-X slots. One of the PCI-X extension slots can be configured to extend a four-port gigabit Ethernet card and the other to extend a network security accelerator. This combination of features is suited, says ADLINK, for antivirus software security, content security and PKI software applications. www.adlinktech.com
Furthermore, the bigger domain URL blacklists frequently include categories for malware, phishing and other Web site categories that do, in fact, have direct security ramifications. For example, the free Shalla's Blacklists include more than 27,600 known sources of spyware
3Actually, there is an installer package for the F-prot antivirus, which is non-free but gratis for home users, called f-prot-installer. This installer, however, just downloads F-prot's software (http www.f-prot. com products home_use linux ) and installs it in the system.
Load balancers, and antivirus systems. This generally leaves a large, gooey, black hole in the network where all security goes to die. Ironically, this black hole is where the organization's most security-unaware employees are located, and instead of playing Solitaire like in the good old days, these people are surfing the Internet looking for all of the latest and greatest websites, which leaves them open to client-side attacks, such as those just described. This allows an attacker to gain a foothold on your internal network, generally allowing him or her to compromise the entire environment.
One of the largest issues with email today is the problem of Unsolicited Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses and other forms of malware. According to some reports these messages make up the bulk of all email traffic on the Internet. Amavisd-new is a wrapper program that can call any number of content filtering programs for spam detection, antivirus, etc. ClamAV is an open source antivirus application.
The usual strategy with this malicious redirection is to use a URL that's visually very similar to the legitimate one (i.e., www.bank-one.com instead of www.bankone.com), hoping the victim won't notice. Another widely used technique displays the original bank's web page but, in fact, redirects to the attacker's site, for example,
The signature verification fails if headers are rearranged or the body of the message is altered, a common scenario for all mailing list software (which typically adds a footer at the end of every message) and anti-SPAM antivirus filters that add custom headers. Message body conversion and line wrapping can also constitute a problem. The proposed solution is that mailing list software should re-sign the message when sending it, while anti-SPAM and antivirus filters should parse the message after
All antivirus programs are prone to false positives identifying files as containing viruses when they don't. To guard against this, should ClamAV report what it thinks is an infected file, search Google, specifying the name of the file and the name of the virus. If one or more people have encountered a similar result, that can help identify a false alarm.
Many a Windows user has entered the Linux fold after a host of bad experiences with malware in the Windows world viruses, spyware, and all sorts of other malicious bits of software code, too numerous to imagine. Windows is also plagued by a seemingly endless array of security Fortunately, Linux does not suffer greatly from such problems, leading to the much-touted claim that Linux is practically virus free and quite secure. There are numerous lines of reasoning proffered to explain Linux's malware-and exploit-resistant nature. One reason is simply popularity or lack thereof. As Linux is not as widespread a system as Windows is, it is also a much less attractive target of digital evil-doers, who very often seem to be motivated by the challenge and headline-catching glory that comes with creating a truly global virus or finding a theretofore unknown back door. Another reason is that Linux users, as a general rule, work on their computers in a non-privilege mode, one in which the user...
Chances are good that your ISP offers at least some form of Usenet access. Contact them to find out the address of their Usenet server and the newsgroups they offer (also called their newsfeed). Many ISPs are selective in the content of their feed, especially when it comes to the alt groups. These are often seen as the seedier virtual neighborhoods, with pirated software, malware, and less-than-family-friendly text and images abounding. If there is a particular group you're looking for, and it's not included, it can often be added on request.
Click Finish to complete your configuration of sendmail. If you enabled antivirus scanning and the AMaViS package is not already installed, YaST will prompt you for the appropriate CD or DVD media at this point. If this is the case, insert the appropriate media and wait for the installation to complete.
Clam Antivirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam Antivirus package, which you can use with your own software. Most importantly, the virus database is kept up to date . Quoted from the Clam Antivirus website at http www.ClamA V.net
As with antivirus or IP fingerprinting programs, a scanner is only as good as its database of vulnerabilities. If the Nessus database could never be updated, the application would be worse than useless, because the old information would lull you into a false sense of security. Fortunately, the Nessus project has been quite active, and it has a good record for providing regular plug-in updates. Some of the plug-ins are written by Nessus developers however, the majority are donated by Nessus users.