+- Linux Lite Forums (https://www.freecinema2022.gq/forums)
+-- Forum: Software - Support (https://www.freecinema2022.gq/forums/forumdisplay.php?fid=5)
+--- Forum: Other (https://www.freecinema2022.gq/forums/forumdisplay.php?fid=20)
+--- Thread: On-access antivirus options (/showthread.php?tid=3755)
On-access antivirus options - JonMikelV - 02-15-2017
I've slowly been migrating friends and family to LinuxLite as their Windows (mostly XP) machines fail - most of the time this is due to OS issues caused by spyware, adware, viruses, etc. It's been going great so far, but now I've run into a situation where I'm moving a user over that historically very much needs an anti-virus solution in place.
So I'm wondering if anybody has suggestions for an on-access (or better, on-write) scanner what will work with LL 3.2. I've tried the following so far:
- Sophos (couldn't figure out how to get it it to work - plus it took a ton of memory
- Comodo (couldn't get it to update due to Application Agent not running)
- ClamAV (doesn't support on-access)
I'd prefer to get Comodo working, but it seems to have some issues building the RedirFS kernel modules for real-time protection in certain kernels - with the specific error being:
Quote:dereferencing pointer to incomplete type ‘struct nameidata’
path_put(&nd->path);
My fallback so far is ClamAV with a daily scan - but even that isn't great because it seems to only be able to schedule for a specfiic time, and this user shuts their box down when not in use so it could be days or weeks between ACTUAL scans. So I guess a secondary question is:
- Can I tell ClamAV to run at OR FIRST CHANCE AFTER a specific time?
And finally, I'd love to find something that's free or not subscription based (mainly because this user isn't going to pay for it, and I don't want to have to do it for them) - but if that's not viable, what paid options have people used that actually work for them?
Thanks!
Re: On-access antivirus options - LL-user - 02-16-2017
Hi JonMikeIV,
For the scheduling I recommend to have a look at anacron. It's specifically made for machines not running 24/7 but need jobs run on a regular basis (daily, weekly, monthly).
Further information about anacron:
https://www.ibm.com/developerworks/library/l-anacron/
http://www.nextstep4it.com/anacron-and-usage-of-anacron-in-linux/
http://www.stevenmaude.co.uk/posts/ensuring-scheduled-cron-jobs-are-run
For the choice of the AV product itself you might want to have a look at these articles:
http://www.networkworld.com/article/2989137/linux/av-test-lab-tests-16-linux-antivirus-products-against-windows-and-linux-malware.html
https://www.av-test.org/en/news/news-single-view/linux-16-security-packages-against-windows-and-linux-malware-put-to-the-test/
Hope that helps
Re: On-access antivirus options - JonMikelV - 02-21-2017
Thanks for your response LL-user.
I went to the AV product choice URLs you provided but they looked kinda familiar so I think that's where I got my initial list of options in the first place. :-)
However anacron looks like just what I need for Clam-AV and grabbing it along with Clam-TK from "Install/Remove Software" is much easier than installing Sophos or Comodo. I might also take a look at fcron, which I bumped into from a comment on an anacron forum. :-)
I did go back and re-visit Sophos as it was still installed on my machine. After using an eicar.org test file I was able to confirm it was actually doing on-demand scanning, so that turns out to be a valid option for me as well. I just have to get used to it being command-line based - too many years in the Windows world has me wanting a GUI!
Here's to hoping I'll never have to actually interact with either option!