Security Portal: Linux Virus Scanners: Common ProblemsOct 03, 2000, 08:39 (2 Talkback[s])
(Other stories by Kurt Seifried)
"So, we've covered Virus scanning for Linux in general, as well as where to place the scanning software. Even if you do all that perfectly, though, you can still run into problems."
"Software being disabled, intentionally or accidentally, is a problem. Sometimes users will simply start right-clicking on stuff in the taskbar to free up memory, or do a ps listing and kill off commands that don't look critical. Sometimes software just stops working (i.e. fails to start at boot time), or is not called properly by a helper program such as AMaViS, which scans email...."
"Viruses that bypass software are another problem. If you install an antivirus firewall, and scan all traffic to and from the Internet, it is still possible for users to slip a virus in (intentionally or not). The simplest problem would be an SSL-based Website. The virus scanner can't scan encrypted content, so the virus will get past. Encrypted email is another example of this problem. If you have a dial-in pool of modems, you'd better make sure there is virus scanning software in between them and the network. (Having a firewall in between is also a good idea, preferably one that requires authentication). If users are allowed to use removable media (floppy disks, CD-ROMs, zip disks, etc.), they can inadvertently introduce a virus onto the network."