On-access antivirus options

[JonMikelV]

I've slowly been migrating friends and family to LinuxLite as their Windows (mostly XP) machines fail - most of the time this is due to OS issues caused by spyware, adware, viruses, etc.  It's been going great so far, but now I've run into a situation where I'm moving a user over that historically very much needs an anti-virus solution in place.

So I'm wondering if anybody has suggestions for an on-access (or better, on-write) scanner what will work with LL 3.2.  I've tried the following so far:

• Sophos (couldn't figure out how to get it it to work - plus it took a ton of memory
  
• Comodo (couldn't get it to update due to Application Agent not running)
  
• ClamAV (doesn't support on-access)
  

I'd prefer to get Comodo working, but it seems to have some issues building the RedirFS kernel modules for real-time protection in certain kernels - with the specific error being:

dereferencing pointer to incomplete type ‘struct nameidata’
  path_put(&nd->path);

My fallback so far is ClamAV with a daily scan - but even that isn't great because it seems to only be able to schedule for a specfiic time, and this user shuts their box down when not in use so it could be days or weeks between ACTUAL scans.  So I guess a secondary question is:

• Can I tell ClamAV to run at OR FIRST CHANCE AFTER a specific time?
  

And finally, I'd love to find something that's free or not subscription based (mainly because this user isn't going to pay for it, and I don't want to have to do it for them) - but if that's not viable, what paid options have people used that actually work for them?

Thanks!

[LL-user]

Hi JonMikeIV,

For the scheduling I recommend to have a look at anacron. It's specifically made for machines not running 24/7 but need jobs run on a regular basis (daily, weekly, monthly).

Further information about anacron:

https://www.ibm.com/developerworks/library/l-anacron/

http://www.nextstep4it.com/anacron-and-u...-in-linux/

http://www.stevenmaude.co.uk/posts/ensur...bs-are-run


For the choice of the AV product itself you might want to have a look at these articles:

http://www.networkworld.com/article/2989...lware.html

https://www.av-test.org/en/news/news-sin...-the-test/

Hope that helps

[JonMikelV]

Thanks for your response LL-user.

I went to the AV product choice URLs you provided but they looked kinda familiar so I think that's where I got my initial list of options in the first place. :-)

However anacron looks like just what I need for Clam-AV and grabbing it along with Clam-TK from "Install/Remove Software" is much easier than installing Sophos or Comodo.  I might also take a look at fcron, which I bumped into from a comment on an anacron forum.  :-)

I did go back and re-visit Sophos as it was still installed on my machine.  After using an eicar.org test file I was able to confirm it was actually doing on-demand scanning, so that turns out to be a valid option for me as well.  I just have to get used to it being command-line based - too many years in the Windows world has me wanting a GUI!

Here's to hoping I'll never have to actually interact with either option!